You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by cb9 <c_...@hotmail.com> on 2013/03/07 21:29:36 UTC
Few doubts about a ws-secuirty/sign_enc sample application in cxf
Hi,
Sorry for long post.
I have redeveloped sample application which comes with cxf which in
ws-security/sign_enc.
This application is about encrypting and signing.
In original sample application, all interceptors are configured using Java
code. For a change, I configured interceptors at client side using Java code
and configured interceptors at server side using spring bean configuration.
In this application Client signs following
outProps.put("signatureParts",
"{Element}{" + WSU_NS + "}Timestamp;"
+
"{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body;"
+
"{}{http://www.w3.org/2005/08/addressing}ReplyTo;");
Now if I configure ws-addressing using spring configuration like below
<jaxws:features>
<wsa:addressing xmlns:wsa="http://cxf.apache.org/ws/addressing"
/>
</jaxws:features>
It works perfect.
But if I configure ws-addressing using java code like one below
bus.getFeatures().add(new WSAddressingFeature());
It gives me exception
SEVERE:
org.apache.ws.security.WSSecurityException: General security error
(WSEncryptBody/WSSignEnvelope: Element to encrypt/sign not found:
http://www.w3.org/2005/08/addressing, ReplyTo)
at
org.apache.ws.security.message.WSSecSignatureBase.addReferencesToSign(WSSecSignatureBase.java:160)
at
org.apache.ws.security.message.WSSecSignature.addReferencesToSign(WSSecSignature.java:409)
at
org.apache.ws.security.action.SignatureAction.execute(SignatureAction.java:93)
at
org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.java:230)
at
org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor.access$200(WSS4JOutInterceptor.java:52)
at
org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:260)
at
org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:136)
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:271)
at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:530)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:463)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:366)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:319)
at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:133)
at com.sun.proxy.$Proxy29.sayHello(Unknown Source)
at com.test.cxf9_client.Client.main(Client.java:108)
I do not know why ws-addressing not getting properly inserted in SOAP header
when I configure it using java code.
I have one more question
In the sample application I saw signatureKeyIdentifier is configured using
DirectReference like the one below
inProps.put("signatureKeyIdentifier", "DirectReference")
But when I configured it using DirectReference, it gave me an error.
WSHandler: Signature: unknown key identification
But when I changed it to IssuerSerial, it worked.
I tried to understand what these values mean by reading this
http://ws.apache.org/wss4j/config.html
It says
The configuration values for setting the KeyIdentifiers for signature or
encryption are shown below. See the Javadoc for SIG_KEY_ID and ENC_KEY_ID
for more details:
Value
DirectReference
IssuerSerial
X509KeyIdentifier
SKIKeyIdentifier
EmbeddedKeyName
Thumbprint
EncryptedKeySHA1
But not enough information to understand what these values mean how to
properly use them.
Thanks
--
View this message in context: http://cxf.547215.n5.nabble.com/Few-doubts-about-a-ws-secuirty-sign-enc-sample-application-in-cxf-tp5724278.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: Few doubts about a ws-secuirty/sign_enc sample application in cxf
Posted by Colm O hEigeartaigh <co...@apache.org>.
But not enough information to understand what these values mean how to
> properly use them.
>
"DirectReference" should work fine for Signatures. I wrote a blog entry
here explaining Key Identifiers + will port to WSS4J configuration pages in
due course:
http://coheigea.blogspot.ie/2013/03/signature-and-encryption-key.html
Colm.
On Thu, Mar 7, 2013 at 8:29 PM, cb9 <c_...@hotmail.com> wrote:
> Hi,
>
> Sorry for long post.
>
> I have redeveloped sample application which comes with cxf which in
> ws-security/sign_enc.
>
> This application is about encrypting and signing.
>
> In original sample application, all interceptors are configured using Java
> code. For a change, I configured interceptors at client side using Java
> code
> and configured interceptors at server side using spring bean configuration.
>
> In this application Client signs following
>
> outProps.put("signatureParts",
> "{Element}{" + WSU_NS + "}Timestamp;"
> +
> "{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body;"
> +
> "{}{http://www.w3.org/2005/08/addressing}ReplyTo;");
>
> Now if I configure ws-addressing using spring configuration like below
>
> <jaxws:features>
> <wsa:addressing xmlns:wsa="http://cxf.apache.org/ws/addressing
> "
> />
> </jaxws:features>
>
> It works perfect.
>
> But if I configure ws-addressing using java code like one below
>
> bus.getFeatures().add(new WSAddressingFeature());
>
> It gives me exception
>
> SEVERE:
> org.apache.ws.security.WSSecurityException: General security error
> (WSEncryptBody/WSSignEnvelope: Element to encrypt/sign not found:
> http://www.w3.org/2005/08/addressing, ReplyTo)
> at
>
> org.apache.ws.security.message.WSSecSignatureBase.addReferencesToSign(WSSecSignatureBase.java:160)
> at
>
> org.apache.ws.security.message.WSSecSignature.addReferencesToSign(WSSecSignature.java:409)
> at
>
> org.apache.ws.security.action.SignatureAction.execute(SignatureAction.java:93)
> at
> org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.java:230)
> at
>
> org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor.access$200(WSS4JOutInterceptor.java:52)
> at
>
> org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:260)
> at
>
> org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:136)
> at
>
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:271)
> at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:530)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:463)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:366)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:319)
> at
> org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
> at
> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:133)
> at com.sun.proxy.$Proxy29.sayHello(Unknown Source)
> at com.test.cxf9_client.Client.main(Client.java:108)
>
>
> I do not know why ws-addressing not getting properly inserted in SOAP
> header
> when I configure it using java code.
>
>
>
>
> I have one more question
>
> In the sample application I saw signatureKeyIdentifier is configured using
> DirectReference like the one below
>
> inProps.put("signatureKeyIdentifier", "DirectReference")
>
> But when I configured it using DirectReference, it gave me an error.
>
> WSHandler: Signature: unknown key identification
>
> But when I changed it to IssuerSerial, it worked.
>
> I tried to understand what these values mean by reading this
> http://ws.apache.org/wss4j/config.html
>
> It says
>
> The configuration values for setting the KeyIdentifiers for signature or
> encryption are shown below. See the Javadoc for SIG_KEY_ID and ENC_KEY_ID
> for more details:
> Value
> DirectReference
> IssuerSerial
> X509KeyIdentifier
> SKIKeyIdentifier
> EmbeddedKeyName
> Thumbprint
> EncryptedKeySHA1
>
>
> But not enough information to understand what these values mean how to
> properly use them.
>
> Thanks
>
>
>
>
> --
> View this message in context:
> http://cxf.547215.n5.nabble.com/Few-doubts-about-a-ws-secuirty-sign-enc-sample-application-in-cxf-tp5724278.html
> Sent from the cxf-user mailing list archive at Nabble.com.
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com