Ok, thanks, I will use 3.3 example client to test the service on SMX4. My understanding about the wss4j interceptor is that it does include SAAJInInterceptor implicitly, in the version included in SMX4. correct me if i am wrong.
Another question I had is why I needed to copy the bundle version of the saaj impl while the lib version is already included in the SA/SU packaging. Thanks! Freeman Fang wrote: > > Some more questions > May I ask how would you know the request message is correct one? Do you > ever test it in SMX 3.x? > If not, what I can suggest here first is > write your testcase based on cxf-ws-security demo shipped with FUSE > ESB(which is based on Apache Servicemix, you can find the latest > releasedkit from [1]) > write a java client which can work with SAs you deployed in SMX3, like > we do in cxf-ws-security, and dump the onwire soap request message, so > that you know the request message is correct. > Ensure the testcase working in SMX3 is a good start to porting it in SMX4 > Btw, your testcase seems miss > org.apache.cxf.binding.soap.saaj.SAAJInInterceptor, which is necessary > when use ws-security > [1]http://repo.open.iona.com/maven2/org/apache/servicemix/apache-servicemix/3.3.1.17-fuse/ > > Thanks > Freeman > > saravanan.t wrote: >> Please see attached. I have upated the readme file to reflect the changes >> I >> made, added the saaj-impl bundle. >> >> >> >> Freeman Fang wrote: >> >>> Hi, >>> I assume your test is based on the cxf-ws-security demo from FUSE ESB >>> kit, right? >>> Would you please send your testcase(with a README) to me and I can do a >>> quick test. >>> Freeman >>> >>> saravanan.t wrote: >>> >>>> This is my client request: >>>> >>>> <soapenv:Envelope >>>> xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"; >>>> xmlns:typ="http://servicemix.apache.org/samples/wsdl-first/types";> >>>> <soapenv:Header> >>>> <wsse:Security soapenv:mustUnderstand="1" >>>> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";> >>>> <wsse:UsernameToken wsu:Id="UsernameToken-21566635" >>>> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";> >>>> <wsse:Username>smx</wsse:Username> >>>> <wsse:Password >>>> Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest";>nLk0R9C8jmaHBMwFq74GuweJbQs=</wsse:Password> >>>> </wsse:UsernameToken> >>>> </wsse:Security> >>>> </soapenv:Header> >>>> <soapenv:Body> >>>> <typ:GetPerson> >>>> <typ:personId>1</typ:personId> >>>> </typ:GetPerson> >>>> </soapenv:Body> >>>> </soapenv:Envelope> >>>> >>>> The password is the same as the one on users.properties file. Is this >>>> correct? >>>> >>>> I also noticed this: >>>> >>>> java.lang.NoClassDefFoundError: org/opensaml/SAMLException >>>> >>>> only on the console! >>>> >>>> I also realised that wss4j bundle imports org.opensaml optionally. Do i >>>> need >>>> this saml bundle..? I cannot seem to find that bundle from smx repo >>>> though. >>>> >>>> >>>> Freeman Fang wrote: >>>> >>>> >>>>> The error shows client request can't be authenticated correctly. >>>>> How you send client request? >>>>> >>>>> saravanan.t wrote: >>>>> >>>>> >>>>>> packaging the saaj.impl jar inside the cxf-bc su didn't help. when i >>>>>> tried >>>>>> copying the org.apache.servicemix.bundles.saaj-impl-1.3_1.jar bundle >>>>>> into >>>>>> the deploy folder, i got this fault: >>>>>> >>>>>> <soap:Envelope >>>>>> xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";> >>>>>> <soap:Body> >>>>>> <soap:Fault> >>>>>> <faultcode >>>>>> xmlns:ns1="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";>ns1:InvalidSecurity</faultcode> >>>>>> <faultstring>An error was discovered processing the >>>>>> <wsse:Security> header</faultstring> >>>>>> </soap:Fault> >>>>>> </soap:Body> >>>>>> </soap:Envelope> >>>>>> >>>>>> >>>>>> >>>>>> Freeman Fang wrote: >>>>>> >>>>>> >>>>>> >>>>>>> quick question: >>>>>>> Do you have saaj-impl bundle installed already? >>>>>>> Freeman >>>>>>> saravanan.t wrote: >>>>>>> >>>>>>> >>>>>>> >>>>>>>> Thanks for your quick response! >>>>>>>> >>>>>>>> I did try adding the dependency on saaj in cxfbc-su pom like this: >>>>>>>> >>>>>>>> <dependency> >>>>>>>> <groupId>com.sun.xml</groupId> >>>>>>>> <artifactId>saaj-impl</artifactId> >>>>>>>> <version>1.3</version> >>>>>>>> </dependency> >>>>>>>> >>>>>>>> I could see the saaj-impl jar file in that su zip file. >>>>>>>> >>>>>>>> But, i still seem to get the same error. is it with the version? >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> Freeman Fang wrote: >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>> Hi, >>>>>>>>> Seems your consumer su miss saaj-impl dependency. >>>>>>>>> Freeman >>>>>>>>> >>>>>>>>> saravanan.t wrote: >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>>> Hello, >>>>>>>>>> >>>>>>>>>> I have been playing with SMX4 for few days now and I started >>>>>>>>>> liking >>>>>>>>>> it >>>>>>>>>> already, as it nicely integrates the best 3 things: spring, osgi >>>>>>>>>> & >>>>>>>>>> JBI >>>>>>>>>> (in >>>>>>>>>> addition to Camel/AMQ/CXF and others). >>>>>>>>>> >>>>>>>>>> Thanks to you guys for a great job! >>>>>>>>>> >>>>>>>>>> The question I had is related to enabling ws-security to a >>>>>>>>>> service >>>>>>>>>> on >>>>>>>>>> CXF. >>>>>>>>>> To understand this, I thought it is good to take the shipped >>>>>>>>>> cxf-wsdl-first >>>>>>>>>> example and try to make it ws-security enabled by: >>>>>>>>>> >>>>>>>>>> adding WSS4J interceptor on cxf-bc su: >>>>>>>>>> >>>>>>>>>> <code> >>>>>>>>>> <beans xmlns:cxfbc="http://servicemix.apache.org/cxfbc/1.0"; >>>>>>>>>> >>>>>>>>>> xmlns:person="http://servicemix.apache.org/samples/wsdl-first";> >>>>>>>>>> >>>>>>>>>> <cxfbc:consumer wsdl="classpath:person.wsdl" >>>>>>>>>> targetService="person:PersonService" >>>>>>>>>> targetInterface="person:Person"> >>>>>>>>>> <!-- WS-Security interceptors --> >>>>>>>>>> <cxfbc:inInterceptors> >>>>>>>>>> <ref bean="wss4jin"/> >>>>>>>>>> </cxfbc:inInterceptors> >>>>>>>>>> </cxfbc:consumer> >>>>>>>>>> >>>>>>>>>> <bean >>>>>>>>>> class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor" >>>>>>>>>> id="wss4jin"> >>>>>>>>>> <constructor-arg> >>>>>>>>>> <map> >>>>>>>>>> <entry key="action" value="UsernameToken"/> >>>>>>>>>> >>>>>>>>>> <entry key="passwordType" >>>>>>>>>> value="PasswordDigest" /> >>>>>>>>>> <entry key="passwordCallbackClass" >>>>>>>>>> >>>>>>>>>> value="org.apache.servicemix.samples.wsdl_first.ServerPasswordCallback"/> >>>>>>>>>> </map> >>>>>>>>>> </constructor-arg> >>>>>>>>>> </bean> >>>>>>>>>> >>>>>>>>>> </beans> >>>>>>>>>> </code> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> and then testing it on soap-ui client with: >>>>>>>>>> >>>>>>>>>> <code> >>>>>>>>>> <soapenv:Envelope >>>>>>>>>> xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"; >>>>>>>>>> xmlns:typ="http://servicemix.apache.org/samples/wsdl-first/types";> >>>>>>>>>> <soapenv:Header><wsse:Security >>>>>>>>>> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";><wsse:UsernameToken >>>>>>>>>> wsu:Id="UsernameToken-2956574" >>>>>>>>>> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";><wsse:Username>smx</wsse:Username><wsse:Password >>>>>>>>>> Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest";>7vBUrC3FJYywtWp2S9t6RKgT0GQ=</wsse:Password><wsse:Nonce>XCTIgEZbX0l9qJQl2nXEkg==</wsse:Nonce><wsu:Created>2009-04-14T11:03:09.342Z</wsu:Created></wsse:UsernameToken></wsse:Security></soapenv:Header> >>>>>>>>>> <soapenv:Body> >>>>>>>>>> <typ:GetPerson> >>>>>>>>>> <typ:personId>1</typ:personId> >>>>>>>>>> </typ:GetPerson> >>>>>>>>>> </soapenv:Body> >>>>>>>>>> </soapenv:Envelope> >>>>>>>>>> </code> >>>>>>>>>> >>>>>>>>>> but the response is: >>>>>>>>>> >>>>>>>>>> <code> >>>>>>>>>> <faultcode>soap:Client</faultcode> >>>>>>>>>> <faultstring>Problems creating SAAJ object >>>>>>>>>> model</faultstring> >>>>>>>>>> </code> >>>>>>>>>> >>>>>>>>>> Any idea what i am missing...? >>>>>>>>>> >>>>>>>>>> Thanks! >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>> -- >>>>>>>>> Freeman Fang >>>>>>>>> ------------------------ >>>>>>>>> Open Source SOA: http://fusesource.com >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> -- >>>>>>> Freeman Fang >>>>>>> ------------------------ >>>>>>> Open Source SOA: http://fusesource.com >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> >>>>> -- >>>>> Freeman Fang >>>>> ------------------------ >>>>> Open Source SOA: http://fusesource.com >>>>> >>>>> >>>>> >>>>> >>>>> >>>> >>>> >>> -- >>> Freeman Fang >>> ------------------------ >>> Open Source SOA: http://fusesource.com >>> >>> >>> >>> >> http://www.nabble.com/file/p23055692/cxf-wsdl-first.rar >> cxf-wsdl-first.rar >> > > > -- > Freeman Fang > ------------------------ > Open Source SOA: http://fusesource.com > > > -- View this message in context: http://www.nabble.com/SMX4-and-WS-Security-tp23037639p23070625.html Sent from the ServiceMix - User mailing list archive at Nabble.com.
