You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by Martin Fernau <ma...@fernausoft.de> on 2016/10/20 08:00:00 UTC
ws-policy/ws-security and a encrypted header part
Hi,
is it possible to call a webservice with the following ws-security content:
--cut
<wsp:Policy
wsu:Id="CustomBinding_IServiceCustomer_InsertCustomer_Input_policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:SignedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<sp:Body/>
<sp:Header Name="FfeHeader"
Namespace="http://tempuri.org/"/>
<sp:Header Name="To"
Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="From"
Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="FaultTo"
Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="ReplyTo"
Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="MessageID"
Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="RelatesTo"
Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="Action"
Namespace="http://www.w3.org/2005/08/addressing"/>
</sp:SignedParts>
<sp:EncryptedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<sp:Body/>
<sp:Header Name="FfeHeader"
Namespace="http://tempuri.org/"/>
</sp:EncryptedParts>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
--cut
The problematic part is the "FfeHeader" which needs to be encrypted and
signed.
All the other parts are working (as far as I can tell).
If I use wsdl2java a class file for the FfeHeader-Type is generated but
I can find a way how to add it to my request. Thus the resulting request
contains no such header and therefore the server fails to understand my
request:
--cut
Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: Object
reference not set to an instance of an object.
--cut
I only know the following way to add a custom header to my request:
--cut
ObjectFactory of = new ObjectFactory();
List<Header> headersList = new ArrayList<Header>();
// HeaderType is the generated class for FfeHeader
HeaderType type = of.createHeaderType();
// call several setters on 'type'
[...]
Header ffeHeader = new Header(new QName("http://tempuri.org",
"FfeHeader"), type, new JAXBDataBinding(HeaderType.class));
headersList.add(ffeHeader);
client.getRequestContext().put(Header.HEADER_LIST, headersList);
--cut
But this way the FfeHeader is neither signed nor encrypted and the call
fails with exact the same error message.
I would appreciate any kind of help.
Thanks
Martin
Re: ws-policy/ws-security and a encrypted header part
Posted by Martin Fernau <ma...@fernausoft.de>.
Unfortunately I'm not the developer of this service and afaik it's an
IIS Server with .NET stuff behind the scene.
But I'm in touch with the developer (more or less...).
I've another problem with exact the same service but different method.
This method does not require the additional encrypted header and accepts
my request. Thus, for my above problem I think there is something wrong
with the header.
But for my second problem I'm going to create a new topic.
Martin
Am 26.10.2016 um 16:31 schrieb Colm O hEigeartaigh:
> If it's a CXF service then turn on debug logging to figure out why it is
> rejecting the message.
>
> Colm.
>
> On Wed, Oct 26, 2016 at 3:29 PM, Martin Fernau <ma...@fernausoft.de>
> wrote:
>
>> Thanks a lot.
>> It turns out that I already implemented it this way but simply did a
>> mistake for the namespace.
>> After correction the outgoing XML seems to be correct.
>> Nonetheless the request is rejected with "An error occurred when verifying
>> security for the message."
>>
>> Thanks
>> Martin
>>
>> Am 24.10.2016 um 13:21 schrieb Colm O hEigeartaigh:
>>
>>> Yes it's possible to add headers and sign and encrypt them. There is a
>>> test
>>> which demonstrates how to do this for encryption, although Signature works
>>> as well:
>>>
>>> https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=blob;f=s
>>> ystests/ws-security/src/test/java/org/apache/cxf/systest/ws/
>>> x509/X509TokenTest.java;h=55b8298aa93bed4622c3f2f283a04b8294
>>> 725aad;hb=HEAD
>>>
>>> See "testKeyIdentifier2". The header is added with:
>>>
>>> List<Header> headers = new ArrayList<Header>();
>>> Header dummyHeader = new Header(new QName("uri:org.apache.cxf", "dummy"),
>>> "dummy-header",
>>> new
>>> JAXBDataBinding(String.class));
>>> headers.add(dummyHeader);
>>> ((BindingProvider)x509Port).getRequestContext().put(Header.HEADER_LIST,
>>> headers);
>>>
>>> The WSDL is here. You can see that the header is added to the encryption
>>> parts for the "DoubleIt2" operation:
>>>
>>> https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=blob;f=s
>>> ystests/ws-security/src/test/resources/org/apache/cxf/systes
>>> t/ws/x509/DoubleItOperations.wsdl;h=836f02e0c4c7ae851f4f475
>>> ca84a17724dbf2236;hb=HEAD
>>>
>>> On Mon, Oct 24, 2016 at 10:19 AM, Martin Fernau <
>>> martin.fernau@fernausoft.de
>>>
>>>> wrote:
>>>> No one?
>>>>
>>>> Is it not possible with CXF or is it an unusual demand?
>>>> I need to consume this webservice. If its not possible with CXF I need to
>>>> find another way but I'd like to stick with CXF.
>>>>
>>>> Thanks
>>>> Martin
>>>>
>>>>
>>>> Am 20.10.2016 um 10:00 schrieb Martin Fernau:
>>>>
>>>> Hi,
>>>>> is it possible to call a webservice with the following ws-security
>>>>> content:
>>>>> --cut
>>>>> <wsp:Policy wsu:Id="CustomBinding_IService
>>>>> Customer_InsertCustomer_Input_policy">
>>>>> <wsp:ExactlyOne>
>>>>> <wsp:All>
>>>>> <sp:SignedParts xmlns:sp="http://schemas.xmlso
>>>>> ap.org/ws/2005/07/securitypolicy">
>>>>> <sp:Body/>
>>>>> <sp:Header Name="FfeHeader" Namespace="
>>>>> http://tempuri.org/"/>
>>>>> <sp:Header Name="To" Namespace="
>>>>> http://www.w3.org/2
>>>>> 005/08/addressing"/>
>>>>> <sp:Header Name="From" Namespace="
>>>>> http://www.w3.org/2
>>>>> 005/08/addressing"/>
>>>>> <sp:Header Name="FaultTo" Namespace="
>>>>> http://www.w3.org/2005/08/addressing"/>
>>>>> <sp:Header Name="ReplyTo" Namespace="
>>>>> http://www.w3.org/2005/08/addressing"/>
>>>>> <sp:Header Name="MessageID" Namespace="
>>>>> http://www.w3.org/2005/08/addressing"/>
>>>>> <sp:Header Name="RelatesTo" Namespace="
>>>>> http://www.w3.org/2005/08/addressing"/>
>>>>> <sp:Header Name="Action" Namespace="
>>>>> http://www.w3.org/2005/08/addressing"/>
>>>>> </sp:SignedParts>
>>>>> <sp:EncryptedParts xmlns:sp="http://schemas.xmlso
>>>>> ap.org/ws/2005/07/securitypolicy">
>>>>> <sp:Body/>
>>>>> <sp:Header Name="FfeHeader" Namespace="
>>>>> http://tempuri.org/"/>
>>>>> </sp:EncryptedParts>
>>>>> </wsp:All>
>>>>> </wsp:ExactlyOne>
>>>>> </wsp:Policy>
>>>>> --cut
>>>>>
>>>>> The problematic part is the "FfeHeader" which needs to be encrypted and
>>>>> signed.
>>>>> All the other parts are working (as far as I can tell).
>>>>> If I use wsdl2java a class file for the FfeHeader-Type is generated but
>>>>> I
>>>>> can find a way how to add it to my request. Thus the resulting request
>>>>> contains no such header and therefore the server fails to understand my
>>>>> request:
>>>>> --cut
>>>>> Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: Object
>>>>> reference not set to an instance of an object.
>>>>> --cut
>>>>>
>>>>> I only know the following way to add a custom header to my request:
>>>>> --cut
>>>>> ObjectFactory of = new ObjectFactory();
>>>>> List<Header> headersList = new ArrayList<Header>();
>>>>> // HeaderType is the generated class for FfeHeader
>>>>> HeaderType type = of.createHeaderType();
>>>>> // call several setters on 'type'
>>>>> [...]
>>>>>
>>>>> Header ffeHeader = new Header(new QName("http://tempuri.org",
>>>>> "FfeHeader"), type, new JAXBDataBinding(HeaderType.class));
>>>>> headersList.add(ffeHeader);
>>>>> client.getRequestContext().put(Header.HEADER_LIST, headersList);
>>>>> --cut
>>>>> But this way the FfeHeader is neither signed nor encrypted and the call
>>>>> fails with exact the same error message.
>>>>>
>>>>> I would appreciate any kind of help.
>>>>>
>>>>> Thanks
>>>>> Martin
>>>>>
>>>>>
>>>>
>>>
>> --
>> FERNAUSOFT GmbH
>> Gartenstra�e 42 - 37269 Eschwege
>>
>> Telefon (0 56 51) 95 99-0
>> Telefax (0 56 51) 95 99-90
>>
>> eMail martin.fernau@fernausoft.de
>> Internet http://www.fernausoft.de
>>
>> Handelsregister Eschwege, HRB 1585
>> Gesch�ftsf�hrer: Axel Fernau, Ulrich Fernau, Martin Fernau
>> Steuernummer 025 233 00041
>> USt-ID-Nr. DE 178 554 622
>>
>>
>>
>
>
--
FERNAUSOFT GmbH
Gartenstra�e 42 - 37269 Eschwege
Telefon (0 56 51) 95 99-0
Telefax (0 56 51) 95 99-90
eMail martin.fernau@fernausoft.de
Internet http://www.fernausoft.de
Handelsregister Eschwege, HRB 1585
Gesch�ftsf�hrer: Axel Fernau, Ulrich Fernau, Martin Fernau
Steuernummer 025 233 00041
USt-ID-Nr. DE 178 554 622
Re: ws-policy/ws-security and a encrypted header part
Posted by Colm O hEigeartaigh <co...@apache.org>.
If it's a CXF service then turn on debug logging to figure out why it is
rejecting the message.
Colm.
On Wed, Oct 26, 2016 at 3:29 PM, Martin Fernau <ma...@fernausoft.de>
wrote:
> Thanks a lot.
> It turns out that I already implemented it this way but simply did a
> mistake for the namespace.
> After correction the outgoing XML seems to be correct.
> Nonetheless the request is rejected with "An error occurred when verifying
> security for the message."
>
> Thanks
> Martin
>
> Am 24.10.2016 um 13:21 schrieb Colm O hEigeartaigh:
>
>> Yes it's possible to add headers and sign and encrypt them. There is a
>> test
>> which demonstrates how to do this for encryption, although Signature works
>> as well:
>>
>> https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=blob;f=s
>> ystests/ws-security/src/test/java/org/apache/cxf/systest/ws/
>> x509/X509TokenTest.java;h=55b8298aa93bed4622c3f2f283a04b8294
>> 725aad;hb=HEAD
>>
>> See "testKeyIdentifier2". The header is added with:
>>
>> List<Header> headers = new ArrayList<Header>();
>> Header dummyHeader = new Header(new QName("uri:org.apache.cxf", "dummy"),
>> "dummy-header",
>> new
>> JAXBDataBinding(String.class));
>> headers.add(dummyHeader);
>> ((BindingProvider)x509Port).getRequestContext().put(Header.HEADER_LIST,
>> headers);
>>
>> The WSDL is here. You can see that the header is added to the encryption
>> parts for the "DoubleIt2" operation:
>>
>> https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=blob;f=s
>> ystests/ws-security/src/test/resources/org/apache/cxf/systes
>> t/ws/x509/DoubleItOperations.wsdl;h=836f02e0c4c7ae851f4f475
>> ca84a17724dbf2236;hb=HEAD
>>
>> On Mon, Oct 24, 2016 at 10:19 AM, Martin Fernau <
>> martin.fernau@fernausoft.de
>>
>>> wrote:
>>> No one?
>>>
>>> Is it not possible with CXF or is it an unusual demand?
>>> I need to consume this webservice. If its not possible with CXF I need to
>>> find another way but I'd like to stick with CXF.
>>>
>>> Thanks
>>> Martin
>>>
>>>
>>> Am 20.10.2016 um 10:00 schrieb Martin Fernau:
>>>
>>> Hi,
>>>>
>>>> is it possible to call a webservice with the following ws-security
>>>> content:
>>>> --cut
>>>> <wsp:Policy wsu:Id="CustomBinding_IService
>>>> Customer_InsertCustomer_Input_policy">
>>>> <wsp:ExactlyOne>
>>>> <wsp:All>
>>>> <sp:SignedParts xmlns:sp="http://schemas.xmlso
>>>> ap.org/ws/2005/07/securitypolicy">
>>>> <sp:Body/>
>>>> <sp:Header Name="FfeHeader" Namespace="
>>>> http://tempuri.org/"/>
>>>> <sp:Header Name="To" Namespace="
>>>> http://www.w3.org/2
>>>> 005/08/addressing"/>
>>>> <sp:Header Name="From" Namespace="
>>>> http://www.w3.org/2
>>>> 005/08/addressing"/>
>>>> <sp:Header Name="FaultTo" Namespace="
>>>> http://www.w3.org/2005/08/addressing"/>
>>>> <sp:Header Name="ReplyTo" Namespace="
>>>> http://www.w3.org/2005/08/addressing"/>
>>>> <sp:Header Name="MessageID" Namespace="
>>>> http://www.w3.org/2005/08/addressing"/>
>>>> <sp:Header Name="RelatesTo" Namespace="
>>>> http://www.w3.org/2005/08/addressing"/>
>>>> <sp:Header Name="Action" Namespace="
>>>> http://www.w3.org/2005/08/addressing"/>
>>>> </sp:SignedParts>
>>>> <sp:EncryptedParts xmlns:sp="http://schemas.xmlso
>>>> ap.org/ws/2005/07/securitypolicy">
>>>> <sp:Body/>
>>>> <sp:Header Name="FfeHeader" Namespace="
>>>> http://tempuri.org/"/>
>>>> </sp:EncryptedParts>
>>>> </wsp:All>
>>>> </wsp:ExactlyOne>
>>>> </wsp:Policy>
>>>> --cut
>>>>
>>>> The problematic part is the "FfeHeader" which needs to be encrypted and
>>>> signed.
>>>> All the other parts are working (as far as I can tell).
>>>> If I use wsdl2java a class file for the FfeHeader-Type is generated but
>>>> I
>>>> can find a way how to add it to my request. Thus the resulting request
>>>> contains no such header and therefore the server fails to understand my
>>>> request:
>>>> --cut
>>>> Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: Object
>>>> reference not set to an instance of an object.
>>>> --cut
>>>>
>>>> I only know the following way to add a custom header to my request:
>>>> --cut
>>>> ObjectFactory of = new ObjectFactory();
>>>> List<Header> headersList = new ArrayList<Header>();
>>>> // HeaderType is the generated class for FfeHeader
>>>> HeaderType type = of.createHeaderType();
>>>> // call several setters on 'type'
>>>> [...]
>>>>
>>>> Header ffeHeader = new Header(new QName("http://tempuri.org",
>>>> "FfeHeader"), type, new JAXBDataBinding(HeaderType.class));
>>>> headersList.add(ffeHeader);
>>>> client.getRequestContext().put(Header.HEADER_LIST, headersList);
>>>> --cut
>>>> But this way the FfeHeader is neither signed nor encrypted and the call
>>>> fails with exact the same error message.
>>>>
>>>> I would appreciate any kind of help.
>>>>
>>>> Thanks
>>>> Martin
>>>>
>>>>
>>>
>>>
>>
>>
> --
> FERNAUSOFT GmbH
> Gartenstraße 42 - 37269 Eschwege
>
> Telefon (0 56 51) 95 99-0
> Telefax (0 56 51) 95 99-90
>
> eMail martin.fernau@fernausoft.de
> Internet http://www.fernausoft.de
>
> Handelsregister Eschwege, HRB 1585
> Geschäftsführer: Axel Fernau, Ulrich Fernau, Martin Fernau
> Steuernummer 025 233 00041
> USt-ID-Nr. DE 178 554 622
>
>
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
Re: ws-policy/ws-security and a encrypted header part
Posted by Martin Fernau <ma...@fernausoft.de>.
Thanks a lot.
It turns out that I already implemented it this way but simply did a
mistake for the namespace.
After correction the outgoing XML seems to be correct.
Nonetheless the request is rejected with "An error occurred when
verifying security for the message."
Thanks
Martin
Am 24.10.2016 um 13:21 schrieb Colm O hEigeartaigh:
> Yes it's possible to add headers and sign and encrypt them. There is a test
> which demonstrates how to do this for encryption, although Signature works
> as well:
>
> https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=blob;f=systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java;h=55b8298aa93bed4622c3f2f283a04b8294725aad;hb=HEAD
>
> See "testKeyIdentifier2". The header is added with:
>
> List<Header> headers = new ArrayList<Header>();
> Header dummyHeader = new Header(new QName("uri:org.apache.cxf", "dummy"),
> "dummy-header",
> new JAXBDataBinding(String.class));
> headers.add(dummyHeader);
> ((BindingProvider)x509Port).getRequestContext().put(Header.HEADER_LIST,
> headers);
>
> The WSDL is here. You can see that the header is added to the encryption
> parts for the "DoubleIt2" operation:
>
> https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=blob;f=systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItOperations.wsdl;h=836f02e0c4c7ae851f4f475ca84a17724dbf2236;hb=HEAD
>
> On Mon, Oct 24, 2016 at 10:19 AM, Martin Fernau <martin.fernau@fernausoft.de
>> wrote:
>> No one?
>>
>> Is it not possible with CXF or is it an unusual demand?
>> I need to consume this webservice. If its not possible with CXF I need to
>> find another way but I'd like to stick with CXF.
>>
>> Thanks
>> Martin
>>
>>
>> Am 20.10.2016 um 10:00 schrieb Martin Fernau:
>>
>>> Hi,
>>>
>>> is it possible to call a webservice with the following ws-security
>>> content:
>>> --cut
>>> <wsp:Policy wsu:Id="CustomBinding_IService
>>> Customer_InsertCustomer_Input_policy">
>>> <wsp:ExactlyOne>
>>> <wsp:All>
>>> <sp:SignedParts xmlns:sp="http://schemas.xmlso
>>> ap.org/ws/2005/07/securitypolicy">
>>> <sp:Body/>
>>> <sp:Header Name="FfeHeader" Namespace="
>>> http://tempuri.org/"/>
>>> <sp:Header Name="To" Namespace="http://www.w3.org/2
>>> 005/08/addressing"/>
>>> <sp:Header Name="From" Namespace="http://www.w3.org/2
>>> 005/08/addressing"/>
>>> <sp:Header Name="FaultTo" Namespace="
>>> http://www.w3.org/2005/08/addressing"/>
>>> <sp:Header Name="ReplyTo" Namespace="
>>> http://www.w3.org/2005/08/addressing"/>
>>> <sp:Header Name="MessageID" Namespace="
>>> http://www.w3.org/2005/08/addressing"/>
>>> <sp:Header Name="RelatesTo" Namespace="
>>> http://www.w3.org/2005/08/addressing"/>
>>> <sp:Header Name="Action" Namespace="
>>> http://www.w3.org/2005/08/addressing"/>
>>> </sp:SignedParts>
>>> <sp:EncryptedParts xmlns:sp="http://schemas.xmlso
>>> ap.org/ws/2005/07/securitypolicy">
>>> <sp:Body/>
>>> <sp:Header Name="FfeHeader" Namespace="
>>> http://tempuri.org/"/>
>>> </sp:EncryptedParts>
>>> </wsp:All>
>>> </wsp:ExactlyOne>
>>> </wsp:Policy>
>>> --cut
>>>
>>> The problematic part is the "FfeHeader" which needs to be encrypted and
>>> signed.
>>> All the other parts are working (as far as I can tell).
>>> If I use wsdl2java a class file for the FfeHeader-Type is generated but I
>>> can find a way how to add it to my request. Thus the resulting request
>>> contains no such header and therefore the server fails to understand my
>>> request:
>>> --cut
>>> Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: Object
>>> reference not set to an instance of an object.
>>> --cut
>>>
>>> I only know the following way to add a custom header to my request:
>>> --cut
>>> ObjectFactory of = new ObjectFactory();
>>> List<Header> headersList = new ArrayList<Header>();
>>> // HeaderType is the generated class for FfeHeader
>>> HeaderType type = of.createHeaderType();
>>> // call several setters on 'type'
>>> [...]
>>>
>>> Header ffeHeader = new Header(new QName("http://tempuri.org",
>>> "FfeHeader"), type, new JAXBDataBinding(HeaderType.class));
>>> headersList.add(ffeHeader);
>>> client.getRequestContext().put(Header.HEADER_LIST, headersList);
>>> --cut
>>> But this way the FfeHeader is neither signed nor encrypted and the call
>>> fails with exact the same error message.
>>>
>>> I would appreciate any kind of help.
>>>
>>> Thanks
>>> Martin
>>>
>>
>>
>
>
--
FERNAUSOFT GmbH
Gartenstra�e 42 - 37269 Eschwege
Telefon (0 56 51) 95 99-0
Telefax (0 56 51) 95 99-90
eMail martin.fernau@fernausoft.de
Internet http://www.fernausoft.de
Handelsregister Eschwege, HRB 1585
Gesch�ftsf�hrer: Axel Fernau, Ulrich Fernau, Martin Fernau
Steuernummer 025 233 00041
USt-ID-Nr. DE 178 554 622
Re: ws-policy/ws-security and a encrypted header part
Posted by Colm O hEigeartaigh <co...@apache.org>.
Yes it's possible to add headers and sign and encrypt them. There is a test
which demonstrates how to do this for encryption, although Signature works
as well:
https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=blob;f=systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java;h=55b8298aa93bed4622c3f2f283a04b8294725aad;hb=HEAD
See "testKeyIdentifier2". The header is added with:
List<Header> headers = new ArrayList<Header>();
Header dummyHeader = new Header(new QName("uri:org.apache.cxf", "dummy"),
"dummy-header",
new JAXBDataBinding(String.class));
headers.add(dummyHeader);
((BindingProvider)x509Port).getRequestContext().put(Header.HEADER_LIST,
headers);
The WSDL is here. You can see that the header is added to the encryption
parts for the "DoubleIt2" operation:
https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=blob;f=systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItOperations.wsdl;h=836f02e0c4c7ae851f4f475ca84a17724dbf2236;hb=HEAD
On Mon, Oct 24, 2016 at 10:19 AM, Martin Fernau <martin.fernau@fernausoft.de
> wrote:
> No one?
>
> Is it not possible with CXF or is it an unusual demand?
> I need to consume this webservice. If its not possible with CXF I need to
> find another way but I'd like to stick with CXF.
>
> Thanks
> Martin
>
>
> Am 20.10.2016 um 10:00 schrieb Martin Fernau:
>
>> Hi,
>>
>> is it possible to call a webservice with the following ws-security
>> content:
>> --cut
>> <wsp:Policy wsu:Id="CustomBinding_IService
>> Customer_InsertCustomer_Input_policy">
>> <wsp:ExactlyOne>
>> <wsp:All>
>> <sp:SignedParts xmlns:sp="http://schemas.xmlso
>> ap.org/ws/2005/07/securitypolicy">
>> <sp:Body/>
>> <sp:Header Name="FfeHeader" Namespace="
>> http://tempuri.org/"/>
>> <sp:Header Name="To" Namespace="http://www.w3.org/2
>> 005/08/addressing"/>
>> <sp:Header Name="From" Namespace="http://www.w3.org/2
>> 005/08/addressing"/>
>> <sp:Header Name="FaultTo" Namespace="
>> http://www.w3.org/2005/08/addressing"/>
>> <sp:Header Name="ReplyTo" Namespace="
>> http://www.w3.org/2005/08/addressing"/>
>> <sp:Header Name="MessageID" Namespace="
>> http://www.w3.org/2005/08/addressing"/>
>> <sp:Header Name="RelatesTo" Namespace="
>> http://www.w3.org/2005/08/addressing"/>
>> <sp:Header Name="Action" Namespace="
>> http://www.w3.org/2005/08/addressing"/>
>> </sp:SignedParts>
>> <sp:EncryptedParts xmlns:sp="http://schemas.xmlso
>> ap.org/ws/2005/07/securitypolicy">
>> <sp:Body/>
>> <sp:Header Name="FfeHeader" Namespace="
>> http://tempuri.org/"/>
>> </sp:EncryptedParts>
>> </wsp:All>
>> </wsp:ExactlyOne>
>> </wsp:Policy>
>> --cut
>>
>> The problematic part is the "FfeHeader" which needs to be encrypted and
>> signed.
>> All the other parts are working (as far as I can tell).
>> If I use wsdl2java a class file for the FfeHeader-Type is generated but I
>> can find a way how to add it to my request. Thus the resulting request
>> contains no such header and therefore the server fails to understand my
>> request:
>> --cut
>> Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: Object
>> reference not set to an instance of an object.
>> --cut
>>
>> I only know the following way to add a custom header to my request:
>> --cut
>> ObjectFactory of = new ObjectFactory();
>> List<Header> headersList = new ArrayList<Header>();
>> // HeaderType is the generated class for FfeHeader
>> HeaderType type = of.createHeaderType();
>> // call several setters on 'type'
>> [...]
>>
>> Header ffeHeader = new Header(new QName("http://tempuri.org",
>> "FfeHeader"), type, new JAXBDataBinding(HeaderType.class));
>> headersList.add(ffeHeader);
>> client.getRequestContext().put(Header.HEADER_LIST, headersList);
>> --cut
>> But this way the FfeHeader is neither signed nor encrypted and the call
>> fails with exact the same error message.
>>
>> I would appreciate any kind of help.
>>
>> Thanks
>> Martin
>>
>
>
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
Re: ws-policy/ws-security and a encrypted header part
Posted by Martin Fernau <ma...@fernausoft.de>.
No one?
Is it not possible with CXF or is it an unusual demand?
I need to consume this webservice. If its not possible with CXF I need
to find another way but I'd like to stick with CXF.
Thanks
Martin
Am 20.10.2016 um 10:00 schrieb Martin Fernau:
> Hi,
>
> is it possible to call a webservice with the following ws-security
> content:
> --cut
> <wsp:Policy
> wsu:Id="CustomBinding_IServiceCustomer_InsertCustomer_Input_policy">
> <wsp:ExactlyOne>
> <wsp:All>
> <sp:SignedParts
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:Body/>
> <sp:Header Name="FfeHeader"
> Namespace="http://tempuri.org/"/>
> <sp:Header Name="To"
> Namespace="http://www.w3.org/2005/08/addressing"/>
> <sp:Header Name="From"
> Namespace="http://www.w3.org/2005/08/addressing"/>
> <sp:Header Name="FaultTo"
> Namespace="http://www.w3.org/2005/08/addressing"/>
> <sp:Header Name="ReplyTo"
> Namespace="http://www.w3.org/2005/08/addressing"/>
> <sp:Header Name="MessageID"
> Namespace="http://www.w3.org/2005/08/addressing"/>
> <sp:Header Name="RelatesTo"
> Namespace="http://www.w3.org/2005/08/addressing"/>
> <sp:Header Name="Action"
> Namespace="http://www.w3.org/2005/08/addressing"/>
> </sp:SignedParts>
> <sp:EncryptedParts
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:Body/>
> <sp:Header Name="FfeHeader"
> Namespace="http://tempuri.org/"/>
> </sp:EncryptedParts>
> </wsp:All>
> </wsp:ExactlyOne>
> </wsp:Policy>
> --cut
>
> The problematic part is the "FfeHeader" which needs to be encrypted
> and signed.
> All the other parts are working (as far as I can tell).
> If I use wsdl2java a class file for the FfeHeader-Type is generated
> but I can find a way how to add it to my request. Thus the resulting
> request contains no such header and therefore the server fails to
> understand my request:
> --cut
> Exception in thread "main" javax.xml.ws.soap.SOAPFaultException:
> Object reference not set to an instance of an object.
> --cut
>
> I only know the following way to add a custom header to my request:
> --cut
> ObjectFactory of = new ObjectFactory();
> List<Header> headersList = new ArrayList<Header>();
> // HeaderType is the generated class for FfeHeader
> HeaderType type = of.createHeaderType();
> // call several setters on 'type'
> [...]
>
> Header ffeHeader = new Header(new QName("http://tempuri.org",
> "FfeHeader"), type, new JAXBDataBinding(HeaderType.class));
> headersList.add(ffeHeader);
> client.getRequestContext().put(Header.HEADER_LIST, headersList);
> --cut
> But this way the FfeHeader is neither signed nor encrypted and the
> call fails with exact the same error message.
>
> I would appreciate any kind of help.
>
> Thanks
> Martin