Hi Kai, Questions relating to CXF should go to the CXF users list. I took a quick look and it looks like a bug in CXF, that policies placed at bus level are not being registered (for WS-Security). Could you file a JIRA (in CXF?).
Colm. On Sun, Jul 10, 2016 at 11:30 AM, Kai Rommel <krommel2...@googlemail.com> wrote: > Hello Colm, > > I configured WSS successfully via the WSS interceptors. Now my plan was to > switch to policies and it does not work out. > > I am using an .xml to configure the cxf bus (configuring WSRM via the .xml > works fine.) > The bus config within the .xml looks like this: > > <cxf:bus> > > <cxf:features> > > <cxf:logging /> > > <p:policies enabled="true"> > > <wsp:Policy wsu:Id="Asymmetric124" > > xmlns:wsu=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd > " > > xmlns:wsp="http://www.w3.org/ns/ws-policy";> > > <wsp:ExactlyOne> > > <wsp:All> > > <sp:AsymmetricBinding > > xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";> > > <wsp:Policy> > > <sp:InitiatorToken> > > <wsp:Policy> > > <sp:X509Token > > sp:IncludeToken=" > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient > "> > > <wsp:Policy> > > <sp:WssX509V3Token10 /> > > </wsp:Policy> > > </sp:X509Token> > > </wsp:Policy> > > </sp:InitiatorToken> > > <sp:RecipientToken> > > <wsp:Policy> > > <sp:X509Token > > sp:IncludeToken=" > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never > "> > > <wsp:Policy> > > <sp:WssX509V3Token10 /> > > </wsp:Policy> > > </sp:X509Token> > > </wsp:Policy> > > </sp:RecipientToken> > > <sp:Layout> > > <wsp:Policy> > > <sp:Lax /> > > </wsp:Policy> > > </sp:Layout> > > <sp:IncludeTimestamp /> > > <sp:OnlySignEntireHeadersAndBody /> > > <sp:AlgorithmSuite> > > <wsp:Policy> > > <sp:Basic128 /> > > </wsp:Policy> > > </sp:AlgorithmSuite> > > </wsp:Policy> > > </sp:AsymmetricBinding> > > <sp:SignedParts > > xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";> > > <sp:Body /> > > <sp:Header Name="To" > > Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"; /> > > <sp:Header Name="From" > > Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"; /> > > <sp:Header Name="FaultTo" > > Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"; /> > > <sp:Header Name="MessageID" > > Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"; /> > > <sp:Header Name="RelatesTo" > > Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"; /> > > <sp:Header Name="Action" > > Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"; /> > > <sp:Header Name="Timestamp" > > Namespace=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd > " /> > > </sp:SignedParts> > > <sp:EncryptedParts > > xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"; > > xmlns:sapsp="http://www.sap.com/webas/630/soap/features/security/policy"; > > xmlns:wsa="http://www.w3.org/2005/08/addressing"; xmlns:wst=" > http://docs.oasis-open.org/ws-sx/ws-trust/200512"; > > xmlns:wsu="http://schemas.xmlsoap.org/ws/2002/07/utility"; > > xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex";> > > <sp:Body /> > > <sp:Attachments /> > > </sp:EncryptedParts> > > </wsp:All> > > </wsp:ExactlyOne> > > </wsp:Policy> > > </p:policies> > > </cxf:features> > > </cxf:bus> > > Within the .java class I am loading the config: > > SpringBusFactory bf = new SpringBusFactory(); > > URL busFile = ClientWSSviaPolicies.class.getResource( > "clientWSSviaPoliciesWithAtt_WSRM.xml"); > > Bus bus = bf.createBus(busFile.toString()); > > > > BusFactory.setDefaultBus(bus); > plus I am setting the needed properties > > ((BindingProvider)port).getRequestContext().put( > "ws-security.username", "wss"); > > ((BindingProvider)port).getRequestContext().put( > "ws-security.callback-handler", "demo.ws_rm.client.CallBack"); > > ((BindingProvider)port).getRequestContext().put( > "ws-security.signature.username", "wss"); > > ((BindingProvider)port).getRequestContext().put( > "ws-security.signature.properties", "jks/client.properties"); > > ((BindingProvider)port).getRequestContext().put( > "ws-security.encryption.username", "wss"); > > ((BindingProvider)port).getRequestContext().put( > "ws-security.encryption.properties", "jks/client.properties"); > > > But the message which my client creates, is not signed nor encrypted. > > I search for samples, but I did not find a helpful one. I saw some > examples with an wsdl containing the policies, but I wanted to set the > policy via the bus. > > Can you give me a hint what I have done wrong? > > Thanks. > > Best regards > > Kai > > > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
