Re: WSRM in combination with WS-Security: timestamp problem

Tue, 16 Jul 2013 03:41:13 -0700

Although there are problems in using WS-RM and WS-Security together with the existing code I don't think this is one of them. If you look back to John's original post, his issue was that the timestamp was not being updated on retransmissions. This looks like more of a configuration issue.
I'm currently working on some other aspects of WS-RM handling, but should be getting back into the combination with WS-Security next week. I'll try out this scenario then to see if I run into this problem. 

  - Dennis

On 07/16/2013 09:12 PM, Carlos Aza wrote:

Hello Dennis,

The error was missed in the conversion from Nabble to mail. This is what
appears when WS-RM interceptor tries to send the createSequence message:

10:18:48.328 [main] ERROR org.apache.cxf.ws.rm.Proxy - Failed to send RM
protocol message {http://schemas.xmlsoap.org/ws/2005/02/rm}CreateSequence.
org.apache.cxf.interceptor.Fault: Security configuration could not be
detected. Potential cause: Make sure jaxws:client element with name
attribute value matching endpoint port is defined as well as a
ws-security.signature.properties element within it.
        at
org.apache.cxf.ws.security.wss4j.policyhandlers.AsymmetricBindingHandler.doSignBeforeEncrypt(AsymmetricBindingHandler.java:195)
~[cxf-bundle-2.7.5.jar:2.7.5]
        at
org.apache.cxf.ws.security.wss4j.policyhandlers.AsymmetricBindingHandler.handleBinding(AsymmetricBindingHandler.java:98)
~[cxf-bundle-2.7.5.jar:2.7.5]
        at
org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessage(PolicyBasedWSS4JOutInterceptor.java:165)
~[cxf-bundle-2.7.5.jar:2.7.5]

...

Caused by: org.apache.cxf.ws.policy.PolicyException: Security configuration
could not be detected. Potential cause: Make sure jaxws:client element with
name attribute value matching endpoint port is defined as well as a
ws-security.signature.properties element within it.
        at
org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.policyNotAsserted(AbstractBindingBuilder.java:315)
~[cxf-bundle-2.7.5.jar:2.7.5]

...

The configuration is done via Policy:

        <wsp:Policy wsu:Id="RM" xmlns:wsp="http://www.w3.org/2006/07/ws-policy";
        
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";>
                <wsam:Addressing
xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata";>
                        <wsp:Policy />
                </wsam:Addressing>
                <wsrmp:RMAssertion
xmlns:wsrmp="http://schemas.xmlsoap.org/ws/2005/02/rm/policy";>
                        <wsrmp:BaseRetransmissionInterval
                                Milliseconds="10000" />
                </wsrmp:RMAssertion>
        </wsp:Policy>

The interceptors are loaded automatically via ws-policy support.

Thank you in advance.



--
View this message in context: 
http://cxf.547215.n5.nabble.com/WSRM-in-combination-with-WS-Security-timestamp-problem-tp5723872p5730879.html
Sent from the cxf-dev mailing list archive at Nabble.com.

























					Reply via email to