You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by Oliver Gottwald <ol...@drachmatech.com> on 2008/11/18 21:04:52 UTC
Java CXF - jks - proper configuration
Hi Experts,
I'm currently configuring an example from the following link for CXF and
WS-Security:
http://domagojtechtips.blogspot.com/2007/08/cxf-spring-and-ws-security-putting-it.html
<http://domagojtechtips.blogspot.com/2007/08/cxf-spring-and-ws-security-putting-it.html>
What I need to know is the following:
1. Is the jks file creation process below correct.
2. How the fields are set in the code section to reflect the jks parameters.
I would greatly appreciate any help.
It would be great to have a CXF specialist as a reference for a project
ongoing project.
I used the following commands to create the jks files:
keytool -genkey -alias myAlias -keypass myAliasPassword -keystore
client_keystore.jks -storepass keyStorePassword -dname "cn=ws-client"
-keyalg RSA
keytool -selfcert -alias myAlias -keystore client_keystore.jks
-storepass keyStorePassword -keypass myAliasPassword
keytool -export -alias myAlias -file key.rsa -keystore
client_keystore.jks -storepass keyStorePassword
keytool -import -alias myAlias -file key.rsa -keystore
server_publicstore.jks -storepass keyStorePassword
The following is the service code:
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];
logger.debug("identifier: " + pc.getIdentifer());
if (pc.getIdentifer().equals("ws-client")) {
// set the password on the callback. This will later be compared to the
// password which was sent from the client.
pc.setPassword("password");
}
}
The following is the client code:
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
for (int i=0; i< callbacks.length; i++) {
WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];
int usage = pc.getUsage();
System.out.println("identifier: " + pc.getIdentifer());
System.out.println("usage: " + pc.getUsage());
if (usage == WSPasswordCallback.USERNAME_TOKEN) {
// username token pwd...
pc.setPassword("password");
} else if (usage == WSPasswordCallback.SIGNATURE) {
// set the password for client's keystore.keyPassword
System.out.println("[5]");
pc.setPassword("keyPassword");
}
}
}
I get the following error:
Nov 18, 2008 10:21:37 AM org.apache.cxf.phase.PhaseInterceptorChain doIntercept
INFO: Interceptor has thrown exception, unwinding now
org.apache.cxf.binding.soap.SoapFault: Security processing failed.
at org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:234)
at org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:107)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:220)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:466)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:299)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:251)
at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73)
at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:124)
at $Proxy43.returnUploadResume(Unknown Source)
at com.thea.client.Client.main(Client.java:46)
Caused by: org.apache.ws.security.WSSecurityException: WSHandler: Signature: error during message processingorg.apache.ws.security.WSSecurityException: General security error (Unexpected number of X509Data: for Signature)
at org.apache.ws.security.action.SignatureAction.execute(SignatureAction.java:57)
at org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.java:197)
at org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor.access$200(WSS4JOutInterceptor.java:47)
at org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:219)
... 9 more
Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: Security processing failed.
at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:145)
at $Proxy43.returnUploadResume(Unknown Source)
at com.thea.client.Client.main(Client.java:46)
Caused by: org.apache.cxf.binding.soap.SoapFault: Security processing failed.
at org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:234)
at org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:107)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:220)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:466)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:299)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:251)
at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73)
at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:124)
... 2 more
Caused by: org.apache.ws.security.WSSecurityException: WSHandler: Signature: error during message processingorg.apache.ws.security.WSSecurityException: General security error (Unexpected number of X509Data: for Signature)
at org.apache.ws.security.action.SignatureAction.execute(SignatureAction.java:57)
at org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.java:197)
at org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor.access$200(WSS4JOutInterceptor.java:47)
at org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:219)
... 9 more
oliver
Re: Java CXF - jks - proper configuration
Posted by Glen Mazza <gl...@gmail.com>.
That article was written back in Kolovoz 2007, so maybe it's a bit old.
Here's newer links that might provide you more information:
http://www.jroller.com/gmazza/entry/using_cxf_and_wss4j_to
http://www.jroller.com/gmazza/entry/implementing_ws_security_with_the
HTH,
Glen
Oliver Gottwald-2 wrote:
>
> Hi Experts,
>
> I'm currently configuring an example from the following link for CXF and
> WS-Security:
> http://domagojtechtips.blogspot.com/2007/08/cxf-spring-and-ws-security-putting-it.html
> <http://domagojtechtips.blogspot.com/2007/08/cxf-spring-and-ws-security-putting-it.html>
>
> What I need to know is the following:
> 1. Is the jks file creation process below correct.
> 2. How the fields are set in the code section to reflect the jks
> parameters.
>
> I would greatly appreciate any help.
>
> It would be great to have a CXF specialist as a reference for a project
> ongoing project.
>
> I used the following commands to create the jks files:
> keytool -genkey -alias myAlias -keypass myAliasPassword -keystore
> client_keystore.jks -storepass keyStorePassword -dname "cn=ws-client"
> -keyalg RSA
> keytool -selfcert -alias myAlias -keystore client_keystore.jks
> -storepass keyStorePassword -keypass myAliasPassword
> keytool -export -alias myAlias -file key.rsa -keystore
> client_keystore.jks -storepass keyStorePassword
> keytool -import -alias myAlias -file key.rsa -keystore
> server_publicstore.jks -storepass keyStorePassword
>
> The following is the service code:
> public void handle(Callback[] callbacks) throws IOException,
> UnsupportedCallbackException {
> WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];
> logger.debug("identifier: " + pc.getIdentifer());
> if (pc.getIdentifer().equals("ws-client")) {
> // set the password on the callback. This will later be compared to
> the
> // password which was sent from the client.
> pc.setPassword("password");
> }
> }
>
> The following is the client code:
> public void handle(Callback[] callbacks) throws IOException,
> UnsupportedCallbackException {
>
> for (int i=0; i< callbacks.length; i++) {
> WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];
>
> int usage = pc.getUsage();
>
> System.out.println("identifier: " + pc.getIdentifer());
> System.out.println("usage: " + pc.getUsage());
>
> if (usage == WSPasswordCallback.USERNAME_TOKEN) {
> // username token pwd...
> pc.setPassword("password");
> } else if (usage == WSPasswordCallback.SIGNATURE) {
> // set the password for client's keystore.keyPassword
> System.out.println("[5]");
> pc.setPassword("keyPassword");
> }
> }
> }
>
> I get the following error:
> Nov 18, 2008 10:21:37 AM org.apache.cxf.phase.PhaseInterceptorChain
> doIntercept
> INFO: Interceptor has thrown exception, unwinding now
> org.apache.cxf.binding.soap.SoapFault: Security processing failed.
> at
> org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:234)
> at
> org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:107)
> at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:220)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:466)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:299)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:251)
> at
> org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73)
> at
> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:124)
> at $Proxy43.returnUploadResume(Unknown Source)
> at com.thea.client.Client.main(Client.java:46)
> Caused by: org.apache.ws.security.WSSecurityException: WSHandler:
> Signature: error during message
> processingorg.apache.ws.security.WSSecurityException: General security
> error (Unexpected number of X509Data: for Signature)
> at
> org.apache.ws.security.action.SignatureAction.execute(SignatureAction.java:57)
> at
> org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.java:197)
> at
> org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor.access$200(WSS4JOutInterceptor.java:47)
> at
> org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:219)
> ... 9 more
> Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: Security
> processing failed.
> at
> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:145)
> at $Proxy43.returnUploadResume(Unknown Source)
> at com.thea.client.Client.main(Client.java:46)
> Caused by: org.apache.cxf.binding.soap.SoapFault: Security processing
> failed.
> at
> org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:234)
> at
> org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:107)
> at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:220)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:466)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:299)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:251)
> at
> org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73)
> at
> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:124)
> ... 2 more
> Caused by: org.apache.ws.security.WSSecurityException: WSHandler:
> Signature: error during message
> processingorg.apache.ws.security.WSSecurityException: General security
> error (Unexpected number of X509Data: for Signature)
> at
> org.apache.ws.security.action.SignatureAction.execute(SignatureAction.java:57)
> at
> org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.java:197)
> at
> org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor.access$200(WSS4JOutInterceptor.java:47)
> at
> org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:219)
> ... 9 more
>
> oliver
>
>
>
>
--
View this message in context: http://www.nabble.com/Java-CXF---jks---proper-configuration-tp20567184p20568540.html
Sent from the cxf-user mailing list archive at Nabble.com.