I have a scenario where I want to add wss signing to an outgoing web service call. I am trying to accomplish this by using a cxf consumer and a cxf producer wired together by camel as a simple proxy.
The idea is this: a system sends an un-signed SOAP request to our CXF web service requiring no security. The call is then routed to a CXF client, which signs th eoutgoing message using wss. This way, the original caller does not concern itself with any security related issues. I have included our spring configuration below. The problem is that the call gets routed as it should through the two CXF beans, but the outgoing call leaves the CXF client without being signed. There is no trace of any wss headers in the outgoing call. Turning on debugging, I can see that the WSS4JOutInterceptor is invoked, and it writes to the debug messages that it has created a xmldsig:SignedInfo element, but this is never added to the outgoing message. Can anyone here throw some light on this problem? Here's the configuration: <?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans"; xmlns:xsi=" http://www.w3.org/2001/XMLSchema-instance"; xmlns:camel=" http://camel.apache.org/schema/spring"; xmlns:cxf="http://camel.apache.org/schema/cxf"; xmlns:context=" http://www.springframework.org/schema/context"; xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd http://camel.apache.org/schema/spring http://camel.apache.org/schema/spring/camel-spring.xsd http://camel.apache.org/schema/cxf http://camel.apache.org/schema/cxf/camel-cxf.xsd";> <import resource="classpath:META-INF/cxf/cxf.xml" /> <cxf:cxfEndpoint id="receiveOutgoingMessageEndpoint" wsdlURL="etc/SendOccupationalPensionService.wsdl" address="/sendOccupationalPension" serviceName="s:SendOccupationalPensionService" xmlns:s=" http://ssek.ic.afa.se/";> <cxf:properties> <entry key="dataFormat" value="MESSAGE" /> </cxf:properties> </cxf:cxfEndpoint> <cxf:cxfEndpoint id="sendOutgoingMessageEndpoint" address=" http://localhost:8088/mockSendOccupationalPensionResponseToFKSOAPBinding";> <cxf:properties> <entry key="dataFormat" value="MESSAGE" /> </cxf:properties> <cxf:outInterceptors> <bean class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor"> <constructor-arg> <map> <entry key="action" value="Timestamp Signature" /> <entry key="user" value="myservicekey" /> <entry key="signatureKeyIdentifier" value="DirectReference" /> <entry key="timeToLive" value="10800" /> <entry key="signaturePropFile" value="classpath:etc/ssek.serviceKeystore.properties" /> <entry key="passwordCallbackRef"> <bean class="se.afa.ic.ssek.ServiceKeystorePasswordCallback"> <constructor-arg> <value>myservicekey</value> </constructor-arg> <constructor-arg> <value>skpass</value> </constructor-arg> </bean> </entry> <entry key="signatureParts" value="{Element}{ http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body"; /> </map> </constructor-arg> </bean> </cxf:outInterceptors> </cxf:cxfEndpoint> <camelContext id="camelContext" xmlns=" http://camel.apache.org/schema/spring";> <route trace="true"> <from uri="cxf:bean:receiveOutgoingMessageEndpoint" /> <to uri="cxf:bean:sendOutgoingMessageEndpoint" /> </route> </camelContext> </beans>
