You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by alan mcsherry <al...@oddsfutures.com> on 2013/02/13 10:26:14 UTC
Can't generate CXF client for .NET service
Hi,
I've been involved in developing web services for 2 months now using Apache
CXF and all has gone well.
Until I needed to interact with an external service generated with .NET. In
this case my client was configured thus:
<jaxws:client id="redmanApi"
username="test"
password="password"
serviceName="cc:RedmanAPIService"
endpointName="cc:RedmanAPIServiceEndpoint"
address="http://redman.software.com:6580/redmanAPI"
serviceClass="uk.co.redmanapi.IRedmanAPI">
<jaxws:binding>
<soap:soapBinding version="1.2" style="document"/>
</jaxws:binding>
<jaxws:properties>
</jaxws:properties>
</jaxws:client>
And I get a 'Connection Reset' error. The client cannot send the message. I
cannot seem to configure my client to connect!
I can connect using a .NET client provided to me, it has the following
configuration....
<system.serviceModel>
<client>
<endpoint
name="WSHttpBinding_IRedmanAPI"
address="http://redman.software.com:6580/RedmanAPI"
binding="wsHttpBinding"
bindingConfiguration="WSHttpBinding_IRedmanAPI"
contract="IRedmanAPI">
<identity>
<dns value="redman.software.com"/>
</identity>
</endpoint>
</client>
<bindings>
<wsHttpBinding>
<binding name="WSHttpBinding_IRedmanAPI"
bypassProxyOnLocal="false" transactionFlow="false"
hostNameComparisonMode="StrongWildcard"
messageEncoding="Text" textEncoding="utf-8"
useDefaultWebProxy="true"
allowCookies="false">
<security mode="Message">
<message clientCredentialType="UserName"/>
</security>
</binding>
</wsHttpBinding>
</bindings>
</system.serviceModel>
The successful .NET client interaction looks like this ....(with some
values changed)
2013-02-12 10:05:23,230 [14] as service in context of the reseller 'test':
after receiving request: [urn:co.uk/RedmanAPI/IRedmanAPI/RegisterNewUser],
GUID:[56f9b3e2-3b4d-4332-8c20-064a06314a24], Request:
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="
http://www.w3.org/2005/08/addressing" xmlns:u="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
">
<s:Header>
<a:Action s:mustUnderstand="1" u:Id="_2">urn:
co.uk/RedmanAPI/IRedmanAPI/RegisterNewUser</a:Action>
<a:MessageID
u:Id="_3">urn:uuid:e15ff563-01f2-4063-822a-387ad7088ff6</a:MessageID>
<a:ReplyTo u:Id="_4">
<a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
</a:ReplyTo>
<a:To s:mustUnderstand="1" u:Id="_5">
http://redman.software.com:6580/RedmanAPI</a:To>
<o:Security s:mustUnderstand="1" xmlns:o="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
">
<u:Timestamp u:Id="uuid-f7a690f2-a8f6-40ff-9f72-8c27cfa366fb-11">
<u:Created>2013-02-12T09:06:20.457Z</u:Created>
<u:Expires>2013-02-12T09:11:20.457Z</u:Expires>
</u:Timestamp>
<c:SecurityContextToken
u:Id="uuid-b82539dc-ca7e-41d4-b68a-1e7bfb9fe6ba-5" xmlns:c="
http://schemas.xmlsoap.org/ws/2005/02/sc">
<c:Identifier>urn:uuid:b19e1dc9-d1b5-440c-8cae-20cca6c7d6fa</c:Identifier>
</c:SecurityContextToken>
<c:DerivedKeyToken u:Id="uuid-f7a690f2-a8f6-40ff-9f72-8c27cfa366fb-9"
xmlns:c="http://schemas.xmlsoap.org/ws/2005/02/sc">
<o:SecurityTokenReference>
<o:Reference ValueType="
http://schemas.xmlsoap.org/ws/2005/02/sc/sct"
URI="#uuid-b82539dc-ca7e-41d4-b68a-1e7bfb9fe6ba-5" />
</o:SecurityTokenReference>
<c:Offset>0</c:Offset>
<c:Length>24</c:Length>
<c:Nonce>R6PHj4NfkvjXt+b6QMNhKw==</c:Nonce>
</c:DerivedKeyToken>
<c:DerivedKeyToken
u:Id="uuid-f7a690f2-a8f6-40ff-9f72-8c27cfa366fb-10" xmlns:c="
http://schemas.xmlsoap.org/ws/2005/02/sc">
<o:SecurityTokenReference>
<o:Reference ValueType="
http://schemas.xmlsoap.org/ws/2005/02/sc/sct"
URI="#uuid-b82539dc-ca7e-41d4-b68a-1e7bfb9fe6ba-5" />
</o:SecurityTokenReference>
<c:Nonce>NMwqy0hhD24EEPBjG/fXDQ==</c:Nonce>
</c:DerivedKeyToken>
<e:ReferenceList xmlns:e="http://www.w3.org/2001/04/xmlenc#">
<e:DataReference URI="#_1" />
<e:DataReference URI="#_6" />
</e:ReferenceList>
<e:EncryptedData Id="_6" Type="
http://www.w3.org/2001/04/xmlenc#Element" xmlns:e="
http://www.w3.org/2001/04/xmlenc#">
<e:EncryptionMethod Algorithm="
http://www.w3.org/2001/04/xmlenc#aes256-cbc" />
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<o:SecurityTokenReference>
<o:Reference ValueType="
http://schemas.xmlsoap.org/ws/2005/02/sc/dk"
URI="#uuid-f7a690f2-a8f6-40ff-9f72-8c27cfa366fb-10" />
</o:SecurityTokenReference>
</KeyInfo>
<e:CipherData>
<e:CipherValue>IrgFpb3X7NqcaNDIYLU2SMGpkSV02Ij8Pas3aKr3mG27GvgIMb4IpgSxBR+Cu3kEnVVvUKe9E53sHE8IeVxB72abal+GAmQBgMRST7glWTbfTuTs+8KvlnjnEuspDA/PvZ9+VBifhTAMOBRsKmEOS3CGsKfV1OvkrU/0UsCxwS51C+YwUFNCSarVuo5+u7T+7PJ2IQe8hGcDHKQ97VIM6X+gU//hW3/KaaIH7QceWYnXtj0MbekritXKn0RtBDrM3gNJWVevAstr1n8WbqY0CdsvRXYq3yK/I0ELDDUQQ8ruPmFhb0VxyrO6HYOf3r7K3SRijfr0hXujTDpWLanIVNKCJshpbopqRTTmvcJZzN9UBhWLJxKD/VlkYLzPMEpZ6CQL3b7RJ8x1azGj+D+zHfxa/GLJRng2AqJLJRv8dbp/l5R20vdZBGWxo9K2MQrPWlG+TTkQ1LpnjVTfUzAmxgDXf8UbrYm0YW/ochAMGuuU3RruwsX8nblvBhC3FHa6Hs1hI34q6pK+I1C635rizqbBds7m95bg53DpBlv9X9gcw0/5S5sfnnEMcnFVBIErxqg9uV+4oKRTq7iGeLqnR3Y4RL/pwcoU7/dB9bqm+MVSxG36F+MOGwZGor4ZF7oLfuHezQ663RUCurFhUZoRNtpCE1yHSjivxPEklkwBP8hjAXMT8KNYJR9FwspwNCkqe59JrVQDg31hoaLnQAUWF0CeMWKmyGZmemVxIVgrX8Fv5nIC9SjUAEiEbbFBJQTDYGd/nkVmoTlmniq8NEYJsa9R8vTflqkJUkSi/cNusRoZG43Nen1Z2Vln5/F+wGrG4NjRX/dPMl26K2e4FipYkn8IcoCS/DWECekJNzB6LjYzxJDm2p0eDfQm63dc2HJp3c54rLxeb2nKIt6UbchxtckkggTsKO3MXnlAHobjDVpfKYiwkWJdG9sxyJWpTtx0F4BYNonf/Mi5zLztRplpSq0phmLTDvjnRBubwGPNxl/icurbCSqFzre7bjAhRXDtKisxgtDdoAYgoozvIcIdwxlPQQLbuKb2jvjCYu1mfgjqiEAF4vWtlBoC7rlhDz9lAnbEovPkBb7Bjm/uTuylWeMJ+gKpKxrkdzL1dy3SFU16F0Rvs32v3XE+KdK9c8WWMDGe/FufxMHduLig8QadnFaDxbliJjchovx67AwvKacxkDQT/NrbpXx6YeV0cCH5kynqY4a7uHbivkEZCDZUTYSnkTUcWdTLRN5Z8//rKpF3VSOjk4U5Z5TBji+vcTDcwkyzRYAnBJHS3ssEagd38amSFdgLhfougI0nE7h52SedPvKSOiFtK/nqXEPWtL0iG34upJhmIcw5zpGaF6pKskuTTPZ6X6+qbVYouqqlBrCCpEiDGAA0eNq6UVUjHm5Z064/WLxSt5iEauxwXmbPWasm25aC1rQ6eskZeJDEI0Cg7PUNrYB0Ck/ilnZSwEGzYRNNCPBB5MtCRO1KbjDq5u94YD+gh3OwgYJNxeXkCQdqOxjF6L/yu6ZynQH2txnJe+6THOJHVPbhh0855nwuG0tc449CMxLC9JQvxQzZPdP72g525SWyh+1hPmWSrjkC8svoiItVVQm2JDUdwgekvHV1iDBLxFoYtroSzrawnPx5pvFc+TygIRxxf8GM/t3ufFTd8bj9LWXPxa9ACvTpJjyBoZhJi7wIbJfJNtjKQrfJnGBDE1Ti4YEaSOvuKlDjtGKFpzStcXZWtziUupHb1ofnEsyqwzxjQoZfu3p7/qAGTqSaqmm8QWHNu59tNeONVkbBiYT4Vn/6ro03IH/wdiPGtP3zQPe+pkZRsf0sYMiJxAq21GsbRxbFgOyZ4NIixtIWEkuP1VZ3fDnSCA+jhqsHmP8RTY4LEQxN1MNh6vJdmjpg4zMhF2SrpoM/aaxPu1QEWHcmiEsMcsFn54iJvLMNxrHGLRE8q1SEP6JAIvmZktDs/XFmEYDxifg2vvi470KbFRMU0uJDYu2DRbEUbXtS+tVFB7V/PLihye0QyivvAM3QycYZbAmqQOLSLD8J53/+P66lDU6vDAl8wtN9CJm9J/muKUXexnafrn5X8neA/1Sc9Y061fgQhPt/MNMg6sSluD8Ms/tpTnCecXsZh+OPWYCNzgjtVLE3WGvyJ8k3EI1XLrO1J1yitoZDpSsgdmsF5F5HEgtD9GqrKgYwN9T6b8/tqmSQnFXHHTQqNkKaGvqloZdEXWPVeUqpUs0lRHqQIUMf1omDShucAnfc6qbS0gWctMgr/3L7kholWOpA7rjX4Aoc6qcF7gjRv1ilDBqkAr5l04oKOi0f7adYDkA6fxomFFfoxU1vzUBj1+EqH6IdnA/uE1l51obF51+040tfXmDWmpMU9n1dUQCb2DPCykv33ACv5xCN/lTu/X1hFZjdbSfl8EwPRo9AwCcsFoankr+xgkQqS5MoHcX8dawj6J+gRgjmawQwflD2qINbx5VEUzyWFqZxLu/</e:CipherValue>
</e:CipherData>
</e:EncryptedData>
</o:Security>
</s:Header>
<s:Body u:Id="_0">
<RegisterNewUser xmlns="urn:co.uk/RedmanAPI">
<inputData xmlns:i="http://www.w3.org/2001/XMLSchema-instance">
<Address>
<AbodeNumber>1</AbodeNumber>
...
</inputData>
</RegisterNewUser>
</s:Body>
</s:Envelope>
2013-02-12 10:05:25,118 [14] as service in context of the reseller 'test':
before sending reply: [urn:
co.uk/RedmanAPI/IRedmanAPI/RegisterNewUserResponse],
GUID:[56f9b3e2-3b4d-4332-8c20-064a06314a24], Reply:
<s:Envelope xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:s="
http://www.w3.org/2003/05/soap-envelope">
<s:Header>
<a:Action s:mustUnderstand="1">urn:
co.uk/RedmanAPI/IRedmanAPI/RegisterNewUserResponse</a:Action>
<ActivityId CorrelationId="7255d356-4e94-a4c7-9e63127760a0" xmlns="
http://schemas.microsoft.com/2004/09/ServiceModel/Diagnostics
">d860721b-0c14-44e6-bf52-c2355e</ActivityId>
<a:RelatesTo>urn:uuid:e15ff563-01f2-4063-822a-387ad7088ff6</a:RelatesTo>
</s:Header>
<s:Body>
<RegisterNewUserResponse xmlns="urn:co.uk/RedmanAPI">
<RegisterNewUserResult xmlns:i="
http://www.w3.org/2001/XMLSchema-instance">
<FailureReason i:nil="true" />
<Status>true</Status>
<UserId>5d925d02</UserId>
</RegisterNewUserResult>
</RegisterNewUserResponse>
</s:Body>
</s:Envelope>
I've read *a lot* of internet posts over the last few days trying to get a
handle on this, but with no luck. It seems to be some kind of security
issue but how to get around it?
Any help appreciated.
Alan.
Re: Can't generate CXF client for .NET service
Posted by Colm O hEigeartaigh <co...@apache.org>.
There are WS-SecurityPolicy expressions. CXF can handle parsing these
policies + applying the appropriate security requirements to the
outbound/inbound messages. However, it also contains some non-standard
policies specific to Microsoft, e.g.:
<mssp:SslContextToken xmlns:mssp="
http://schemas.microsoft.com/ws/2005/07/securitypolicy" sp:IncludeToken="
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient
">
As I haven't worked with this policy I can't give any advice on how to
handle it, perhaps someone else with more WCF interop experience could help
you.
Colm.
On Wed, Feb 13, 2013 at 10:15 AM, alan mcsherry <
alan.mcsherry@oddsfutures.com> wrote:
> Hi Colm,
>
> It is exporting a policy at the top (and a policy for every method in and
> every method out...)
>
> I've attached the policy... it doesn't say much to me I confess....
>
> <wsp:Policy wsu:Id="WSHttpBinding_IRedmanAPI_policy">
> <wsp:ExactlyOne>
> <wsp:All>
> <sp:SymmetricBinding xmlns:sp="
> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <wsp:Policy>
> <sp:ProtectionToken>
> <wsp:Policy>
> <sp:SecureConversationToken sp:IncludeToken="
> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient
> ">
> <wsp:Policy>
> <sp:RequireDerivedKeys/>
> <sp:BootstrapPolicy>
> <wsp:Policy>
> <sp:SignedParts>
> <sp:Body/>
> <sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"/>
> <sp:Header Name="From" Namespace="http://www.w3.org/2005/08/addressing"/>
> <sp:Header Name="FaultTo" Namespace="http://www.w3.org/2005/08/addressing
> "/>
> <sp:Header Name="ReplyTo" Namespace="http://www.w3.org/2005/08/addressing
> "/>
> <sp:Header Name="MessageID" Namespace="
> http://www.w3.org/2005/08/addressing"/>
> <sp:Header Name="RelatesTo" Namespace="
> http://www.w3.org/2005/08/addressing"/>
> <sp:Header Name="Action" Namespace="http://www.w3.org/2005/08/addressing
> "/>
> </sp:SignedParts>
> <sp:EncryptedParts>
> <sp:Body/>
> </sp:EncryptedParts>
> <sp:SymmetricBinding>
> <wsp:Policy>
> <sp:ProtectionToken>
> <wsp:Policy>
> <mssp:SslContextToken xmlns:mssp="
> http://schemas.microsoft.com/ws/2005/07/securitypolicy" sp:IncludeToken="
> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient
> ">
> <wsp:Policy>
> <sp:RequireDerivedKeys/>
> </wsp:Policy>
> </mssp:SslContextToken>
> </wsp:Policy>
> </sp:ProtectionToken>
> <sp:AlgorithmSuite>
> <wsp:Policy>
> <sp:Basic256/>
> </wsp:Policy>
> </sp:AlgorithmSuite>
> <sp:Layout>
> <wsp:Policy>
> <sp:Strict/>
> </wsp:Policy>
> </sp:Layout>
> <sp:IncludeTimestamp/>
> <sp:EncryptSignature/>
> <sp:OnlySignEntireHeadersAndBody/>
> </wsp:Policy>
> </sp:SymmetricBinding>
> <sp:SignedSupportingTokens>
> <wsp:Policy>
> <sp:UsernameToken sp:IncludeToken="
> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient
> ">
> <wsp:Policy>
> <sp:WssUsernameToken10/>
> </wsp:Policy>
> </sp:UsernameToken>
> </wsp:Policy>
> </sp:SignedSupportingTokens>
> <sp:Wss11>
> <wsp:Policy/>
> </sp:Wss11>
> <sp:Trust10>
> <wsp:Policy>
> <sp:MustSupportIssuedTokens/>
> <sp:RequireClientEntropy/>
> <sp:RequireServerEntropy/>
> </wsp:Policy>
> </sp:Trust10>
> </wsp:Policy>
> </sp:BootstrapPolicy>
> </wsp:Policy>
> </sp:SecureConversationToken>
> </wsp:Policy>
> </sp:ProtectionToken>
> <sp:AlgorithmSuite>
> <wsp:Policy>
> <sp:Basic256/>
> </wsp:Policy>
> </sp:AlgorithmSuite>
> <sp:Layout>
> <wsp:Policy>
> <sp:Strict/>
> </wsp:Policy>
> </sp:Layout>
> <sp:IncludeTimestamp/>
> <sp:EncryptSignature/>
> <sp:OnlySignEntireHeadersAndBody/>
> </wsp:Policy>
> </sp:SymmetricBinding>
> <sp:Wss11 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <wsp:Policy/>
> </sp:Wss11>
> <sp:Trust10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy
> ">
> <wsp:Policy>
> <sp:MustSupportIssuedTokens/>
> <sp:RequireClientEntropy/>
> <sp:RequireServerEntropy/>
> </wsp:Policy>
> </sp:Trust10>
> <wsaw:UsingAddressing/>
> </wsp:All>
> </wsp:ExactlyOne>
> </wsp:Policy>
>
>
> And for every method (input and output) - something like this ...
>
> <wsp:Policy wsu:Id="WSHttpBinding_IRedmanAPI_RegisterNewUser_Input_policy"
> >
> <wsp:ExactlyOne>
> <wsp:All>
> <sp:SignedParts xmlns:sp="
> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:Body/>
> <sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"/>
> <sp:Header Name="From" Namespace="http://www.w3.org/2005/08/addressing"/>
> <sp:Header Name="FaultTo" Namespace="http://www.w3.org/2005/08/addressing"
> />
> <sp:Header Name="ReplyTo" Namespace="http://www.w3.org/2005/08/addressing"
> />
> <sp:Header Name="MessageID" Namespace="
> http://www.w3.org/2005/08/addressing"/>
> <sp:Header Name="RelatesTo" Namespace="
> http://www.w3.org/2005/08/addressing"/>
> <sp:Header Name="Action" Namespace="http://www.w3.org/2005/08/addressing"
> />
> </sp:SignedParts>
> <sp:EncryptedParts xmlns:sp="
> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:Body/>
> </sp:EncryptedParts>
> </wsp:All>
> </wsp:ExactlyOne>
> </wsp:Policy>
>
> On Wed, Feb 13, 2013 at 10:01 AM, Colm O hEigeartaigh <coheigea@apache.org
> > wrote:
>
>> Hi,
>>
>> The CXF client will need a WSDL with a WS-SecurityPolicy fragment in it
>> describing the security requirements of the service. Take a look at the
>> WSDL your .NET service is exporting. I've never tried doing interop work
>> with a WCF service using the WCF wsHttpBinding, but I believe it can be
>> done.
>>
>> Colm.
>>
>> On Wed, Feb 13, 2013 at 9:26 AM, alan mcsherry <
>> alan.mcsherry@oddsfutures.com> wrote:
>>
>> > Hi,
>> >
>> > I've been involved in developing web services for 2 months now using
>> Apache
>> > CXF and all has gone well.
>> >
>> > Until I needed to interact with an external service generated with
>> .NET. In
>> > this case my client was configured thus:
>> >
>> > <jaxws:client id="redmanApi"
>> > username="test"
>> > password="password"
>> > serviceName="cc:RedmanAPIService"
>> > endpointName="cc:RedmanAPIServiceEndpoint"
>> > address="http://redman.software.com:6580/redmanAPI"
>> > serviceClass="uk.co.redmanapi.IRedmanAPI">
>> > <jaxws:binding>
>> > <soap:soapBinding version="1.2" style="document"/>
>> > </jaxws:binding>
>> > <jaxws:properties>
>> > </jaxws:properties>
>> > </jaxws:client>
>> >
>> > And I get a 'Connection Reset' error. The client cannot send the
>> message. I
>> > cannot seem to configure my client to connect!
>> > I can connect using a .NET client provided to me, it has the following
>> > configuration....
>> >
>> > <system.serviceModel>
>> > <client>
>> > <endpoint
>> > name="WSHttpBinding_IRedmanAPI"
>> > address="http://redman.software.com:6580/RedmanAPI"
>> > binding="wsHttpBinding"
>> > bindingConfiguration="WSHttpBinding_IRedmanAPI"
>> > contract="IRedmanAPI">
>> > <identity>
>> > <dns value="redman.software.com"/>
>> > </identity>
>> > </endpoint>
>> > </client>
>> >
>> > <bindings>
>> > <wsHttpBinding>
>> > <binding name="WSHttpBinding_IRedmanAPI"
>> > bypassProxyOnLocal="false" transactionFlow="false"
>> > hostNameComparisonMode="StrongWildcard"
>> > messageEncoding="Text" textEncoding="utf-8"
>> > useDefaultWebProxy="true"
>> > allowCookies="false">
>> > <security mode="Message">
>> > <message clientCredentialType="UserName"/>
>> > </security>
>> > </binding>
>> > </wsHttpBinding>
>> > </bindings>
>> > </system.serviceModel>
>> >
>> > The successful .NET client interaction looks like this ....(with some
>> > values changed)
>> >
>> > 2013-02-12 10:05:23,230 [14] as service in context of the reseller
>> 'test':
>> > after receiving request: [urn:
>> co.uk/RedmanAPI/IRedmanAPI/RegisterNewUser],
>> > GUID:[56f9b3e2-3b4d-4332-8c20-064a06314a24], Request:
>> > <s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope"
>> xmlns:a="
>> > http://www.w3.org/2005/08/addressing" xmlns:u="
>> >
>> >
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
>> > ">
>> > <s:Header>
>> > <a:Action s:mustUnderstand="1" u:Id="_2">urn:
>> > co.uk/RedmanAPI/IRedmanAPI/RegisterNewUser</a:Action>
>> > <a:MessageID
>> > u:Id="_3">urn:uuid:e15ff563-01f2-4063-822a-387ad7088ff6</a:MessageID>
>> > <a:ReplyTo u:Id="_4">
>> > <a:Address>http://www.w3.org/2005/08/addressing/anonymous
>> > </a:Address>
>> > </a:ReplyTo>
>> > <a:To s:mustUnderstand="1" u:Id="_5">
>> > http://redman.software.com:6580/RedmanAPI</a:To>
>> > <o:Security s:mustUnderstand="1" xmlns:o="
>> >
>> >
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
>> > ">
>> > <u:Timestamp u:Id="uuid-f7a690f2-a8f6-40ff-9f72-8c27cfa366fb-11">
>> > <u:Created>2013-02-12T09:06:20.457Z</u:Created>
>> > <u:Expires>2013-02-12T09:11:20.457Z</u:Expires>
>> > </u:Timestamp>
>> > <c:SecurityContextToken
>> > u:Id="uuid-b82539dc-ca7e-41d4-b68a-1e7bfb9fe6ba-5" xmlns:c="
>> > http://schemas.xmlsoap.org/ws/2005/02/sc">
>> >
>> >
>> <c:Identifier>urn:uuid:b19e1dc9-d1b5-440c-8cae-20cca6c7d6fa</c:Identifier>
>> > </c:SecurityContextToken>
>> > <c:DerivedKeyToken
>> u:Id="uuid-f7a690f2-a8f6-40ff-9f72-8c27cfa366fb-9"
>> > xmlns:c="http://schemas.xmlsoap.org/ws/2005/02/sc">
>> > <o:SecurityTokenReference>
>> > <o:Reference ValueType="
>> > http://schemas.xmlsoap.org/ws/2005/02/sc/sct"
>> > URI="#uuid-b82539dc-ca7e-41d4-b68a-1e7bfb9fe6ba-5" />
>> > </o:SecurityTokenReference>
>> > <c:Offset>0</c:Offset>
>> > <c:Length>24</c:Length>
>> > <c:Nonce>R6PHj4NfkvjXt+b6QMNhKw==</c:Nonce>
>> > </c:DerivedKeyToken>
>> > <c:DerivedKeyToken
>> > u:Id="uuid-f7a690f2-a8f6-40ff-9f72-8c27cfa366fb-10" xmlns:c="
>> > http://schemas.xmlsoap.org/ws/2005/02/sc">
>> > <o:SecurityTokenReference>
>> > <o:Reference ValueType="
>> > http://schemas.xmlsoap.org/ws/2005/02/sc/sct"
>> > URI="#uuid-b82539dc-ca7e-41d4-b68a-1e7bfb9fe6ba-5" />
>> > </o:SecurityTokenReference>
>> > <c:Nonce>NMwqy0hhD24EEPBjG/fXDQ==</c:Nonce>
>> > </c:DerivedKeyToken>
>> > <e:ReferenceList xmlns:e="http://www.w3.org/2001/04/xmlenc#">
>> > <e:DataReference URI="#_1" />
>> > <e:DataReference URI="#_6" />
>> > </e:ReferenceList>
>> > <e:EncryptedData Id="_6" Type="
>> > http://www.w3.org/2001/04/xmlenc#Element" xmlns:e="
>> > http://www.w3.org/2001/04/xmlenc#">
>> > <e:EncryptionMethod Algorithm="
>> > http://www.w3.org/2001/04/xmlenc#aes256-cbc" />
>> > <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
>> > <o:SecurityTokenReference>
>> > <o:Reference ValueType="
>> > http://schemas.xmlsoap.org/ws/2005/02/sc/dk"
>> > URI="#uuid-f7a690f2-a8f6-40ff-9f72-8c27cfa366fb-10" />
>> > </o:SecurityTokenReference>
>> > </KeyInfo>
>> > <e:CipherData>
>> >
>> >
>> >
>> <e:CipherValue>IrgFpb3X7NqcaNDIYLU2SMGpkSV02Ij8Pas3aKr3mG27GvgIMb4IpgSxBR+Cu3kEnVVvUKe9E53sHE8IeVxB72abal+GAmQBgMRST7glWTbfTuTs+8KvlnjnEuspDA/PvZ9+VBifhTAMOBRsKmEOS3CGsKfV1OvkrU/0UsCxwS51C+YwUFNCSarVuo5+u7T+7PJ2IQe8hGcDHKQ97VIM6X+gU//hW3/KaaIH7QceWYnXtj0MbekritXKn0RtBDrM3gNJWVevAstr1n8WbqY0CdsvRXYq3yK/I0ELDDUQQ8ruPmFhb0VxyrO6HYOf3r7K3SRijfr0hXujTDpWLanIVNKCJshpbopqRTTmvcJZzN9UBhWLJxKD/VlkYLzPMEpZ6CQL3b7RJ8x1azGj+D+zHfxa/GLJRng2AqJLJRv8dbp/l5R20vdZBGWxo9K2MQrPWlG+TTkQ1LpnjVTfUzAmxgDXf8UbrYm0YW/ochAMGuuU3RruwsX8nblvBhC3FHa6Hs1hI34q6pK+I1C635rizqbBds7m95bg53DpBlv9X9gcw0/5S5sfnnEMcnFVBIErxqg9uV+4oKRTq7iGeLqnR3Y4RL/pwcoU7/dB9bqm+MVSxG36F+MOGwZGor4ZF7oLfuHezQ663RUCurFhUZoRNtpCE1yHSjivxPEklkwBP8hjAXMT8KNYJR9FwspwNCkqe59JrVQDg31hoaLnQAUWF0CeMWKmyGZmemVxIVgrX8Fv5nIC9SjUAEiEbbFBJQTDYGd/nkVmoTlmniq8NEYJsa9R8vTflqkJUkSi/cNusRoZG43Nen1Z2Vln5/F+wGrG4NjRX/dPMl26K2e4FipYkn8IcoCS/DWECekJNzB6LjYzxJDm2p0eDfQm63dc2HJp3c54rLxeb2nKIt6UbchxtckkggTsKO3MXnlAHobjDVpfKYiwkWJdG9sxyJWpTtx0F4BYNonf/Mi5zLztRplpSq0phmLTDvjnRBubwGPNxl/icurbCSqFzre7bjAhRXDtKisxgtDdoAYgoozvIcIdwxlPQQLbuKb2jvjCYu1mfgjqiEAF4vWtlBoC7rlhDz9lAnbEovPkBb7Bjm/uTuylWeMJ+gKpKxrkdzL1dy3SFU16F0Rvs32v3XE+KdK9c8WWMDGe/FufxMHduLig8QadnFaDxbliJjchovx67AwvKacxkDQT/NrbpXx6YeV0cCH5kynqY4a7uHbivkEZCDZUTYSnkTUcWdTLRN5Z8//rKpF3VSOjk4U5Z5TBji+vcTDcwkyzRYAnBJHS3ssEagd38amSFdgLhfougI0nE7h52SedPvKSOiFtK/nqXEPWtL0iG34upJhmIcw5zpGaF6pKskuTTPZ6X6+qbVYouqqlBrCCpEiDGAA0eNq6UVUjHm5Z064/WLxSt5iEauxwXmbPWasm25aC1rQ6eskZeJDEI0Cg7PUNrYB0Ck/ilnZSwEGzYRNNCPBB5MtCRO1KbjDq5u94YD+gh3OwgYJNxeXkCQdqOxjF6L/yu6ZynQH2txnJe+6THOJHVPbhh0855nwuG0tc449CMxLC9JQvxQzZPdP72g525SWyh+1hPmWSrjkC8svoiItVVQm2JDUdwgekvHV1iDBLxFoYtroSzrawnPx5pvFc+TygIRxxf8GM/t3ufFTd8bj9LWXPxa9ACvTpJjyBoZhJi7wIbJfJNtjKQrfJnGBDE1Ti4YEaSOvuKlDjtGKFpzStcXZWtziUupHb1ofnEsyqwzxjQoZfu3p7/qAGTqSaqmm8QWHNu59tNeONVkbBiYT4Vn/6ro03IH/wdiPGtP3zQPe+pkZRsf0sYMiJxAq21GsbRxbFgOyZ4NIixtIWEkuP1VZ3fDnSCA+jhqsHmP8RTY4LEQxN1MNh6vJdmjpg4zMhF2SrpoM/aaxPu1QEWHcmiEsMcsFn54iJvLMNxrHGLRE8q1SEP6JAIvmZktDs/XFmEYDxifg2vvi470KbFRMU0uJDYu2DRbEUbXtS+tVFB7V/PLihye0QyivvAM3QycYZbAmqQOLSLD8J53/+P66lDU6vDAl8wtN9CJm9J/muKUXexnafrn5X8neA/1Sc9Y061fgQhPt/MNMg6sSluD8Ms/tpTnCecXsZh+OPWYCNzgjtVLE3WGvyJ8k3EI1XLrO1J1yitoZDpSsgdmsF5F5HEgtD9GqrKgYwN9T6b8/tqmSQnFXHHTQqNkKaGvqloZdEXWPVeUqpUs0lRHqQIUMf1omDShucAnfc6qbS0gWctMgr/3L7kholWOpA7rjX4Aoc6qcF7gjRv1ilDBqkAr5l04oKOi0f7adYDkA6fxomFFfoxU1vzUBj1+EqH6IdnA/uE1l51obF51+040tfXmDWmpMU9n1dUQCb2DPCykv33ACv5xCN/lTu/X1hFZjdbSfl8EwPRo9AwCcsFoankr+xgkQqS5MoHcX8dawj6J+gRgjmawQwflD2qINbx5VEUzyWFqZxLu/</e:CipherValue>
>> > </e:CipherData>
>> > </e:EncryptedData>
>> > </o:Security>
>> > </s:Header>
>> > <s:Body u:Id="_0">
>> > <RegisterNewUser xmlns="urn:co.uk/RedmanAPI">
>> > <inputData xmlns:i="http://www.w3.org/2001/XMLSchema-instance">
>> > <Address>
>> > <AbodeNumber>1</AbodeNumber>
>> > ...
>> > </inputData>
>> > </RegisterNewUser>
>> > </s:Body>
>> > </s:Envelope>
>> > 2013-02-12 10:05:25,118 [14] as service in context of the reseller
>> 'test':
>> > before sending reply: [urn:
>> > co.uk/RedmanAPI/IRedmanAPI/RegisterNewUserResponse],
>> > GUID:[56f9b3e2-3b4d-4332-8c20-064a06314a24], Reply:
>> > <s:Envelope xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:s="
>> > http://www.w3.org/2003/05/soap-envelope">
>> > <s:Header>
>> > <a:Action s:mustUnderstand="1">urn:
>> > co.uk/RedmanAPI/IRedmanAPI/RegisterNewUserResponse</a:Action>
>> > <ActivityId CorrelationId="7255d356-4e94-a4c7-9e63127760a0" xmlns="
>> > http://schemas.microsoft.com/2004/09/ServiceModel/Diagnostics
>> > ">d860721b-0c14-44e6-bf52-c2355e</ActivityId>
>> >
>> > <a:RelatesTo>urn:uuid:e15ff563-01f2-4063-822a-387ad7088ff6</a:RelatesTo>
>> > </s:Header>
>> > <s:Body>
>> > <RegisterNewUserResponse xmlns="urn:co.uk/RedmanAPI">
>> > <RegisterNewUserResult xmlns:i="
>> > http://www.w3.org/2001/XMLSchema-instance">
>> > <FailureReason i:nil="true" />
>> > <Status>true</Status>
>> > <UserId>5d925d02</UserId>
>> > </RegisterNewUserResult>
>> > </RegisterNewUserResponse>
>> > </s:Body>
>> > </s:Envelope>
>> >
>> > I've read *a lot* of internet posts over the last few days trying to
>> get a
>> > handle on this, but with no luck. It seems to be some kind of security
>> > issue but how to get around it?
>> > Any help appreciated.
>> >
>> > Alan.
>> >
>>
>>
>>
>> --
>> Colm O hEigeartaigh
>>
>> Talend Community Coder
>> http://coders.talend.com
>>
>
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
Re: Can't generate CXF client for .NET service
Posted by alan mcsherry <al...@oddsfutures.com>.
Hi Colm,
It is exporting a policy at the top (and a policy for every method in and
every method out...)
I've attached the policy... it doesn't say much to me I confess....
<wsp:Policy wsu:Id="WSHttpBinding_IRedmanAPI_policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:SymmetricBinding xmlns:sp="
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:ProtectionToken>
<wsp:Policy>
<sp:SecureConversationToken sp:IncludeToken="
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient
">
<wsp:Policy>
<sp:RequireDerivedKeys/>
<sp:BootstrapPolicy>
<wsp:Policy>
<sp:SignedParts>
<sp:Body/>
<sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="From" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="FaultTo" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="ReplyTo" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="MessageID" Namespace="http://www.w3.org/2005/08/addressing
"/>
<sp:Header Name="RelatesTo" Namespace="http://www.w3.org/2005/08/addressing
"/>
<sp:Header Name="Action" Namespace="http://www.w3.org/2005/08/addressing"/>
</sp:SignedParts>
<sp:EncryptedParts>
<sp:Body/>
</sp:EncryptedParts>
<sp:SymmetricBinding>
<wsp:Policy>
<sp:ProtectionToken>
<wsp:Policy>
<mssp:SslContextToken xmlns:mssp="
http://schemas.microsoft.com/ws/2005/07/securitypolicy" sp:IncludeToken="
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient
">
<wsp:Policy>
<sp:RequireDerivedKeys/>
</wsp:Policy>
</mssp:SslContextToken>
</wsp:Policy>
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic256/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict/>
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp/>
<sp:EncryptSignature/>
<sp:OnlySignEntireHeadersAndBody/>
</wsp:Policy>
</sp:SymmetricBinding>
<sp:SignedSupportingTokens>
<wsp:Policy>
<sp:UsernameToken sp:IncludeToken="
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient
">
<wsp:Policy>
<sp:WssUsernameToken10/>
</wsp:Policy>
</sp:UsernameToken>
</wsp:Policy>
</sp:SignedSupportingTokens>
<sp:Wss11>
<wsp:Policy/>
</sp:Wss11>
<sp:Trust10>
<wsp:Policy>
<sp:MustSupportIssuedTokens/>
<sp:RequireClientEntropy/>
<sp:RequireServerEntropy/>
</wsp:Policy>
</sp:Trust10>
</wsp:Policy>
</sp:BootstrapPolicy>
</wsp:Policy>
</sp:SecureConversationToken>
</wsp:Policy>
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic256/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict/>
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp/>
<sp:EncryptSignature/>
<sp:OnlySignEntireHeadersAndBody/>
</wsp:Policy>
</sp:SymmetricBinding>
<sp:Wss11 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy/>
</sp:Wss11>
<sp:Trust10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:MustSupportIssuedTokens/>
<sp:RequireClientEntropy/>
<sp:RequireServerEntropy/>
</wsp:Policy>
</sp:Trust10>
<wsaw:UsingAddressing/>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
And for every method (input and output) - something like this ...
<wsp:Policy wsu:Id="WSHttpBinding_IRedmanAPI_RegisterNewUser_Input_policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:SignedParts xmlns:sp="
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<sp:Body/>
<sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="From" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="FaultTo" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="ReplyTo" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="MessageID" Namespace="http://www.w3.org/2005/08/addressing"
/>
<sp:Header Name="RelatesTo" Namespace="http://www.w3.org/2005/08/addressing"
/>
<sp:Header Name="Action" Namespace="http://www.w3.org/2005/08/addressing"/>
</sp:SignedParts>
<sp:EncryptedParts xmlns:sp="
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<sp:Body/>
</sp:EncryptedParts>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
On Wed, Feb 13, 2013 at 10:01 AM, Colm O hEigeartaigh
<co...@apache.org>wrote:
> Hi,
>
> The CXF client will need a WSDL with a WS-SecurityPolicy fragment in it
> describing the security requirements of the service. Take a look at the
> WSDL your .NET service is exporting. I've never tried doing interop work
> with a WCF service using the WCF wsHttpBinding, but I believe it can be
> done.
>
> Colm.
>
> On Wed, Feb 13, 2013 at 9:26 AM, alan mcsherry <
> alan.mcsherry@oddsfutures.com> wrote:
>
> > Hi,
> >
> > I've been involved in developing web services for 2 months now using
> Apache
> > CXF and all has gone well.
> >
> > Until I needed to interact with an external service generated with .NET.
> In
> > this case my client was configured thus:
> >
> > <jaxws:client id="redmanApi"
> > username="test"
> > password="password"
> > serviceName="cc:RedmanAPIService"
> > endpointName="cc:RedmanAPIServiceEndpoint"
> > address="http://redman.software.com:6580/redmanAPI"
> > serviceClass="uk.co.redmanapi.IRedmanAPI">
> > <jaxws:binding>
> > <soap:soapBinding version="1.2" style="document"/>
> > </jaxws:binding>
> > <jaxws:properties>
> > </jaxws:properties>
> > </jaxws:client>
> >
> > And I get a 'Connection Reset' error. The client cannot send the
> message. I
> > cannot seem to configure my client to connect!
> > I can connect using a .NET client provided to me, it has the following
> > configuration....
> >
> > <system.serviceModel>
> > <client>
> > <endpoint
> > name="WSHttpBinding_IRedmanAPI"
> > address="http://redman.software.com:6580/RedmanAPI"
> > binding="wsHttpBinding"
> > bindingConfiguration="WSHttpBinding_IRedmanAPI"
> > contract="IRedmanAPI">
> > <identity>
> > <dns value="redman.software.com"/>
> > </identity>
> > </endpoint>
> > </client>
> >
> > <bindings>
> > <wsHttpBinding>
> > <binding name="WSHttpBinding_IRedmanAPI"
> > bypassProxyOnLocal="false" transactionFlow="false"
> > hostNameComparisonMode="StrongWildcard"
> > messageEncoding="Text" textEncoding="utf-8"
> > useDefaultWebProxy="true"
> > allowCookies="false">
> > <security mode="Message">
> > <message clientCredentialType="UserName"/>
> > </security>
> > </binding>
> > </wsHttpBinding>
> > </bindings>
> > </system.serviceModel>
> >
> > The successful .NET client interaction looks like this ....(with some
> > values changed)
> >
> > 2013-02-12 10:05:23,230 [14] as service in context of the reseller
> 'test':
> > after receiving request: [urn:co.uk/RedmanAPI/IRedmanAPI/RegisterNewUser
> ],
> > GUID:[56f9b3e2-3b4d-4332-8c20-064a06314a24], Request:
> > <s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="
> > http://www.w3.org/2005/08/addressing" xmlns:u="
> >
> >
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> > ">
> > <s:Header>
> > <a:Action s:mustUnderstand="1" u:Id="_2">urn:
> > co.uk/RedmanAPI/IRedmanAPI/RegisterNewUser</a:Action>
> > <a:MessageID
> > u:Id="_3">urn:uuid:e15ff563-01f2-4063-822a-387ad7088ff6</a:MessageID>
> > <a:ReplyTo u:Id="_4">
> > <a:Address>http://www.w3.org/2005/08/addressing/anonymous
> > </a:Address>
> > </a:ReplyTo>
> > <a:To s:mustUnderstand="1" u:Id="_5">
> > http://redman.software.com:6580/RedmanAPI</a:To>
> > <o:Security s:mustUnderstand="1" xmlns:o="
> >
> >
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
> > ">
> > <u:Timestamp u:Id="uuid-f7a690f2-a8f6-40ff-9f72-8c27cfa366fb-11">
> > <u:Created>2013-02-12T09:06:20.457Z</u:Created>
> > <u:Expires>2013-02-12T09:11:20.457Z</u:Expires>
> > </u:Timestamp>
> > <c:SecurityContextToken
> > u:Id="uuid-b82539dc-ca7e-41d4-b68a-1e7bfb9fe6ba-5" xmlns:c="
> > http://schemas.xmlsoap.org/ws/2005/02/sc">
> >
> >
> <c:Identifier>urn:uuid:b19e1dc9-d1b5-440c-8cae-20cca6c7d6fa</c:Identifier>
> > </c:SecurityContextToken>
> > <c:DerivedKeyToken
> u:Id="uuid-f7a690f2-a8f6-40ff-9f72-8c27cfa366fb-9"
> > xmlns:c="http://schemas.xmlsoap.org/ws/2005/02/sc">
> > <o:SecurityTokenReference>
> > <o:Reference ValueType="
> > http://schemas.xmlsoap.org/ws/2005/02/sc/sct"
> > URI="#uuid-b82539dc-ca7e-41d4-b68a-1e7bfb9fe6ba-5" />
> > </o:SecurityTokenReference>
> > <c:Offset>0</c:Offset>
> > <c:Length>24</c:Length>
> > <c:Nonce>R6PHj4NfkvjXt+b6QMNhKw==</c:Nonce>
> > </c:DerivedKeyToken>
> > <c:DerivedKeyToken
> > u:Id="uuid-f7a690f2-a8f6-40ff-9f72-8c27cfa366fb-10" xmlns:c="
> > http://schemas.xmlsoap.org/ws/2005/02/sc">
> > <o:SecurityTokenReference>
> > <o:Reference ValueType="
> > http://schemas.xmlsoap.org/ws/2005/02/sc/sct"
> > URI="#uuid-b82539dc-ca7e-41d4-b68a-1e7bfb9fe6ba-5" />
> > </o:SecurityTokenReference>
> > <c:Nonce>NMwqy0hhD24EEPBjG/fXDQ==</c:Nonce>
> > </c:DerivedKeyToken>
> > <e:ReferenceList xmlns:e="http://www.w3.org/2001/04/xmlenc#">
> > <e:DataReference URI="#_1" />
> > <e:DataReference URI="#_6" />
> > </e:ReferenceList>
> > <e:EncryptedData Id="_6" Type="
> > http://www.w3.org/2001/04/xmlenc#Element" xmlns:e="
> > http://www.w3.org/2001/04/xmlenc#">
> > <e:EncryptionMethod Algorithm="
> > http://www.w3.org/2001/04/xmlenc#aes256-cbc" />
> > <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
> > <o:SecurityTokenReference>
> > <o:Reference ValueType="
> > http://schemas.xmlsoap.org/ws/2005/02/sc/dk"
> > URI="#uuid-f7a690f2-a8f6-40ff-9f72-8c27cfa366fb-10" />
> > </o:SecurityTokenReference>
> > </KeyInfo>
> > <e:CipherData>
> >
> >
> >
> <e:CipherValue>IrgFpb3X7NqcaNDIYLU2SMGpkSV02Ij8Pas3aKr3mG27GvgIMb4IpgSxBR+Cu3kEnVVvUKe9E53sHE8IeVxB72abal+GAmQBgMRST7glWTbfTuTs+8KvlnjnEuspDA/PvZ9+VBifhTAMOBRsKmEOS3CGsKfV1OvkrU/0UsCxwS51C+YwUFNCSarVuo5+u7T+7PJ2IQe8hGcDHKQ97VIM6X+gU//hW3/KaaIH7QceWYnXtj0MbekritXKn0RtBDrM3gNJWVevAstr1n8WbqY0CdsvRXYq3yK/I0ELDDUQQ8ruPmFhb0VxyrO6HYOf3r7K3SRijfr0hXujTDpWLanIVNKCJshpbopqRTTmvcJZzN9UBhWLJxKD/VlkYLzPMEpZ6CQL3b7RJ8x1azGj+D+zHfxa/GLJRng2AqJLJRv8dbp/l5R20vdZBGWxo9K2MQrPWlG+TTkQ1LpnjVTfUzAmxgDXf8UbrYm0YW/ochAMGuuU3RruwsX8nblvBhC3FHa6Hs1hI34q6pK+I1C635rizqbBds7m95bg53DpBlv9X9gcw0/5S5sfnnEMcnFVBIErxqg9uV+4oKRTq7iGeLqnR3Y4RL/pwcoU7/dB9bqm+MVSxG36F+MOGwZGor4ZF7oLfuHezQ663RUCurFhUZoRNtpCE1yHSjivxPEklkwBP8hjAXMT8KNYJR9FwspwNCkqe59JrVQDg31hoaLnQAUWF0CeMWKmyGZmemVxIVgrX8Fv5nIC9SjUAEiEbbFBJQTDYGd/nkVmoTlmniq8NEYJsa9R8vTflqkJUkSi/cNusRoZG43Nen1Z2Vln5/F+wGrG4NjRX/dPMl26K2e4FipYkn8IcoCS/DWECekJNzB6LjYzxJDm2p0eDfQm63dc2HJp3c54rLxeb2nKIt6UbchxtckkggTsKO3MXnlAHobjDVpfKYiwkWJdG9sxyJWpTtx0F4BYNonf/Mi5zLztRplpSq0phmLTDvjnRBubwGPNxl/icurbCSqFzre7bjAhRXDtKisxgtDdoAYgoozvIcIdwxlPQQLbuKb2jvjCYu1mfgjqiEAF4vWtlBoC7rlhDz9lAnbEovPkBb7Bjm/uTuylWeMJ+gKpKxrkdzL1dy3SFU16F0Rvs32v3XE+KdK9c8WWMDGe/FufxMHduLig8QadnFaDxbliJjchovx67AwvKacxkDQT/NrbpXx6YeV0cCH5kynqY4a7uHbivkEZCDZUTYSnkTUcWdTLRN5Z8//rKpF3VSOjk4U5Z5TBji+vcTDcwkyzRYAnBJHS3ssEagd38amSFdgLhfougI0nE7h52SedPvKSOiFtK/nqXEPWtL0iG34upJhmIcw5zpGaF6pKskuTTPZ6X6+qbVYouqqlBrCCpEiDGAA0eNq6UVUjHm5Z064/WLxSt5iEauxwXmbPWasm25aC1rQ6eskZeJDEI0Cg7PUNrYB0Ck/ilnZSwEGzYRNNCPBB5MtCRO1KbjDq5u94YD+gh3OwgYJNxeXkCQdqOxjF6L/yu6ZynQH2txnJe+6THOJHVPbhh0855nwuG0tc449CMxLC9JQvxQzZPdP72g525SWyh+1hPmWSrjkC8svoiItVVQm2JDUdwgekvHV1iDBLxFoYtroSzrawnPx5pvFc+TygIRxxf8GM/t3ufFTd8bj9LWXPxa9ACvTpJjyBoZhJi7wIbJfJNtjKQrfJnGBDE1Ti4YEaSOvuKlDjtGKFpzStcXZWtziUupHb1ofnEsyqwzxjQoZfu3p7/qAGTqSaqmm8QWHNu59tNeONVkbBiYT4Vn/6ro03IH/wdiPGtP3zQPe+pkZRsf0sYMiJxAq21GsbRxbFgOyZ4NIixtIWEkuP1VZ3fDnSCA+jhqsHmP8RTY4LEQxN1MNh6vJdmjpg4zMhF2SrpoM/aaxPu1QEWHcmiEsMcsFn54iJvLMNxrHGLRE8q1SEP6JAIvmZktDs/XFmEYDxifg2vvi470KbFRMU0uJDYu2DRbEUbXtS+tVFB7V/PLihye0QyivvAM3QycYZbAmqQOLSLD8J53/+P66lDU6vDAl8wtN9CJm9J/muKUXexnafrn5X8neA/1Sc9Y061fgQhPt/MNMg6sSluD8Ms/tpTnCecXsZh+OPWYCNzgjtVLE3WGvyJ8k3EI1XLrO1J1yitoZDpSsgdmsF5F5HEgtD9GqrKgYwN9T6b8/tqmSQnFXHHTQqNkKaGvqloZdEXWPVeUqpUs0lRHqQIUMf1omDShucAnfc6qbS0gWctMgr/3L7kholWOpA7rjX4Aoc6qcF7gjRv1ilDBqkAr5l04oKOi0f7adYDkA6fxomFFfoxU1vzUBj1+EqH6IdnA/uE1l51obF51+040tfXmDWmpMU9n1dUQCb2DPCykv33ACv5xCN/lTu/X1hFZjdbSfl8EwPRo9AwCcsFoankr+xgkQqS5MoHcX8dawj6J+gRgjmawQwflD2qINbx5VEUzyWFqZxLu/</e:CipherValue>
> > </e:CipherData>
> > </e:EncryptedData>
> > </o:Security>
> > </s:Header>
> > <s:Body u:Id="_0">
> > <RegisterNewUser xmlns="urn:co.uk/RedmanAPI">
> > <inputData xmlns:i="http://www.w3.org/2001/XMLSchema-instance">
> > <Address>
> > <AbodeNumber>1</AbodeNumber>
> > ...
> > </inputData>
> > </RegisterNewUser>
> > </s:Body>
> > </s:Envelope>
> > 2013-02-12 10:05:25,118 [14] as service in context of the reseller
> 'test':
> > before sending reply: [urn:
> > co.uk/RedmanAPI/IRedmanAPI/RegisterNewUserResponse],
> > GUID:[56f9b3e2-3b4d-4332-8c20-064a06314a24], Reply:
> > <s:Envelope xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:s="
> > http://www.w3.org/2003/05/soap-envelope">
> > <s:Header>
> > <a:Action s:mustUnderstand="1">urn:
> > co.uk/RedmanAPI/IRedmanAPI/RegisterNewUserResponse</a:Action>
> > <ActivityId CorrelationId="7255d356-4e94-a4c7-9e63127760a0" xmlns="
> > http://schemas.microsoft.com/2004/09/ServiceModel/Diagnostics
> > ">d860721b-0c14-44e6-bf52-c2355e</ActivityId>
> >
> > <a:RelatesTo>urn:uuid:e15ff563-01f2-4063-822a-387ad7088ff6</a:RelatesTo>
> > </s:Header>
> > <s:Body>
> > <RegisterNewUserResponse xmlns="urn:co.uk/RedmanAPI">
> > <RegisterNewUserResult xmlns:i="
> > http://www.w3.org/2001/XMLSchema-instance">
> > <FailureReason i:nil="true" />
> > <Status>true</Status>
> > <UserId>5d925d02</UserId>
> > </RegisterNewUserResult>
> > </RegisterNewUserResponse>
> > </s:Body>
> > </s:Envelope>
> >
> > I've read *a lot* of internet posts over the last few days trying to get
> a
> > handle on this, but with no luck. It seems to be some kind of security
> > issue but how to get around it?
> > Any help appreciated.
> >
> > Alan.
> >
>
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>
Re: Can't generate CXF client for .NET service
Posted by Colm O hEigeartaigh <co...@apache.org>.
Hi,
The CXF client will need a WSDL with a WS-SecurityPolicy fragment in it
describing the security requirements of the service. Take a look at the
WSDL your .NET service is exporting. I've never tried doing interop work
with a WCF service using the WCF wsHttpBinding, but I believe it can be
done.
Colm.
On Wed, Feb 13, 2013 at 9:26 AM, alan mcsherry <
alan.mcsherry@oddsfutures.com> wrote:
> Hi,
>
> I've been involved in developing web services for 2 months now using Apache
> CXF and all has gone well.
>
> Until I needed to interact with an external service generated with .NET. In
> this case my client was configured thus:
>
> <jaxws:client id="redmanApi"
> username="test"
> password="password"
> serviceName="cc:RedmanAPIService"
> endpointName="cc:RedmanAPIServiceEndpoint"
> address="http://redman.software.com:6580/redmanAPI"
> serviceClass="uk.co.redmanapi.IRedmanAPI">
> <jaxws:binding>
> <soap:soapBinding version="1.2" style="document"/>
> </jaxws:binding>
> <jaxws:properties>
> </jaxws:properties>
> </jaxws:client>
>
> And I get a 'Connection Reset' error. The client cannot send the message. I
> cannot seem to configure my client to connect!
> I can connect using a .NET client provided to me, it has the following
> configuration....
>
> <system.serviceModel>
> <client>
> <endpoint
> name="WSHttpBinding_IRedmanAPI"
> address="http://redman.software.com:6580/RedmanAPI"
> binding="wsHttpBinding"
> bindingConfiguration="WSHttpBinding_IRedmanAPI"
> contract="IRedmanAPI">
> <identity>
> <dns value="redman.software.com"/>
> </identity>
> </endpoint>
> </client>
>
> <bindings>
> <wsHttpBinding>
> <binding name="WSHttpBinding_IRedmanAPI"
> bypassProxyOnLocal="false" transactionFlow="false"
> hostNameComparisonMode="StrongWildcard"
> messageEncoding="Text" textEncoding="utf-8"
> useDefaultWebProxy="true"
> allowCookies="false">
> <security mode="Message">
> <message clientCredentialType="UserName"/>
> </security>
> </binding>
> </wsHttpBinding>
> </bindings>
> </system.serviceModel>
>
> The successful .NET client interaction looks like this ....(with some
> values changed)
>
> 2013-02-12 10:05:23,230 [14] as service in context of the reseller 'test':
> after receiving request: [urn:co.uk/RedmanAPI/IRedmanAPI/RegisterNewUser],
> GUID:[56f9b3e2-3b4d-4332-8c20-064a06314a24], Request:
> <s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="
> http://www.w3.org/2005/08/addressing" xmlns:u="
>
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> ">
> <s:Header>
> <a:Action s:mustUnderstand="1" u:Id="_2">urn:
> co.uk/RedmanAPI/IRedmanAPI/RegisterNewUser</a:Action>
> <a:MessageID
> u:Id="_3">urn:uuid:e15ff563-01f2-4063-822a-387ad7088ff6</a:MessageID>
> <a:ReplyTo u:Id="_4">
> <a:Address>http://www.w3.org/2005/08/addressing/anonymous
> </a:Address>
> </a:ReplyTo>
> <a:To s:mustUnderstand="1" u:Id="_5">
> http://redman.software.com:6580/RedmanAPI</a:To>
> <o:Security s:mustUnderstand="1" xmlns:o="
>
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
> ">
> <u:Timestamp u:Id="uuid-f7a690f2-a8f6-40ff-9f72-8c27cfa366fb-11">
> <u:Created>2013-02-12T09:06:20.457Z</u:Created>
> <u:Expires>2013-02-12T09:11:20.457Z</u:Expires>
> </u:Timestamp>
> <c:SecurityContextToken
> u:Id="uuid-b82539dc-ca7e-41d4-b68a-1e7bfb9fe6ba-5" xmlns:c="
> http://schemas.xmlsoap.org/ws/2005/02/sc">
>
> <c:Identifier>urn:uuid:b19e1dc9-d1b5-440c-8cae-20cca6c7d6fa</c:Identifier>
> </c:SecurityContextToken>
> <c:DerivedKeyToken u:Id="uuid-f7a690f2-a8f6-40ff-9f72-8c27cfa366fb-9"
> xmlns:c="http://schemas.xmlsoap.org/ws/2005/02/sc">
> <o:SecurityTokenReference>
> <o:Reference ValueType="
> http://schemas.xmlsoap.org/ws/2005/02/sc/sct"
> URI="#uuid-b82539dc-ca7e-41d4-b68a-1e7bfb9fe6ba-5" />
> </o:SecurityTokenReference>
> <c:Offset>0</c:Offset>
> <c:Length>24</c:Length>
> <c:Nonce>R6PHj4NfkvjXt+b6QMNhKw==</c:Nonce>
> </c:DerivedKeyToken>
> <c:DerivedKeyToken
> u:Id="uuid-f7a690f2-a8f6-40ff-9f72-8c27cfa366fb-10" xmlns:c="
> http://schemas.xmlsoap.org/ws/2005/02/sc">
> <o:SecurityTokenReference>
> <o:Reference ValueType="
> http://schemas.xmlsoap.org/ws/2005/02/sc/sct"
> URI="#uuid-b82539dc-ca7e-41d4-b68a-1e7bfb9fe6ba-5" />
> </o:SecurityTokenReference>
> <c:Nonce>NMwqy0hhD24EEPBjG/fXDQ==</c:Nonce>
> </c:DerivedKeyToken>
> <e:ReferenceList xmlns:e="http://www.w3.org/2001/04/xmlenc#">
> <e:DataReference URI="#_1" />
> <e:DataReference URI="#_6" />
> </e:ReferenceList>
> <e:EncryptedData Id="_6" Type="
> http://www.w3.org/2001/04/xmlenc#Element" xmlns:e="
> http://www.w3.org/2001/04/xmlenc#">
> <e:EncryptionMethod Algorithm="
> http://www.w3.org/2001/04/xmlenc#aes256-cbc" />
> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
> <o:SecurityTokenReference>
> <o:Reference ValueType="
> http://schemas.xmlsoap.org/ws/2005/02/sc/dk"
> URI="#uuid-f7a690f2-a8f6-40ff-9f72-8c27cfa366fb-10" />
> </o:SecurityTokenReference>
> </KeyInfo>
> <e:CipherData>
>
>
> <e:CipherValue>IrgFpb3X7NqcaNDIYLU2SMGpkSV02Ij8Pas3aKr3mG27GvgIMb4IpgSxBR+Cu3kEnVVvUKe9E53sHE8IeVxB72abal+GAmQBgMRST7glWTbfTuTs+8KvlnjnEuspDA/PvZ9+VBifhTAMOBRsKmEOS3CGsKfV1OvkrU/0UsCxwS51C+YwUFNCSarVuo5+u7T+7PJ2IQe8hGcDHKQ97VIM6X+gU//hW3/KaaIH7QceWYnXtj0MbekritXKn0RtBDrM3gNJWVevAstr1n8WbqY0CdsvRXYq3yK/I0ELDDUQQ8ruPmFhb0VxyrO6HYOf3r7K3SRijfr0hXujTDpWLanIVNKCJshpbopqRTTmvcJZzN9UBhWLJxKD/VlkYLzPMEpZ6CQL3b7RJ8x1azGj+D+zHfxa/GLJRng2AqJLJRv8dbp/l5R20vdZBGWxo9K2MQrPWlG+TTkQ1LpnjVTfUzAmxgDXf8UbrYm0YW/ochAMGuuU3RruwsX8nblvBhC3FHa6Hs1hI34q6pK+I1C635rizqbBds7m95bg53DpBlv9X9gcw0/5S5sfnnEMcnFVBIErxqg9uV+4oKRTq7iGeLqnR3Y4RL/pwcoU7/dB9bqm+MVSxG36F+MOGwZGor4ZF7oLfuHezQ663RUCurFhUZoRNtpCE1yHSjivxPEklkwBP8hjAXMT8KNYJR9FwspwNCkqe59JrVQDg31hoaLnQAUWF0CeMWKmyGZmemVxIVgrX8Fv5nIC9SjUAEiEbbFBJQTDYGd/nkVmoTlmniq8NEYJsa9R8vTflqkJUkSi/cNusRoZG43Nen1Z2Vln5/F+wGrG4NjRX/dPMl26K2e4FipYkn8IcoCS/DWECekJNzB6LjYzxJDm2p0eDfQm63dc2HJp3c54rLxeb2nKIt6UbchxtckkggTsKO3MXnlAHobjDVpfKYiwkWJdG9sxyJWpTtx0F4BYNonf/Mi5zLztRplpSq0phmLTDvjnRBubwGPNxl/icurbCSqFzre7bjAhRXDtKisxgtDdoAYgoozvIcIdwxlPQQLbuKb2jvjCYu1mfgjqiEAF4vWtlBoC7rlhDz9lAnbEovPkBb7Bjm/uTuylWeMJ+gKpKxrkdzL1dy3SFU16F0Rvs32v3XE+KdK9c8WWMDGe/FufxMHduLig8QadnFaDxbliJjchovx67AwvKacxkDQT/NrbpXx6YeV0cCH5kynqY4a7uHbivkEZCDZUTYSnkTUcWdTLRN5Z8//rKpF3VSOjk4U5Z5TBji+vcTDcwkyzRYAnBJHS3ssEagd38amSFdgLhfougI0nE7h52SedPvKSOiFtK/nqXEPWtL0iG34upJhmIcw5zpGaF6pKskuTTPZ6X6+qbVYouqqlBrCCpEiDGAA0eNq6UVUjHm5Z064/WLxSt5iEauxwXmbPWasm25aC1rQ6eskZeJDEI0Cg7PUNrYB0Ck/ilnZSwEGzYRNNCPBB5MtCRO1KbjDq5u94YD+gh3OwgYJNxeXkCQdqOxjF6L/yu6ZynQH2txnJe+6THOJHVPbhh0855nwuG0tc449CMxLC9JQvxQzZPdP72g525SWyh+1hPmWSrjkC8svoiItVVQm2JDUdwgekvHV1iDBLxFoYtroSzrawnPx5pvFc+TygIRxxf8GM/t3ufFTd8bj9LWXPxa9ACvTpJjyBoZhJi7wIbJfJNtjKQrfJnGBDE1Ti4YEaSOvuKlDjtGKFpzStcXZWtziUupHb1ofnEsyqwzxjQoZfu3p7/qAGTqSaqmm8QWHNu59tNeONVkbBiYT4Vn/6ro03IH/wdiPGtP3zQPe+pkZRsf0sYMiJxAq21GsbRxbFgOyZ4NIixtIWEkuP1VZ3fDnSCA+jhqsHmP8RTY4LEQxN1MNh6vJdmjpg4zMhF2SrpoM/aaxPu1QEWHcmiEsMcsFn54iJvLMNxrHGLRE8q1SEP6JAIvmZktDs/XFmEYDxifg2vvi470KbFRMU0uJDYu2DRbEUbXtS+tVFB7V/PLihye0QyivvAM3QycYZbAmqQOLSLD8J53/+P66lDU6vDAl8wtN9CJm9J/muKUXexnafrn5X8neA/1Sc9Y061fgQhPt/MNMg6sSluD8Ms/tpTnCecXsZh+OPWYCNzgjtVLE3WGvyJ8k3EI1XLrO1J1yitoZDpSsgdmsF5F5HEgtD9GqrKgYwN9T6b8/tqmSQnFXHHTQqNkKaGvqloZdEXWPVeUqpUs0lRHqQIUMf1omDShucAnfc6qbS0gWctMgr/3L7kholWOpA7rjX4Aoc6qcF7gjRv1ilDBqkAr5l04oKOi0f7adYDkA6fxomFFfoxU1vzUBj1+EqH6IdnA/uE1l51obF51+040tfXmDWmpMU9n1dUQCb2DPCykv33ACv5xCN/lTu/X1hFZjdbSfl8EwPRo9AwCcsFoankr+xgkQqS5MoHcX8dawj6J+gRgjmawQwflD2qINbx5VEUzyWFqZxLu/</e:CipherValue>
> </e:CipherData>
> </e:EncryptedData>
> </o:Security>
> </s:Header>
> <s:Body u:Id="_0">
> <RegisterNewUser xmlns="urn:co.uk/RedmanAPI">
> <inputData xmlns:i="http://www.w3.org/2001/XMLSchema-instance">
> <Address>
> <AbodeNumber>1</AbodeNumber>
> ...
> </inputData>
> </RegisterNewUser>
> </s:Body>
> </s:Envelope>
> 2013-02-12 10:05:25,118 [14] as service in context of the reseller 'test':
> before sending reply: [urn:
> co.uk/RedmanAPI/IRedmanAPI/RegisterNewUserResponse],
> GUID:[56f9b3e2-3b4d-4332-8c20-064a06314a24], Reply:
> <s:Envelope xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:s="
> http://www.w3.org/2003/05/soap-envelope">
> <s:Header>
> <a:Action s:mustUnderstand="1">urn:
> co.uk/RedmanAPI/IRedmanAPI/RegisterNewUserResponse</a:Action>
> <ActivityId CorrelationId="7255d356-4e94-a4c7-9e63127760a0" xmlns="
> http://schemas.microsoft.com/2004/09/ServiceModel/Diagnostics
> ">d860721b-0c14-44e6-bf52-c2355e</ActivityId>
>
> <a:RelatesTo>urn:uuid:e15ff563-01f2-4063-822a-387ad7088ff6</a:RelatesTo>
> </s:Header>
> <s:Body>
> <RegisterNewUserResponse xmlns="urn:co.uk/RedmanAPI">
> <RegisterNewUserResult xmlns:i="
> http://www.w3.org/2001/XMLSchema-instance">
> <FailureReason i:nil="true" />
> <Status>true</Status>
> <UserId>5d925d02</UserId>
> </RegisterNewUserResult>
> </RegisterNewUserResponse>
> </s:Body>
> </s:Envelope>
>
> I've read *a lot* of internet posts over the last few days trying to get a
> handle on this, but with no luck. It seems to be some kind of security
> issue but how to get around it?
> Any help appreciated.
>
> Alan.
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com