altering wsse security header

[Ted Roeloffzen <te...@gmail.com>]

Hi All,

I'm still trying to figure out CXF and WSSE.
At this point, sending a message to the server works fine, aside from the
timestamp not being correct.
But the return message gives a exception.
I get the exception that there is no EncodingType, or at least it says that
the EncodingType is "".
When I look at the message I'm getting there is no EncodingType in the
BinarySecurityToken-element. Is it mandatory for CXF to have an
EncodingType here?

If so, how can I programmaticaly alter the WSSE-securityheader and insert
this property?

kind regards,

Ted

Re: altering wsse security header

[Colm O hEigeartaigh <co...@apache.org>]

You need to do something like:

((BindingProvider)port).getResponseContext().put(SecurityConstants.IS_BSP_COMPLIANT,
"false");

Colm.


On Wed, Aug 14, 2013 at 11:16 AM, Ted Roeloffzen
<te...@gmail.com>wrote:

> Okay, i thought i had to configure the property in the WSS4JInInterceptor.
> If i were to do that, I would have to configure the entire security-policy
> in that interceptor?
>
> I am, however, using the WS-SecurityPolicy, but I'm creating the client
> throught the API and i can't seem to figure out how to set the JAX-WS
> properties in that way.
>
> Ted
>
>
> 2013/8/14 Colm O hEigeartaigh <co...@apache.org>
>
> > I'm not sure what you mean by having to "configure everything by hand".
> If
> > you are using WS-SecurityPolicy simply set that property to false as a
> > JAX-WS property. If you are using WSS4JInInterceptor on its own, then the
> > value is "isBSPCompliant":
> >
> > http://ws.apache.org/wss4j/config.html
> >
> > Colm.
> >
> >
> > On Wed, Aug 14, 2013 at 11:05 AM, Ted Roeloffzen
> > <te...@gmail.com>wrote:
> >
> > > HI,
> > >
> > > I'm not creating the message without EncodingType, the service that I'm
> > > calling is doing that.
> > > Unfortunately I have no control over that service, that is why I have
> to
> > > work around it.
> > >
> > > I assume that I can set this property in the WSS4JInterceptor, but how
> > can
> > > i set just this property without having to configure everything by
> hand?
> > >
> > > kind regards,
> > >
> > > Ted
> > >
> > >
> > > 2013/8/14 Colm O hEigeartaigh <co...@apache.org>
> > >
> > > > The EncodingType is mandatory according to the Basic Security Profile
> > > > specification. You can disable validation of an incoming message
> > against
> > > > this specification by setting the property
> > "ws-security.is-bsp-compliant"
> > > > to "false". See here for more details:
> > > >
> > > > http://cxf.apache.org/docs/ws-securitypolicy.html
> > > >
> > > > How are you creating the message that it is not putting in an
> > > > "EncodingType"? Could you attach your configuration + the resulting
> > > > message?
> > > >
> > > > Colm.
> > > >
> > > >
> > > > On Wed, Aug 14, 2013 at 10:42 AM, Ted Roeloffzen
> > > > <te...@gmail.com>wrote:
> > > >
> > > > > Hi All,
> > > > >
> > > > > I'm still trying to figure out CXF and WSSE.
> > > > > At this point, sending a message to the server works fine, aside
> from
> > > the
> > > > > timestamp not being correct.
> > > > > But the return message gives a exception.
> > > > > I get the exception that there is no EncodingType, or at least it
> > says
> > > > that
> > > > > the EncodingType is "".
> > > > > When I look at the message I'm getting there is no EncodingType in
> > the
> > > > > BinarySecurityToken-element. Is it mandatory for CXF to have an
> > > > > EncodingType here?
> > > > >
> > > > > If so, how can I programmaticaly alter the WSSE-securityheader and
> > > insert
> > > > > this property?
> > > > >
> > > > > kind regards,
> > > > >
> > > > > Ted
> > > > >
> > > >
> > > >
> > > >
> > > > --
> > > > Colm O hEigeartaigh
> > > >
> > > > Talend Community Coder
> > > > http://coders.talend.com
> > > >
> > >
> >
> >
> >
> > --
> > Colm O hEigeartaigh
> >
> > Talend Community Coder
> > http://coders.talend.com
> >
>



-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

Re: altering wsse security header

[Ted Roeloffzen <te...@gmail.com>]

Okay, i thought i had to configure the property in the WSS4JInInterceptor.
If i were to do that, I would have to configure the entire security-policy
in that interceptor?

I am, however, using the WS-SecurityPolicy, but I'm creating the client
throught the API and i can't seem to figure out how to set the JAX-WS
properties in that way.

Ted


2013/8/14 Colm O hEigeartaigh <co...@apache.org>

> I'm not sure what you mean by having to "configure everything by hand". If
> you are using WS-SecurityPolicy simply set that property to false as a
> JAX-WS property. If you are using WSS4JInInterceptor on its own, then the
> value is "isBSPCompliant":
>
> http://ws.apache.org/wss4j/config.html
>
> Colm.
>
>
> On Wed, Aug 14, 2013 at 11:05 AM, Ted Roeloffzen
> <te...@gmail.com>wrote:
>
> > HI,
> >
> > I'm not creating the message without EncodingType, the service that I'm
> > calling is doing that.
> > Unfortunately I have no control over that service, that is why I have to
> > work around it.
> >
> > I assume that I can set this property in the WSS4JInterceptor, but how
> can
> > i set just this property without having to configure everything by hand?
> >
> > kind regards,
> >
> > Ted
> >
> >
> > 2013/8/14 Colm O hEigeartaigh <co...@apache.org>
> >
> > > The EncodingType is mandatory according to the Basic Security Profile
> > > specification. You can disable validation of an incoming message
> against
> > > this specification by setting the property
> "ws-security.is-bsp-compliant"
> > > to "false". See here for more details:
> > >
> > > http://cxf.apache.org/docs/ws-securitypolicy.html
> > >
> > > How are you creating the message that it is not putting in an
> > > "EncodingType"? Could you attach your configuration + the resulting
> > > message?
> > >
> > > Colm.
> > >
> > >
> > > On Wed, Aug 14, 2013 at 10:42 AM, Ted Roeloffzen
> > > <te...@gmail.com>wrote:
> > >
> > > > Hi All,
> > > >
> > > > I'm still trying to figure out CXF and WSSE.
> > > > At this point, sending a message to the server works fine, aside from
> > the
> > > > timestamp not being correct.
> > > > But the return message gives a exception.
> > > > I get the exception that there is no EncodingType, or at least it
> says
> > > that
> > > > the EncodingType is "".
> > > > When I look at the message I'm getting there is no EncodingType in
> the
> > > > BinarySecurityToken-element. Is it mandatory for CXF to have an
> > > > EncodingType here?
> > > >
> > > > If so, how can I programmaticaly alter the WSSE-securityheader and
> > insert
> > > > this property?
> > > >
> > > > kind regards,
> > > >
> > > > Ted
> > > >
> > >
> > >
> > >
> > > --
> > > Colm O hEigeartaigh
> > >
> > > Talend Community Coder
> > > http://coders.talend.com
> > >
> >
>
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>

Re: altering wsse security header

[Colm O hEigeartaigh <co...@apache.org>]

I'm not sure what you mean by having to "configure everything by hand". If
you are using WS-SecurityPolicy simply set that property to false as a
JAX-WS property. If you are using WSS4JInInterceptor on its own, then the
value is "isBSPCompliant":

http://ws.apache.org/wss4j/config.html

Colm.


On Wed, Aug 14, 2013 at 11:05 AM, Ted Roeloffzen
<te...@gmail.com>wrote:

> HI,
>
> I'm not creating the message without EncodingType, the service that I'm
> calling is doing that.
> Unfortunately I have no control over that service, that is why I have to
> work around it.
>
> I assume that I can set this property in the WSS4JInterceptor, but how can
> i set just this property without having to configure everything by hand?
>
> kind regards,
>
> Ted
>
>
> 2013/8/14 Colm O hEigeartaigh <co...@apache.org>
>
> > The EncodingType is mandatory according to the Basic Security Profile
> > specification. You can disable validation of an incoming message against
> > this specification by setting the property "ws-security.is-bsp-compliant"
> > to "false". See here for more details:
> >
> > http://cxf.apache.org/docs/ws-securitypolicy.html
> >
> > How are you creating the message that it is not putting in an
> > "EncodingType"? Could you attach your configuration + the resulting
> > message?
> >
> > Colm.
> >
> >
> > On Wed, Aug 14, 2013 at 10:42 AM, Ted Roeloffzen
> > <te...@gmail.com>wrote:
> >
> > > Hi All,
> > >
> > > I'm still trying to figure out CXF and WSSE.
> > > At this point, sending a message to the server works fine, aside from
> the
> > > timestamp not being correct.
> > > But the return message gives a exception.
> > > I get the exception that there is no EncodingType, or at least it says
> > that
> > > the EncodingType is "".
> > > When I look at the message I'm getting there is no EncodingType in the
> > > BinarySecurityToken-element. Is it mandatory for CXF to have an
> > > EncodingType here?
> > >
> > > If so, how can I programmaticaly alter the WSSE-securityheader and
> insert
> > > this property?
> > >
> > > kind regards,
> > >
> > > Ted
> > >
> >
> >
> >
> > --
> > Colm O hEigeartaigh
> >
> > Talend Community Coder
> > http://coders.talend.com
> >
>



-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

Re: altering wsse security header

[Ted Roeloffzen <te...@gmail.com>]

HI,

I'm not creating the message without EncodingType, the service that I'm
calling is doing that.
Unfortunately I have no control over that service, that is why I have to
work around it.

I assume that I can set this property in the WSS4JInterceptor, but how can
i set just this property without having to configure everything by hand?

kind regards,

Ted


2013/8/14 Colm O hEigeartaigh <co...@apache.org>

> The EncodingType is mandatory according to the Basic Security Profile
> specification. You can disable validation of an incoming message against
> this specification by setting the property "ws-security.is-bsp-compliant"
> to "false". See here for more details:
>
> http://cxf.apache.org/docs/ws-securitypolicy.html
>
> How are you creating the message that it is not putting in an
> "EncodingType"? Could you attach your configuration + the resulting
> message?
>
> Colm.
>
>
> On Wed, Aug 14, 2013 at 10:42 AM, Ted Roeloffzen
> <te...@gmail.com>wrote:
>
> > Hi All,
> >
> > I'm still trying to figure out CXF and WSSE.
> > At this point, sending a message to the server works fine, aside from the
> > timestamp not being correct.
> > But the return message gives a exception.
> > I get the exception that there is no EncodingType, or at least it says
> that
> > the EncodingType is "".
> > When I look at the message I'm getting there is no EncodingType in the
> > BinarySecurityToken-element. Is it mandatory for CXF to have an
> > EncodingType here?
> >
> > If so, how can I programmaticaly alter the WSSE-securityheader and insert
> > this property?
> >
> > kind regards,
> >
> > Ted
> >
>
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>

Re: altering wsse security header

[Colm O hEigeartaigh <co...@apache.org>]

The EncodingType is mandatory according to the Basic Security Profile
specification. You can disable validation of an incoming message against
this specification by setting the property "ws-security.is-bsp-compliant"
to "false". See here for more details:

http://cxf.apache.org/docs/ws-securitypolicy.html

How are you creating the message that it is not putting in an
"EncodingType"? Could you attach your configuration + the resulting message?

Colm.


On Wed, Aug 14, 2013 at 10:42 AM, Ted Roeloffzen
<te...@gmail.com>wrote:

> Hi All,
>
> I'm still trying to figure out CXF and WSSE.
> At this point, sending a message to the server works fine, aside from the
> timestamp not being correct.
> But the return message gives a exception.
> I get the exception that there is no EncodingType, or at least it says that
> the EncodingType is "".
> When I look at the message I'm getting there is no EncodingType in the
> BinarySecurityToken-element. Is it mandatory for CXF to have an
> EncodingType here?
>
> If so, how can I programmaticaly alter the WSSE-securityheader and insert
> this property?
>
> kind regards,
>
> Ted
>



-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com