You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@ws.apache.org by Kai Rommel <kr...@googlemail.com> on 2016/07/10 10:30:15 UTC
WS Security configured via policies
Hello Colm,
I configured WSS successfully via the WSS interceptors. Now my plan was to
switch to policies and it does not work out.
I am using an .xml to configure the cxf bus (configuring WSRM via the .xml
works fine.)
The bus config within the .xml looks like this:
<cxf:bus>
<cxf:features>
<cxf:logging />
<p:policies enabled="true">
<wsp:Policy wsu:Id="Asymmetric124"
xmlns:wsu="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
"
xmlns:wsp="http://www.w3.org/ns/ws-policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:AsymmetricBinding
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<wsp:Policy>
<sp:InitiatorToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient
">
<wsp:Policy>
<sp:WssX509V3Token10 />
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:InitiatorToken>
<sp:RecipientToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never
">
<wsp:Policy>
<sp:WssX509V3Token10 />
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:RecipientToken>
<sp:Layout>
<wsp:Policy>
<sp:Lax />
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp />
<sp:OnlySignEntireHeadersAndBody />
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic128 />
</wsp:Policy>
</sp:AlgorithmSuite>
</wsp:Policy>
</sp:AsymmetricBinding>
<sp:SignedParts
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<sp:Body />
<sp:Header Name="To"
Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing" />
<sp:Header Name="From"
Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing" />
<sp:Header Name="FaultTo"
Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing" />
<sp:Header Name="MessageID"
Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing" />
<sp:Header Name="RelatesTo"
Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing" />
<sp:Header Name="Action"
Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing" />
<sp:Header Name="Timestamp"
Namespace="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
" />
</sp:SignedParts>
<sp:EncryptedParts
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"
xmlns:sapsp="http://www.sap.com/webas/630/soap/features/security/policy"
xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:wst="
http://docs.oasis-open.org/ws-sx/ws-trust/200512"
xmlns:wsu="http://schemas.xmlsoap.org/ws/2002/07/utility"
xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex">
<sp:Body />
<sp:Attachments />
</sp:EncryptedParts>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
</p:policies>
</cxf:features>
</cxf:bus>
Within the .java class I am loading the config:
SpringBusFactory bf = new SpringBusFactory();
URL busFile = ClientWSSviaPolicies.class.getResource(
"clientWSSviaPoliciesWithAtt_WSRM.xml");
Bus bus = bf.createBus(busFile.toString());
BusFactory.setDefaultBus(bus);
plus I am setting the needed properties
((BindingProvider)port).getRequestContext().put(
"ws-security.username", "wss");
((BindingProvider)port).getRequestContext().put(
"ws-security.callback-handler", "demo.ws_rm.client.CallBack");
((BindingProvider)port).getRequestContext().put(
"ws-security.signature.username", "wss");
((BindingProvider)port).getRequestContext().put(
"ws-security.signature.properties", "jks/client.properties");
((BindingProvider)port).getRequestContext().put(
"ws-security.encryption.username", "wss");
((BindingProvider)port).getRequestContext().put(
"ws-security.encryption.properties", "jks/client.properties");
But the message which my client creates, is not signed nor encrypted.
I search for samples, but I did not find a helpful one. I saw some examples
with an wsdl containing the policies, but I wanted to set the policy via
the bus.
Can you give me a hint what I have done wrong?
Thanks.
Best regards
Kai
Re: WS Security configured via policies
Posted by Kai Rommel <kr...@googlemail.com>.
Hello Colm,
I created CXF-6968 <https://issues.apache.org/jira/browse/CXF-6968>
Thanks.
Best regards,
Kai
2016-07-11 11:21 GMT+02:00 Colm O hEigeartaigh <co...@apache.org>:
> Hi Kai,
>
> Questions relating to CXF should go to the CXF users list. I took a quick
> look and it looks like a bug in CXF, that policies placed at bus level are
> not being registered (for WS-Security). Could you file a JIRA (in CXF?).
>
> Colm.
>
> On Sun, Jul 10, 2016 at 11:30 AM, Kai Rommel <kr...@googlemail.com>
> wrote:
>
>> Hello Colm,
>>
>> I configured WSS successfully via the WSS interceptors. Now my plan was
>> to switch to policies and it does not work out.
>>
>> I am using an .xml to configure the cxf bus (configuring WSRM via the
>> .xml works fine.)
>> The bus config within the .xml looks like this:
>>
>> <cxf:bus>
>>
>> <cxf:features>
>>
>> <cxf:logging />
>>
>> <p:policies enabled="true">
>>
>> <wsp:Policy wsu:Id="Asymmetric124"
>>
>> xmlns:wsu="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
>> "
>>
>> xmlns:wsp="http://www.w3.org/ns/ws-policy">
>>
>> <wsp:ExactlyOne>
>>
>> <wsp:All>
>>
>> <sp:AsymmetricBinding
>>
>> xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
>>
>> <wsp:Policy>
>>
>> <sp:InitiatorToken>
>>
>> <wsp:Policy>
>>
>> <sp:X509Token
>>
>> sp:IncludeToken="
>> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient
>> ">
>>
>> <wsp:Policy>
>>
>> <sp:WssX509V3Token10 />
>>
>> </wsp:Policy>
>>
>> </sp:X509Token>
>>
>> </wsp:Policy>
>>
>> </sp:InitiatorToken>
>>
>> <sp:RecipientToken>
>>
>> <wsp:Policy>
>>
>> <sp:X509Token
>>
>> sp:IncludeToken="
>> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never
>> ">
>>
>> <wsp:Policy>
>>
>> <sp:WssX509V3Token10 />
>>
>> </wsp:Policy>
>>
>> </sp:X509Token>
>>
>> </wsp:Policy>
>>
>> </sp:RecipientToken>
>>
>> <sp:Layout>
>>
>> <wsp:Policy>
>>
>> <sp:Lax />
>>
>> </wsp:Policy>
>>
>> </sp:Layout>
>>
>> <sp:IncludeTimestamp />
>>
>> <sp:OnlySignEntireHeadersAndBody />
>>
>> <sp:AlgorithmSuite>
>>
>> <wsp:Policy>
>>
>> <sp:Basic128 />
>>
>> </wsp:Policy>
>>
>> </sp:AlgorithmSuite>
>>
>> </wsp:Policy>
>>
>> </sp:AsymmetricBinding>
>>
>> <sp:SignedParts
>>
>> xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
>>
>> <sp:Body />
>>
>> <sp:Header Name="To"
>>
>> Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing" />
>>
>> <sp:Header Name="From"
>>
>> Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing" />
>>
>> <sp:Header Name="FaultTo"
>>
>> Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing" />
>>
>> <sp:Header Name="MessageID"
>>
>> Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing" />
>>
>> <sp:Header Name="RelatesTo"
>>
>> Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing" />
>>
>> <sp:Header Name="Action"
>>
>> Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing" />
>>
>> <sp:Header Name="Timestamp"
>>
>> Namespace="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
>> " />
>>
>> </sp:SignedParts>
>>
>> <sp:EncryptedParts
>>
>> xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"
>>
>> xmlns:sapsp="http://www.sap.com/webas/630/soap/features/security/policy"
>>
>> xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:wst="
>> http://docs.oasis-open.org/ws-sx/ws-trust/200512"
>>
>> xmlns:wsu="http://schemas.xmlsoap.org/ws/2002/07/utility"
>>
>> xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex">
>>
>> <sp:Body />
>>
>> <sp:Attachments />
>>
>> </sp:EncryptedParts>
>>
>> </wsp:All>
>>
>> </wsp:ExactlyOne>
>>
>> </wsp:Policy>
>>
>> </p:policies>
>>
>> </cxf:features>
>>
>> </cxf:bus>
>>
>> Within the .java class I am loading the config:
>>
>> SpringBusFactory bf = new SpringBusFactory();
>>
>> URL busFile = ClientWSSviaPolicies.class.getResource(
>> "clientWSSviaPoliciesWithAtt_WSRM.xml");
>>
>> Bus bus = bf.createBus(busFile.toString());
>>
>>
>>
>> BusFactory.setDefaultBus(bus);
>> plus I am setting the needed properties
>>
>> ((BindingProvider)port).getRequestContext().put(
>> "ws-security.username", "wss");
>>
>> ((BindingProvider)port).getRequestContext().put(
>> "ws-security.callback-handler", "demo.ws_rm.client.CallBack");
>>
>> ((BindingProvider)port).getRequestContext().put(
>> "ws-security.signature.username", "wss");
>>
>> ((BindingProvider)port).getRequestContext().put(
>> "ws-security.signature.properties", "jks/client.properties");
>>
>> ((BindingProvider)port).getRequestContext().put(
>> "ws-security.encryption.username", "wss");
>>
>> ((BindingProvider)port).getRequestContext().put(
>> "ws-security.encryption.properties", "jks/client.properties");
>>
>>
>> But the message which my client creates, is not signed nor encrypted.
>>
>> I search for samples, but I did not find a helpful one. I saw some
>> examples with an wsdl containing the policies, but I wanted to set the
>> policy via the bus.
>>
>> Can you give me a hint what I have done wrong?
>>
>> Thanks.
>>
>> Best regards
>>
>> Kai
>>
>>
>>
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>
Re: WS Security configured via policies
Posted by Colm O hEigeartaigh <co...@apache.org>.
Hi Kai,
Questions relating to CXF should go to the CXF users list. I took a quick
look and it looks like a bug in CXF, that policies placed at bus level are
not being registered (for WS-Security). Could you file a JIRA (in CXF?).
Colm.
On Sun, Jul 10, 2016 at 11:30 AM, Kai Rommel <kr...@googlemail.com>
wrote:
> Hello Colm,
>
> I configured WSS successfully via the WSS interceptors. Now my plan was to
> switch to policies and it does not work out.
>
> I am using an .xml to configure the cxf bus (configuring WSRM via the .xml
> works fine.)
> The bus config within the .xml looks like this:
>
> <cxf:bus>
>
> <cxf:features>
>
> <cxf:logging />
>
> <p:policies enabled="true">
>
> <wsp:Policy wsu:Id="Asymmetric124"
>
> xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> "
>
> xmlns:wsp="http://www.w3.org/ns/ws-policy">
>
> <wsp:ExactlyOne>
>
> <wsp:All>
>
> <sp:AsymmetricBinding
>
> xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
>
> <wsp:Policy>
>
> <sp:InitiatorToken>
>
> <wsp:Policy>
>
> <sp:X509Token
>
> sp:IncludeToken="
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient
> ">
>
> <wsp:Policy>
>
> <sp:WssX509V3Token10 />
>
> </wsp:Policy>
>
> </sp:X509Token>
>
> </wsp:Policy>
>
> </sp:InitiatorToken>
>
> <sp:RecipientToken>
>
> <wsp:Policy>
>
> <sp:X509Token
>
> sp:IncludeToken="
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never
> ">
>
> <wsp:Policy>
>
> <sp:WssX509V3Token10 />
>
> </wsp:Policy>
>
> </sp:X509Token>
>
> </wsp:Policy>
>
> </sp:RecipientToken>
>
> <sp:Layout>
>
> <wsp:Policy>
>
> <sp:Lax />
>
> </wsp:Policy>
>
> </sp:Layout>
>
> <sp:IncludeTimestamp />
>
> <sp:OnlySignEntireHeadersAndBody />
>
> <sp:AlgorithmSuite>
>
> <wsp:Policy>
>
> <sp:Basic128 />
>
> </wsp:Policy>
>
> </sp:AlgorithmSuite>
>
> </wsp:Policy>
>
> </sp:AsymmetricBinding>
>
> <sp:SignedParts
>
> xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
>
> <sp:Body />
>
> <sp:Header Name="To"
>
> Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing" />
>
> <sp:Header Name="From"
>
> Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing" />
>
> <sp:Header Name="FaultTo"
>
> Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing" />
>
> <sp:Header Name="MessageID"
>
> Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing" />
>
> <sp:Header Name="RelatesTo"
>
> Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing" />
>
> <sp:Header Name="Action"
>
> Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing" />
>
> <sp:Header Name="Timestamp"
>
> Namespace="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> " />
>
> </sp:SignedParts>
>
> <sp:EncryptedParts
>
> xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"
>
> xmlns:sapsp="http://www.sap.com/webas/630/soap/features/security/policy"
>
> xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:wst="
> http://docs.oasis-open.org/ws-sx/ws-trust/200512"
>
> xmlns:wsu="http://schemas.xmlsoap.org/ws/2002/07/utility"
>
> xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex">
>
> <sp:Body />
>
> <sp:Attachments />
>
> </sp:EncryptedParts>
>
> </wsp:All>
>
> </wsp:ExactlyOne>
>
> </wsp:Policy>
>
> </p:policies>
>
> </cxf:features>
>
> </cxf:bus>
>
> Within the .java class I am loading the config:
>
> SpringBusFactory bf = new SpringBusFactory();
>
> URL busFile = ClientWSSviaPolicies.class.getResource(
> "clientWSSviaPoliciesWithAtt_WSRM.xml");
>
> Bus bus = bf.createBus(busFile.toString());
>
>
>
> BusFactory.setDefaultBus(bus);
> plus I am setting the needed properties
>
> ((BindingProvider)port).getRequestContext().put(
> "ws-security.username", "wss");
>
> ((BindingProvider)port).getRequestContext().put(
> "ws-security.callback-handler", "demo.ws_rm.client.CallBack");
>
> ((BindingProvider)port).getRequestContext().put(
> "ws-security.signature.username", "wss");
>
> ((BindingProvider)port).getRequestContext().put(
> "ws-security.signature.properties", "jks/client.properties");
>
> ((BindingProvider)port).getRequestContext().put(
> "ws-security.encryption.username", "wss");
>
> ((BindingProvider)port).getRequestContext().put(
> "ws-security.encryption.properties", "jks/client.properties");
>
>
> But the message which my client creates, is not signed nor encrypted.
>
> I search for samples, but I did not find a helpful one. I saw some
> examples with an wsdl containing the policies, but I wanted to set the
> policy via the bus.
>
> Can you give me a hint what I have done wrong?
>
> Thanks.
>
> Best regards
>
> Kai
>
>
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com