You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by Juan Pablo Pizarro <ju...@gmail.com> on 2010/11/29 23:28:37 UTC
Security
Hello, I'm trying to call a web service that uses certificates (
http://wss.aduanas.gub.uy/LuciaWsSecurity/Stock.svc?wsdl). Can you guys send
me a tutorial to do that?
In this project I can not use spring (I saw some tutorials using spring).
Exists a tutorial using only cxf to do that?
>From CXF site (http://cxf.apache.org/docs/ws-security.html), I saw that we
can put interceptors to do that:
import org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor;
import org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor;
...
Map<String,Object> inProps= new HashMap<String,Object>();
... // how to configure the properties is outlined below;
WSS4JInInterceptor wssIn = new WSS4JInInterceptor(inProps);
cxfEndpoint.getInInterceptors().add(wssIn);
cxfEndpoint.getInInterceptors().add(new SAAJInInterceptor()); // 2.0.x
only; not needed in 2.1+
Map<String,Object> outProps = new HashMap<String,Object>();
... // how to configure the properties is outlined below;
WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(outProps);
cxfEndpoint.getOutInterceptors().add(wssOut);
cxfEndpoint.getOutInterceptors().add(new SAAJOutInterceptor());
But I can not find the method to get the cxfEndpoint from my classes. I'm
using snapshot 2.4.
Thanks!
Re: Security
Posted by Juan Pablo Pizarro <ju...@gmail.com>.
I found a example into the 2.4 snapshot zip
(apache-cxf-2.4.0-SNAPSHOT/samples/ws_security/sign_enc/src/main/java/demo/wssec/client).
But I'm interested in some of documentation to understand what I doing.. :)
2010/11/29 Juan Pablo Pizarro <ju...@gmail.com>
> Hello, I'm trying to call a web service that uses certificates (
> http://wss.aduanas.gub.uy/LuciaWsSecurity/Stock.svc?wsdl). Can you guys
> send me a tutorial to do that?
>
> In this project I can not use spring (I saw some tutorials using spring).
> Exists a tutorial using only cxf to do that?
>
>
> From CXF site (http://cxf.apache.org/docs/ws-security.html), I saw that we
> can put interceptors to do that:
>
> import org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor;
> import org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor;
>
> ...
>
> Map<String,Object> inProps= new HashMap<String,Object>();
>
> ... // how to configure the properties is outlined below;
>
> WSS4JInInterceptor wssIn = new WSS4JInInterceptor(inProps);
> cxfEndpoint.getInInterceptors().add(wssIn);
>
> cxfEndpoint.getInInterceptors().add(new SAAJInInterceptor()); // 2.0.x only; not needed in 2.1+
>
> Map<String,Object> outProps = new HashMap<String,Object>();
>
> ... // how to configure the properties is outlined below;
>
> WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(outProps);
> cxfEndpoint.getOutInterceptors().add(wssOut);
>
> cxfEndpoint.getOutInterceptors().add(new SAAJOutInterceptor());
>
>
> But I can not find the method to get the cxfEndpoint from my classes. I'm
> using snapshot 2.4.
>
> Thanks!
>
Re: Security
Posted by Juan Pablo Pizarro <ju...@gmail.com>.
Daniel, I send you the wsdl. I write some code (from an example). I'm going
in the correct way?, I mean, now I have a "no certificate for user ..." and
it's obviusly that is the keystore, but.. my code is correct?.
Thanks!!
SpringBusFactory bf = new SpringBusFactory();
URL busFile = Client.class.getResource("wssec.xml");
Bus bus = bf.createBus(busFile.toString());
SpringBusFactory.setDefaultBus(bus);
Map<String, Object> outProps = new HashMap<String, Object>();
outProps.put("action", "Timestamp Signature Encrypt");
outProps.put("passwordType", "PasswordDigest");
outProps.put("user", "XXX");
outProps.put("passwordCallbackClass",
com.casa.wss.demo.UTPasswordCallback.class.getName());
outProps.put("encryptionUser", "YYY");
outProps.put("encryptionPropFile", "Client_Encrypt.properties");
outProps.put("encryptionKeyIdentifier", "SKIKeyIdentifier");
outProps.put("signaturePropFile", "Client_Sign.properties");
outProps.put("signatureKeyIdentifier", "DirectReference");
String encryptionParts = "{Element}{
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp
;"
+ "{Element}{http://www.w3.org/2005/08/addressing}Action;"
+ "{Element}{http://www.w3.org/2005/08/addressing}ReplyTo;"
+ "{Element}{http://www.w3.org/2005/08/addressing}MessageID
;"
+ "{Element}{http://www.w3.org/2005/08/addressing}To;"
+ "{Content}{http://www.w3.org/2003/05/soap-envelope}Body";
outProps.put("signatureParts", encryptionParts);
outProps.put("encryptionParts", encryptionParts);
bus.getOutInterceptors().add(new WSS4JOutInterceptor(outProps));
Map<String, Object> inProps = new HashMap<String, Object>();
inProps.put("action", "Timestamp Signature Encrypt");
inProps.put("passwordType", "PasswordText");
inProps.put("passwordCallbackClass",
com.casa.wss.demo.UTPasswordCallback.class.getName());
inProps.put("decryptionPropFile", "Client_Sign.properties");
inProps.put("encryptionKeyIdentifier", "IssuerSerial");
inProps.put("signaturePropFile", "Client_Encrypt.properties");
inProps.put("signatureKeyIdentifier", "DirectReference");
bus.getInInterceptors().add(new WSS4JInInterceptor(inProps));
final QName SERVICE_NAME = new QName("http://tempuri.org/",
"MenStock");
MenStock ss = new MenStock(MenStock.WSDL_LOCATION,
SERVICE_NAME);
IStock port = ss.getCustomBindingIStock();
System.out.println("Invoking mensajeStock...");
org.datacontract.schemas._2004._07.wcf_stock.Stock stock = new
org.datacontract.schemas._2004._07.wcf_stock.Stock();
javax.xml.bind.JAXBElement<org.datacontract.schemas._2004._07.wcf_stock.ArrayOfStockEntrada>
stockEntradas = null;
stockEntradas = createArrayOfStockEntrada();
stock.setEntradas(stockEntradas);
Object response = port.mensajeStock(stock);
System.out.println("response: " + response + "\n");
// allow aynchronous resends to occur
Thread.sleep(30 * 1000);
bus.shutdown(true);
2010/12/1 Daniel Kulp <dk...@apache.org>
> On Monday 29 November 2010 5:28:37 pm Juan Pablo Pizarro wrote:
> > Hello, I'm trying to call a web service that uses certificates (
> > http://wss.aduanas.gub.uy/LuciaWsSecurity/Sthe WSS4J*Interceptors
> directly as beloock.svc?wsdl<http://wss.aduanas.gub.uy/LuciaWsSecurity/Stock.svc?wsdl>).
> Can you guys
> > send me a tutorial to do that?
>
> We don't have access to that WSDL.
>
>
> > In this project I can not use spring (I saw some tutorials using spring).
> > Exists a tutorial using only cxf to do that?
>
> It depends. If the WSDL contains WS-SecurityPolicy assertions, the
> easiest
> thing to do is let the WS-SecurityPolicy runtime just handle everything.
> You'll just need to configure in the crypto stuff. Some (very little)
> docs
> are at:
> http://cxf.apache.org/docs/ws-securitypolicy.html
>
> If it doesn't contain the SecPolicy things, then you would need to
> configure
> the WSS4J*Interceptors directly as below.
>
> Dan
>
>
>
> >
> >
> > From CXF site (http://cxf.apache.org/docs/ws-security.html), I saw that
> we
> > can put interceptors to do that:
> >
> > import org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor;
> > import org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor;
> > ...
> >
> > Map<String,Object> inProps= new HashMap<String,Object>();
> > ... // how to configure the properties is outlined below;
> >
> > WSS4JInInterceptor wssIn = new WSS4JInInterceptor(inProps);
> > cxfEndpoint.getInInterceptors().add(wssIn);
> > cxfEndpoint.getInInterceptors().add(new SAAJInInterceptor()); // 2.0.x
> > only; not needed in 2.1+
> >
> > Map<String,Object> outProps = new HashMap<String,Object>();
> > ... // how to configure the properties is outlined below;
> >
> > WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(outProps);
> > cxfEndpoint.getOutInterceptors().add(wssOut);
> > cxfEndpoint.getOutInterceptors().add(new SAAJOutInterceptor());
> >
> >
> > But I can not find the method to get the cxfEndpoint from my classes. I'm
> > using snapshot 2.4.
> >
> > Thanks!
>
> --
> Daniel Kulp
> dkulp@apache.org
> http://dankulp.com/blog
>
Re: Security
Posted by Daniel Kulp <dk...@apache.org>.
On Monday 29 November 2010 5:28:37 pm Juan Pablo Pizarro wrote:
> Hello, I'm trying to call a web service that uses certificates (
> http://wss.aduanas.gub.uy/LuciaWsSecurity/Stock.svc?wsdl). Can you guys
> send me a tutorial to do that?
We don't have access to that WSDL.
> In this project I can not use spring (I saw some tutorials using spring).
> Exists a tutorial using only cxf to do that?
It depends. If the WSDL contains WS-SecurityPolicy assertions, the easiest
thing to do is let the WS-SecurityPolicy runtime just handle everything.
You'll just need to configure in the crypto stuff. Some (very little) docs
are at:
http://cxf.apache.org/docs/ws-securitypolicy.html
If it doesn't contain the SecPolicy things, then you would need to configure
the WSS4J*Interceptors directly as below.
Dan
>
>
> From CXF site (http://cxf.apache.org/docs/ws-security.html), I saw that we
> can put interceptors to do that:
>
> import org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor;
> import org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor;
> ...
>
> Map<String,Object> inProps= new HashMap<String,Object>();
> ... // how to configure the properties is outlined below;
>
> WSS4JInInterceptor wssIn = new WSS4JInInterceptor(inProps);
> cxfEndpoint.getInInterceptors().add(wssIn);
> cxfEndpoint.getInInterceptors().add(new SAAJInInterceptor()); // 2.0.x
> only; not needed in 2.1+
>
> Map<String,Object> outProps = new HashMap<String,Object>();
> ... // how to configure the properties is outlined below;
>
> WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(outProps);
> cxfEndpoint.getOutInterceptors().add(wssOut);
> cxfEndpoint.getOutInterceptors().add(new SAAJOutInterceptor());
>
>
> But I can not find the method to get the cxfEndpoint from my classes. I'm
> using snapshot 2.4.
>
> Thanks!
--
Daniel Kulp
dkulp@apache.org
http://dankulp.com/blog