You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by Alexandre Beaupre <be...@hotmail.com> on 2015/06/30 04:14:02 UTC
Attaching a WS-SecurityPolicy to a WSDL
Hi,
I'm using CXF version 3.1.1 and I am trying to attach a WS-SecurityPolicy to my jax-ws:endpoint.
I have been successful with Axis2/Rampart, but for some reason I can't seem to enforce the policy with CXF.
In my WSDL I have added a simple policy :
<wsp:Policy wsu:Id="SignBody">
<wsp:ExactlyOne>
<wsp:All>
<sp:SignedParts>
<sp:Body/>
</sp:SignedParts>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
And I have added policy references in my binding :
<wsdl:binding name="TestServiceSoapBinding" type="tns:TestService">
<wsp:PolicyReference URI="#SignBody"/>
<soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http" />
<wsdl:operation name="echo">
<soap:operation soapAction="" />
<wsdl:input name="echo">
<wsp:PolicyReference URI="#SignBody"/>
<soap:body use="literal" />
</wsdl:input>
<wsdl:output name="echoResponse">
<wsp:PolicyReference URI="#SignBody"/>
<soap:body use="literal" />
</wsdl:output>
</wsdl:operation>
</wsdl:binding>
However, using SoapUI I can still call the operation without applying any security and nothing special is logged.
I have tried to debug the PolicyInInterceptor, it seems like the Policy is getting created but that the Wsdl11AttachmentPolicyProvider is not providing the policy.
Is there something I'm missing ?
Is there a sample test project for this I could try ?
Thank you for your help!
Alex
RE: Attaching a WS-SecurityPolicy to a WSDL
Posted by Alexandre Beaupre <be...@hotmail.com>.
Thanks for the quick reply Colm!
I was not using TLS but it turns out my problem was with my @WebService annotation it was missing the "serviceName" attribute. This is probably why the Wsdl11AttachmentPolicyProvider could not match the policy reference to my service.
Thanks for all your work in the Apache WS/Security community Colm, very impressive and much appreciated!
Alex
> Date: Tue, 30 Jun 2015 16:27:02 +0100
> Subject: Re: Attaching a WS-SecurityPolicy to a WSDL
> From: coheigea@apache.org
> To: users@cxf.apache.org
>
> Is the service using TLS? If so then the "SignedParts/Body" policy will not
> fail, as it is deemed to be signed by the Transport layer. Normally, you
> only specify "SignedParts" policies for the input + outputs. The overall
> policy should link to a security binding policy, SymmetricBinding,
> AsymmetricBinding, TransportBinding, etc. All three of your policies link
> to the SignBody policy. There are numerous examples in the WSDLS in CXF's
> systests/ws-security, e.g.:
>
> https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=blob;f=systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl;h=172b1bd13b09d3d24ddac5862bbede0b6c68041f;hb=HEAD
>
> Colm.
>
> On Tue, Jun 30, 2015 at 3:14 AM, Alexandre Beaupre <be...@hotmail.com>
> wrote:
>
> > Hi,
> >
> > I'm using CXF version 3.1.1 and I am trying to attach a WS-SecurityPolicy
> > to my jax-ws:endpoint.
> > I have been successful with Axis2/Rampart, but for some reason I can't
> > seem to enforce the policy with CXF.
> >
> > In my WSDL I have added a simple policy :
> >
> > <wsp:Policy wsu:Id="SignBody">
> > <wsp:ExactlyOne>
> > <wsp:All>
> > <sp:SignedParts>
> > <sp:Body/>
> > </sp:SignedParts>
> > </wsp:All>
> > </wsp:ExactlyOne>
> > </wsp:Policy>
> >
> > And I have added policy references in my binding :
> >
> > <wsdl:binding name="TestServiceSoapBinding" type="tns:TestService">
> > <wsp:PolicyReference URI="#SignBody"/>
> > <soap:binding style="document" transport="
> > http://schemas.xmlsoap.org/soap/http" />
> > <wsdl:operation name="echo">
> > <soap:operation soapAction="" />
> > <wsdl:input name="echo">
> > <wsp:PolicyReference URI="#SignBody"/>
> > <soap:body use="literal" />
> > </wsdl:input>
> > <wsdl:output name="echoResponse">
> > <wsp:PolicyReference URI="#SignBody"/>
> > <soap:body use="literal" />
> > </wsdl:output>
> > </wsdl:operation>
> > </wsdl:binding>
> >
> > However, using SoapUI I can still call the operation without applying any
> > security and nothing special is logged.
> > I have tried to debug the PolicyInInterceptor, it seems like the Policy is
> > getting created but that the Wsdl11AttachmentPolicyProvider is not
> > providing the policy.
> >
> > Is there something I'm missing ?
> > Is there a sample test project for this I could try ?
> >
> > Thank you for your help!
> > Alex
> >
>
>
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
Re: Attaching a WS-SecurityPolicy to a WSDL
Posted by Colm O hEigeartaigh <co...@apache.org>.
Is the service using TLS? If so then the "SignedParts/Body" policy will not
fail, as it is deemed to be signed by the Transport layer. Normally, you
only specify "SignedParts" policies for the input + outputs. The overall
policy should link to a security binding policy, SymmetricBinding,
AsymmetricBinding, TransportBinding, etc. All three of your policies link
to the SignBody policy. There are numerous examples in the WSDLS in CXF's
systests/ws-security, e.g.:
https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=blob;f=systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl;h=172b1bd13b09d3d24ddac5862bbede0b6c68041f;hb=HEAD
Colm.
On Tue, Jun 30, 2015 at 3:14 AM, Alexandre Beaupre <be...@hotmail.com>
wrote:
> Hi,
>
> I'm using CXF version 3.1.1 and I am trying to attach a WS-SecurityPolicy
> to my jax-ws:endpoint.
> I have been successful with Axis2/Rampart, but for some reason I can't
> seem to enforce the policy with CXF.
>
> In my WSDL I have added a simple policy :
>
> <wsp:Policy wsu:Id="SignBody">
> <wsp:ExactlyOne>
> <wsp:All>
> <sp:SignedParts>
> <sp:Body/>
> </sp:SignedParts>
> </wsp:All>
> </wsp:ExactlyOne>
> </wsp:Policy>
>
> And I have added policy references in my binding :
>
> <wsdl:binding name="TestServiceSoapBinding" type="tns:TestService">
> <wsp:PolicyReference URI="#SignBody"/>
> <soap:binding style="document" transport="
> http://schemas.xmlsoap.org/soap/http" />
> <wsdl:operation name="echo">
> <soap:operation soapAction="" />
> <wsdl:input name="echo">
> <wsp:PolicyReference URI="#SignBody"/>
> <soap:body use="literal" />
> </wsdl:input>
> <wsdl:output name="echoResponse">
> <wsp:PolicyReference URI="#SignBody"/>
> <soap:body use="literal" />
> </wsdl:output>
> </wsdl:operation>
> </wsdl:binding>
>
> However, using SoapUI I can still call the operation without applying any
> security and nothing special is logged.
> I have tried to debug the PolicyInInterceptor, it seems like the Policy is
> getting created but that the Wsdl11AttachmentPolicyProvider is not
> providing the policy.
>
> Is there something I'm missing ?
> Is there a sample test project for this I could try ?
>
> Thank you for your help!
> Alex
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com