You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by Pravin <pr...@gmail.com> on 2015/03/13 19:37:05 UTC
Re: Client Apache CXF to a Windows webservice
Carlos Oliva <Ca...@...> writes:
>
> Hi Colm,
> Would you know which jars I would need to update in JBoss6 installation
> (I believe it works with v2.3.1 of Apache CXF) to work with v2.7.8? The
> java stand-alone java client works fine with v2.7.8 of Apache CXF. When
> I cut and paste the code in a servlet that runs in JBoss6, the logs show
> errors and the client never calls the service. I recreated the java
> client with Apache CXF v 2.3.1 and the client also crashes.
>
> Thank you in advance.
> Carlos
>
> -----Original Message-----
> From: Colm O hEigeartaigh [mailto:coheigea@...]
> Sent: Monday, February 03, 2014 10:56 AM
> To: Carlos Oliva
> Cc: users@...
> Subject: Re: Client Apache CXF to a Windows webservice
>
> The public key of the webservice should be referencing via the
> encryption alias, and your private key via the signature alias.
>
> Colm.
>
> On Mon, Feb 3, 2014 at 3:33 PM, Carlos Oliva <Ca...@...>
> wrote:
>
> > Hi Colm,
> >
> > That is the alias to my private key in my keystore. Should I use
> > something else? I think that my client shoudl sign my private key.
> > Shoudl it encrypt with something else?
> >
> >
> >
> > I extracted the public key of the webservice (found at the bottom of
> > the
> > wsdl) and added it to my keystore. Shoud I use the alias from the
> > public key of the webservice for encrypting?
> >
> > *From:* Colm O hEigeartaigh [mailto:coheigea@...]
> > *Sent:* Monday, February 03, 2014 10:24 AM
> > *To:* Carlos Oliva
> > *Cc:* users@...
> > *Subject:* Re: Client Apache CXF to a Windows webservice
> >
> >
> >
> >
> >
> > You're still using the same key alias for signature and encryption...
> >
> > Colm.
> >
> >
> >
> > On Mon, Feb 3, 2014 at 3:22 PM, Carlos Oliva <Ca...@...>
> wrote:
> >
> > Thank you for your help Colm. I followed your directions and created
> > a client with your instructions (JavaClient.txt). The output from the
>
> > SOAPHandlerInterceptor and Logging interceptors are in the attahced
> > file, StandardOut.txt. I hope that I followed your directions
> > correctly.
> >
> > If you think that the client should work and that the out message is
> > proper, I am really thinking that the webservice fails to understand
> > my public key. If so, I am thinking that the implementors of the
> > webservice need to correct their implementation.
> >
> > -----Original Message-----
> > From: Colm O hEigeartaigh [mailto:coheigea@...]
> > Sent: Monday, February 03, 2014 9:55 AM
> > To: Carlos Oliva
> > Cc: users@...
> > Subject: Re: Client Apache CXF to a Windows webservice
> >
> > No, that's not the problem. I've just looked at your Client.txt and it
>
> > is incorrect. I see two problems:
> >
> > a) You are defining security actions via WSHandlerConstants.* and then
>
> > adding the properties to a WSS4JOutInterceptor. However, is it
> > unnecessary to do this, as security is configured via the
> > SecurityPolicy.
> > Get rid of from " java.util.Map<String,Object> outProps..." down to
> > "client.getOutInterceptors().add(wssOut);"
> >
> > b) Your WS-SecurityPolicy configuration looks like:
> >
> > bindingProvider.getRequestContext().put("ws-security.username",
> > "mykey");
> >
> > bindingProvider.getRequestContext().put("ws-security.callback-handler"
> > ,
> > new KeystorePasswordCallback());
> >
> > // Encryption properties file with directions to use the keystore
> >
> > bindingProvider.getRequestContext().put("ws-security.encryption.userna
> > me
> > ",
> > "mykey");
> >
> > bindingProvider.getRequestContext().put("ws-security.encryption.proper
> > ti
> > es",
> > "pbsitokhie.properties");
> >
> > However, you are using the same key alias for both signature +
> > encryption here! You should be specifying the signature alias via
> > "ws-security.signature.username" + the encryption alias via
> > "ws-security.encryption.username". If "mykey" is your key, then I
> > guess the error is that the service cannot decrypt the EncryptedKey...
> >
> > Colm.
> >
> >
> > On Mon, Feb 3, 2014 at 2:16 PM, Carlos Oliva <Ca...@...>
> > wrote:
> >
> > > Hi Colm,
> > > I just noticed that the Security element fails to appear in the list
>
> > > of headers of the SOAPMessage. I added a SOAPHandlerInterceptor to
> > > my
> >
> > > client and listed the the headers (perhaps I need to add it in a
> > > different Phase). This is what I got:
> > > Message has 4 headers
> > > {http://www.w3.org/2005/08/addressing}Action
> > > {http://www.w3.org/2005/08/addressing}MessageID
> > > {http://www.w3.org/2005/08/addressing}To
> > > {http://www.w3.org/2005/08/addressing}ReplyTo
> > >
> > > The logging interceptor lists the outgoing message afterwards and
> > > the Security element appears as follows:
> > > ><wsse:Security
> > > xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-
> > > ws
> > > se
> > > curity-secext-1.0.xsd"
> > > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-w
> > > ss ec urity-utility-1.0.xsd" soap:mustUnderstand="true">
> > >
> > > Is it that the interceptor fails to understand the Security element
> > > as
> >
> > > part of the Header? I am asking because the webservice sends a
> > > fault message back with ta text like "An error occurred when
> > > verifying security for the message"
> > >
> > > -----Original Message-----
> > > From: Colm O hEigeartaigh [mailto:coheigea@...]
> > > Sent: Monday, February 03, 2014 7:32 AM
> > > To: users@...
> > > Subject: Re: Client Apache CXF to a Windows webservice
> > >
> > > Do you have access to the logs on the service side to see why the
> > > request was rejected? I don't really see anything wrong with the CXF
>
> > > request. Could you attach the security policy that is being used?
> > >
> > > Colm.
> > >
> > >
> > > On Sat, Feb 1, 2014 at 9:52 PM, Carlos Oliva <Ca...@...>
> > > wrote:
> > >
> > > > How can I mimic the message in the attached file, message.xml,
> > > > with a stand-alone Apache CXF client? The file is a trace output
> > > > from support at the remote server. I need to replicate the
> > > > message described in the file without the added artifacts created
> > > > be the
> > > tracer.
> > > >
> > > >
> > > >
> > > > I created a java client, attached file client.txt, by replicating
>
> > > > the
> > >
> > > > Greeter example in the Apache CXF web site. I created the
> > > > artifacts
> >
> > > > with wsdl2java from the wsdl quoted in the attached file,
> > > > (SecodnExchange.txt), and coded the client. My client created the
>
> > > > message listed in the file, SecondExchange.txt, and get the
> > > > response
> >
> > > > "An error occurred when verifying security for the message". The
> > > > support team for the service has told me that they had added my
> > > > public
> > > key to their configuration.
> > > >
> > > >
> > > >
> > > > I am stuck with this problem. It looks like the client is
> > > > creating code that is very similar to the one that succeeds.
> > > > Thank you very much in advance.
> > > > *PRIVILEGED AND CONFIDENTIAL: This document and the information
> > > > contained herein are confidential and protected from disclosure
> > > > under
> > > Federal law.
> > > > This message is intended only for the use of the addressee(s) and
> > > > may contain information that is PRIVILEGED and CONFIDENTIAL. If
> > > > you are not the intended recipient, you are hereby notified that
> > > > the use, dissemination, or copying of this information is strictly
> > prohibited.
> > > > If you received this communication in error, please erase all
> > > > copies
> >
> > > > of the message and its attachments and notify the sender
> > > > immediately.*
> > > >
> > > >
> > > >
> > >
> > >
> > > --
> > > Colm O hEigeartaigh
> > >
> > > Talend Community Coder
> > > http://coders.talend.com
> > >
> > >
> > >
> > >
> >
> >
> > --
> > Colm O hEigeartaigh
> >
> > Talend Community Coder
> > http://coders.talend.com
> >
> >
> >
> >
> >
> > --
> > Colm O hEigeartaigh
> >
> > Talend Community Coder
> > http://coders.talend.com
> > *PRIVILEGED AND CONFIDENTIAL: This document and the information
> > contained herein are confidential and protected from disclosure under
> Federal law.
> > This message is intended only for the use of the addressee(s) and may
> > contain information that is PRIVILEGED and CONFIDENTIAL. If you are
> > not the intended recipient, you are hereby notified that the use,
> > dissemination, or copying of this information is strictly prohibited.
> > If you received this communication in error, please erase all copies
> > of the message and its attachments and notify the sender immediately.*
> >
> >
> >
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>
>
Hi,
I am trying to connect same Windows webservice using apache cfx standalone
client(2.7.15 version) code mentioned above but I am getting following
error. Can someone help me out to get rid off those errors.
Message has headers
Message has 4 headers
{http://www.w3.org/2005/08/addressing}Action
{http://www.w3.org/2005/08/addressing}MessageID
{http://www.w3.org/2005/08/addressing}To
{http://www.w3.org/2005/08/addressing}ReplyTo
Mar 13, 2015 2:31:58 PM org.apache.ws.security.message.WSSecSignature
computeSignature
SEVERE: org.apache.ws.security.WSSecurityException: General security error
(The private key for the supplied alias does not exist in the keystore)
Mar 13, 2015 2:31:58 PM org.apache.cxf.phase.PhaseInterceptorChain
doDefaultLogging
WARNING: Interceptor for {http://ACS.HIE.ServiceContracts/2009/10}
PartnerHIEService#{http://ACS.HIE.ServiceContracts/2009/10}
SendHIEMessageWithTimeInsensitivity has thrown exception, unwinding now
org.apache.cxf.interceptor.Fault: Signature creation failed
at
org.apache.cxf.ws.security.wss4j.policyhandlers.SymmetricBindingHandler.doS
ignBeforeEncrypt(SymmetricBindingHandler.java:398)
at
org.apache.cxf.ws.security.wss4j.policyhandlers.SymmetricBindingHandler.han
dleBinding(SymmetricBindingHandler.java:124)
at
org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBased
WSS4JOutInterceptorInternal.handleMessage
(PolicyBasedWSS4JOutInterceptor.java:173)
at
org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBased
WSS4JOutInterceptorInternal.handleMessage
(PolicyBasedWSS4JOutInterceptor.java:90)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept
(PhaseInterceptorChain.java:272)
at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:572)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:481)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:382)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:335)
at org.apache.cxf.frontend.ClientProxy.invokeSync
(ClientProxy.java:96)
at org.apache.cxf.jaxws.JaxWsClientProxy.invoke
(JaxWsClientProxy.java:136)
at com.sun.proxy.$Proxy38.sendHIEMessageWithTimeInsensitivity
(Unknown Source)
at Hello2KHIE.<init>(Hello2KHIE.java:101)
at Hello2KHIE.main(Hello2KHIE.java:119)
Caused by: org.apache.cxf.ws.policy.PolicyException: Signature creation
failed
at
org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.poli
cyNotAsserted(AbstractBindingBuilder.java:294)
at
org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.doEn
dorsedSignatures(AbstractBindingBuilder.java:1926)
at
org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.doEn
dorse(AbstractBindingBuilder.java:2191)
at
org.apache.cxf.ws.security.wss4j.policyhandlers.SymmetricBindingHandler.doS
ignBeforeEncrypt(SymmetricBindingHandler.java:352)
... 13 more
Caused by: org.apache.ws.security.WSSecurityException: Signature creation
failed
at org.apache.ws.security.message.WSSecSignature.computeSignature
(WSSecSignature.java:561)
at
org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.doEn
dorsedSignatures(AbstractBindingBuilder.java:1918)
... 15 more
Caused by: org.apache.ws.security.WSSecurityException: General security
error (The private key for the supplied alias does not exist in the
keystore)
at org.apache.ws.security.components.crypto.Merlin.getPrivateKey
(Merlin.java:725)
at org.apache.ws.security.message.WSSecSignature.computeSignature
(WSSecSignature.java:504)
... 16 more
Caused by: java.security.UnrecoverableKeyException: Cannot recover key
at sun.security.provider.KeyProtector.recover
(KeyProtector.java:328)
at sun.security.provider.JavaKeyStore.engineGetKey
(JavaKeyStore.java:138)
at sun.security.provider.JavaKeyStore$JKS.engineGetKey
(JavaKeyStore.java:55)
at java.security.KeyStore.getKey(KeyStore.java:792)
at org.apache.ws.security.components.crypto.Merlin.getPrivateKey
(Merlin.java:711)
... 17 more
javax.xml.ws.soap.SOAPFaultException: Signature creation failed
at org.apache.cxf.jaxws.JaxWsClientProxy.invoke
(JaxWsClientProxy.java:158)
at com.sun.proxy.$Proxy38.sendHIEMessageWithTimeInsensitivity
(Unknown Source)
at Hello2KHIE.<init>(Hello2KHIE.java:101)
at Hello2KHIE.main(Hello2KHIE.java:119)
Caused by: org.apache.cxf.ws.policy.PolicyException: Signature creation
failed
at
org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.poli
cyNotAsserted(AbstractBindingBuilder.java:294)
at
org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.doEn
dorsedSignatures(AbstractBindingBuilder.java:1926)
at
org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.doEn
dorse(AbstractBindingBuilder.java:2191)
at
org.apache.cxf.ws.security.wss4j.policyhandlers.SymmetricBindingHandler.doS
ignBeforeEncrypt(SymmetricBindingHandler.java:352)
at
org.apache.cxf.ws.security.wss4j.policyhandlers.SymmetricBindingHandler.han
dleBinding(SymmetricBindingHandler.java:124)
at
org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBased
WSS4JOutInterceptorInternal.handleMessage
(PolicyBasedWSS4JOutInterceptor.java:173)
at
org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBased
WSS4JOutInterceptorInternal.handleMessage
(PolicyBasedWSS4JOutInterceptor.java:90)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept
(PhaseInterceptorChain.java:272)
at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:572)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:481)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:382)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:335)
at org.apache.cxf.frontend.ClientProxy.invokeSync
(ClientProxy.java:96)
at org.apache.cxf.jaxws.JaxWsClientProxy.invoke
(JaxWsClientProxy.java:136)
... 3 more
Caused by: org.apache.ws.security.WSSecurityException: Signature creation
failed
at org.apache.ws.security.message.WSSecSignature.computeSignature
(WSSecSignature.java:561)
at
org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.doEn
dorsedSignatures(AbstractBindingBuilder.java:1918)
... 15 more
Caused by: org.apache.ws.security.WSSecurityException: General security
error (The private key for the supplied alias does not exist in the
keystore)
at org.apache.ws.security.components.crypto.Merlin.getPrivateKey
(Merlin.java:725)
at org.apache.ws.security.message.WSSecSignature.computeSignature
(WSSecSignature.java:504)
... 16 more
Caused by: java.security.UnrecoverableKeyException: Cannot recover key
at sun.security.provider.KeyProtector.recover
(KeyProtector.java:328)
at sun.security.provider.JavaKeyStore.engineGetKey
(JavaKeyStore.java:138)
at sun.security.provider.JavaKeyStore$JKS.engineGetKey
(JavaKeyStore.java:55)
at java.security.KeyStore.getKey(KeyStore.java:792)
at org.apache.ws.security.components.crypto.Merlin.getPrivateKey
(Merlin.java:711)
... 17 more
Thanks,
Pravin