You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by Jeroen Breedveld <je...@automatech.co> on 2016/10/20 11:33:51 UTC
Getting ws-security to work
Hi all,
Using Apache CXF I've created Java code to access a SOAP service described
by a wsdl.
I can now work the service with a couple of lines of code:
*InitiateInvite initiateInvite =
webservicesObjectFactory.createInitiateInvite();*
*InitiateInviteResponse initiateInviteResponse =
certificateServices.getCertificateServicesSoap().initiateInvite(initiateInvite);*
But the SOAP service expects the payload to be signed. I followed the
instructions here http://cxf.apache.org/docs/ws-security.html and now have
a Client with the correct interceptors registered
on the endpoints but the payload is still not signed. The CallbackHandler
for the password is also not called.
How do I combine the client with the generated code to make Apache CXF sign
the SOAP payload?
Thanks for any help and regards,
Jeroen
Re: Getting ws-security to work
Posted by Jeroen Breedveld <je...@automatech.co>.
Hi Martin,
On Thu, Oct 20, 2016 at 3:10 PM, Martin Fernau <ma...@fernausoft.de>
wrote:
>
> --cut
> CertificateServicesSoap service = certificateServices.getCertifi
> cateServicesSoap();
> Client client = ClientProxy.getClient(service);
> [...]
> InitiateInviteResponse initiateInviteResponse =
> service.initiateInvite(initiateInvite);
> [...]
> --cut
Thanks! That solved the problem...
Regards,
Jeroen
Re: Getting ws-security to work
Posted by Martin Fernau <ma...@fernausoft.de>.
Hi Jeroen,
not sure about the "certificateServices.getCertificateServicesSoap()"
Method. Do this method return always the same instance (aka singleton)
or is it always a new instance?
Just to be sure I would do somehting like this:
--cut
CertificateServicesSoap service =
certificateServices.getCertificateServicesSoap();
Client client = ClientProxy.getClient(service);
[...]
InitiateInviteResponse initiateInviteResponse =
service.initiateInvite(initiateInvite);
[...]
--cut
Martin
Am 20.10.2016 um 15:01 schrieb Jeroen Breedveld:
> Hi Martin,
>
> Thanks for your response. Yes I did, this is the code:
>
> Client client =
> ClientProxy.getClient(certificateServices.getCertificateServicesSoap());
>
> Endpoint endpoint = client.getEndpoint();
>
> Map<String, Object> outProps = new HashMap<>();
>
> outProps.put(WSHandlerConstants.ACTION, "Signature");
> outProps.put(WSHandlerConstants.USER, "alias");
> outProps.put(WSHandlerConstants.PW_CALLBACK_REF, new
> ClientPasswordCallback());
> outProps.put(WSHandlerConstants.SIG_PROP_FILE, "client_sign.properties");
>
> WSS4JOutInterceptor wss4JOutInterceptor = new WSS4JOutInterceptor(outProps);
> endpoint.getOutInterceptors().add(wss4JOutInterceptor);
>
> InitiateInvite initiateInvite =
> webservicesObjectFactory.createInitiateInvite();
> initiateInvite.setEncoding(ContentEncoding.UTF_16);
> initiateInvite.setVersion(APIVersion.V_2_0);
> initiateInvite.setSignedInitiateInviteRequest(Base64.encodeBase64String(baos.toByteArray()));
>
> InitiateInviteResponse initiateInviteResponse =
> certificateServices.getCertificateServicesSoap().initiateInvite(initiateInvite);
> System.out.println("initiateInviteResponse = " +
> initiateInviteResponse.getInitiateInviteResponse().getMessage());
>
>
> ClientPasswordCallback is never called
>
>
>
> --
>
> Met vriendelijke groet,
>
> Jeroen Breedveld
>
>
> mobiel: +31 6 81621309 | jeroenbreedveld@oorsprongsdocumenten.nl |
> http://oorsprongsdocumenten.nl | https://nl.linkedin.com/in/jeroenbreedveld
>
> Op al onze aanbiedingen en overeenkomsten zijn de Nederland ICT Voorwaarden
> 2014 van toepassing, gedeponeerd bij de Kamer van Koophandel
> Midden-Nederland onder nummer 30174840. Deze voorwaarden treft u hierbij
> aan. Op verzoek sturen wij u deze nogmaals kosteloos toe.
>
>
>
> On Thu, Oct 20, 2016 at 2:26 PM, Martin Fernau <ma...@fernausoft.de>
> wrote:
>
>> Have you registered the WSS4JOutInterceptor to the OutInterceptors of you
>> cxfEndpoint?
>>
>> --cut
>> Map<String,Object> outProps = new HashMap<String,Object>();
>> // activate signing of outgoing messages
>> outProps.put(WSHandlerConstants.ACTION, WSHandlerConstants.SIGNATURE);
>> // the alias name in the keystore to get user's certificate and key
>> outProps.put(WSHandlerConstants.USER, LocalKeyStoreAlias);
>> // BinarySecurityToken
>> // outProps.put(WSHandlerConstants.SIG_KEY_ID, "DirectReference");
>> // Callback Class
>> outProps.put(WSHandlerConstants.PW_CALLBACK_CLASS,
>> ClientPasswordCallback.class.getName());
>>
>> // Signing parameters
>> Properties sigProps = new Properties();
>> // Merlin Class
>> sigProps.put("org.apache.ws.security.crypto.provider",
>> MyMerlin.class.getName());
>>
>> outProps.put("cryptoProperties", sigProps);
>> outProps.put(WSHandlerConstants.SIG_PROP_REF_ID, "cryptoProperties");
>>
>> // Add WSS4JOutInterceptor to the endpoint
>> Client client = ClientProxy.getClient(port);
>> Endpoint cxfEndpoint = client.getEndpoint();
>> WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(outProps);
>> cxfEndpoint.getOutInterceptors().add(wssOut);
>> --cut
>>
>> Am 20.10.2016 um 13:33 schrieb Jeroen Breedveld:
>>
>>> Hi all,
>>>
>>> Using Apache CXF I've created Java code to access a SOAP service described
>>> by a wsdl.
>>>
>>> I can now work the service with a couple of lines of code:
>>>
>>>
>>> *InitiateInvite initiateInvite =
>>> webservicesObjectFactory.createInitiateInvite();*
>>> *InitiateInviteResponse initiateInviteResponse =
>>> certificateServices.getCertificateServicesSoap().initiateInv
>>> ite(initiateInvite);*
>>>
>>>
>>>
>>> But the SOAP service expects the payload to be signed. I followed the
>>> instructions here http://cxf.apache.org/docs/ws-security.html and now
>>> have
>>> a Client with the correct interceptors registered
>>> on the endpoints but the payload is still not signed. The CallbackHandler
>>> for the password is also not called.
>>>
>>> How do I combine the client with the generated code to make Apache CXF
>>> sign
>>> the SOAP payload?
>>>
>>> Thanks for any help and regards,
>>>
>>> Jeroen
>>>
>>>
>>>
>>>
>>>
--
FERNAUSOFT GmbH
Gartenstra�e 42 - 37269 Eschwege
Telefon (0 56 51) 95 99-0
Telefax (0 56 51) 95 99-90
eMail martin.fernau@fernausoft.de
Internet http://www.fernausoft.de
Handelsregister Eschwege, HRB 1585
Gesch�ftsf�hrer: Axel Fernau, Ulrich Fernau, Martin Fernau
Steuernummer 025 233 00041
USt-ID-Nr. DE 178 554 622
Re: Getting ws-security to work
Posted by Jeroen Breedveld <je...@oorsprongsdocumenten.nl>.
Hi Martin,
Thanks for your response. Yes I did, this is the code:
Client client =
ClientProxy.getClient(certificateServices.getCertificateServicesSoap());
Endpoint endpoint = client.getEndpoint();
Map<String, Object> outProps = new HashMap<>();
outProps.put(WSHandlerConstants.ACTION, "Signature");
outProps.put(WSHandlerConstants.USER, "alias");
outProps.put(WSHandlerConstants.PW_CALLBACK_REF, new
ClientPasswordCallback());
outProps.put(WSHandlerConstants.SIG_PROP_FILE, "client_sign.properties");
WSS4JOutInterceptor wss4JOutInterceptor = new WSS4JOutInterceptor(outProps);
endpoint.getOutInterceptors().add(wss4JOutInterceptor);
InitiateInvite initiateInvite =
webservicesObjectFactory.createInitiateInvite();
initiateInvite.setEncoding(ContentEncoding.UTF_16);
initiateInvite.setVersion(APIVersion.V_2_0);
initiateInvite.setSignedInitiateInviteRequest(Base64.encodeBase64String(baos.toByteArray()));
InitiateInviteResponse initiateInviteResponse =
certificateServices.getCertificateServicesSoap().initiateInvite(initiateInvite);
System.out.println("initiateInviteResponse = " +
initiateInviteResponse.getInitiateInviteResponse().getMessage());
ClientPasswordCallback is never called
--
Met vriendelijke groet,
Jeroen Breedveld
mobiel: +31 6 81621309 | jeroenbreedveld@oorsprongsdocumenten.nl |
http://oorsprongsdocumenten.nl | https://nl.linkedin.com/in/jeroenbreedveld
Op al onze aanbiedingen en overeenkomsten zijn de Nederland ICT Voorwaarden
2014 van toepassing, gedeponeerd bij de Kamer van Koophandel
Midden-Nederland onder nummer 30174840. Deze voorwaarden treft u hierbij
aan. Op verzoek sturen wij u deze nogmaals kosteloos toe.
On Thu, Oct 20, 2016 at 2:26 PM, Martin Fernau <ma...@fernausoft.de>
wrote:
> Have you registered the WSS4JOutInterceptor to the OutInterceptors of you
> cxfEndpoint?
>
> --cut
> Map<String,Object> outProps = new HashMap<String,Object>();
> // activate signing of outgoing messages
> outProps.put(WSHandlerConstants.ACTION, WSHandlerConstants.SIGNATURE);
> // the alias name in the keystore to get user's certificate and key
> outProps.put(WSHandlerConstants.USER, LocalKeyStoreAlias);
> // BinarySecurityToken
> // outProps.put(WSHandlerConstants.SIG_KEY_ID, "DirectReference");
> // Callback Class
> outProps.put(WSHandlerConstants.PW_CALLBACK_CLASS,
> ClientPasswordCallback.class.getName());
>
> // Signing parameters
> Properties sigProps = new Properties();
> // Merlin Class
> sigProps.put("org.apache.ws.security.crypto.provider",
> MyMerlin.class.getName());
>
> outProps.put("cryptoProperties", sigProps);
> outProps.put(WSHandlerConstants.SIG_PROP_REF_ID, "cryptoProperties");
>
> // Add WSS4JOutInterceptor to the endpoint
> Client client = ClientProxy.getClient(port);
> Endpoint cxfEndpoint = client.getEndpoint();
> WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(outProps);
> cxfEndpoint.getOutInterceptors().add(wssOut);
> --cut
>
> Am 20.10.2016 um 13:33 schrieb Jeroen Breedveld:
>
>> Hi all,
>>
>> Using Apache CXF I've created Java code to access a SOAP service described
>> by a wsdl.
>>
>> I can now work the service with a couple of lines of code:
>>
>>
>> *InitiateInvite initiateInvite =
>> webservicesObjectFactory.createInitiateInvite();*
>> *InitiateInviteResponse initiateInviteResponse =
>> certificateServices.getCertificateServicesSoap().initiateInv
>> ite(initiateInvite);*
>>
>>
>>
>> But the SOAP service expects the payload to be signed. I followed the
>> instructions here http://cxf.apache.org/docs/ws-security.html and now
>> have
>> a Client with the correct interceptors registered
>> on the endpoints but the payload is still not signed. The CallbackHandler
>> for the password is also not called.
>>
>> How do I combine the client with the generated code to make Apache CXF
>> sign
>> the SOAP payload?
>>
>> Thanks for any help and regards,
>>
>> Jeroen
>>
>>
>>
>>
>>
>
Re: Getting ws-security to work
Posted by Martin Fernau <ma...@fernausoft.de>.
Have you registered the WSS4JOutInterceptor to the OutInterceptors of
you cxfEndpoint?
--cut
Map<String,Object> outProps = new HashMap<String,Object>();
// activate signing of outgoing messages
outProps.put(WSHandlerConstants.ACTION, WSHandlerConstants.SIGNATURE);
// the alias name in the keystore to get user's certificate and key
outProps.put(WSHandlerConstants.USER, LocalKeyStoreAlias);
// BinarySecurityToken
// outProps.put(WSHandlerConstants.SIG_KEY_ID, "DirectReference");
// Callback Class
outProps.put(WSHandlerConstants.PW_CALLBACK_CLASS,
ClientPasswordCallback.class.getName());
// Signing parameters
Properties sigProps = new Properties();
// Merlin Class
sigProps.put("org.apache.ws.security.crypto.provider",
MyMerlin.class.getName());
outProps.put("cryptoProperties", sigProps);
outProps.put(WSHandlerConstants.SIG_PROP_REF_ID, "cryptoProperties");
// Add WSS4JOutInterceptor to the endpoint
Client client = ClientProxy.getClient(port);
Endpoint cxfEndpoint = client.getEndpoint();
WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(outProps);
cxfEndpoint.getOutInterceptors().add(wssOut);
--cut
Am 20.10.2016 um 13:33 schrieb Jeroen Breedveld:
> Hi all,
>
> Using Apache CXF I've created Java code to access a SOAP service described
> by a wsdl.
>
> I can now work the service with a couple of lines of code:
>
>
> *InitiateInvite initiateInvite =
> webservicesObjectFactory.createInitiateInvite();*
> *InitiateInviteResponse initiateInviteResponse =
> certificateServices.getCertificateServicesSoap().initiateInvite(initiateInvite);*
>
>
>
> But the SOAP service expects the payload to be signed. I followed the
> instructions here http://cxf.apache.org/docs/ws-security.html and now have
> a Client with the correct interceptors registered
> on the endpoints but the payload is still not signed. The CallbackHandler
> for the password is also not called.
>
> How do I combine the client with the generated code to make Apache CXF sign
> the SOAP payload?
>
> Thanks for any help and regards,
>
> Jeroen
>
>
>
>