Hello guys,
I'm having to write a Web service client with CXF 2.2.8 to consume a
web service which uses WS-SecurityPolicy on it. The policies shown in
the WSDL are created and managed by an Oracle tool (Oracle Webservices
Manager), they're not manually written and are shipped with the
product. The product claims the policies are compliant with the latest
standards and that are interoperable with other stacks. Because of
that I'm trying to use the CXF Client since the client written with
the own Oracle Stack obviously worked. Unfortunately I'm receiving a
Generic error in the client:
...
Caused by: org.apache.cxf.binding.soap.SoapFault: FailedCheck :
failure in security check
at
org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.unmarshalFault(Soap11FaultInInterceptor.java:75)
at
org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:46)
at org
...
Since this is a client error went to the server logs to see what
happened. There is a line in the log:
<Error> <oracle.wsm.resources.security> <WSM-00035> <Error in
Signature reference mechanism compliance : Expected :
http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
, Actual :
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#EncryptedKey.>
I don't know if there is something I'm missing in the CXF client
configuration or if there is a problem in the Oracle Policy (like
proprietary tags in it) or anything else.
Here is the WSDL I'm trying to consume:
<definitions name="SwapTestService" targetNamespace="http://swap/test/v01";>
<wsp:Policy wsu:Id="SwapTestPort_Fault_Policy" />
<wsp:Policy wsu:Id="SwapTestPort_Input_Policy">
<sp:SignedParts>
<sp:Body />
<sp:Header
Namespace="http://www.w3.org/2005/08/addressing"; />
<sp:Header
Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"; />
<sp:Header Name="fmw-context"
Namespace="http://xmlns.oracle.com/fmw/context/1.0"; />
</sp:SignedParts>
<sp:EncryptedParts>
<sp:Body />
<sp:Header Name="fmw-context"
Namespace="http://xmlns.oracle.com/fmw/context/1.0"; />
</sp:EncryptedParts>
</wsp:Policy>
<wsp:Policy wsu:Id="SwapTestPort_Output_Policy">
<sp:SignedParts>
<sp:Body />
</sp:SignedParts>
<sp:EncryptedParts>
<sp:Body />
</sp:EncryptedParts>
</wsp:Policy>
<wsp:Policy
wsu:Id="wss11_x509_token_with_message_protection_service_policy">
<sp:SymmetricBinding>
<wsp:Policy>
<sp:ProtectionToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";>
<wsp:Policy>
<sp:RequireThumbprintReference />
<sp:WssX509V3Token11 />
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic128 />
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Lax />
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp />
<sp:ProtectTokens />
<sp:OnlySignEntireHeadersAndBody />
</wsp:Policy>
</sp:SymmetricBinding>
<sp:EndorsingSupportingTokens>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";>
<wsp:Policy>
<sp:WssX509V3Token11 />
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:EndorsingSupportingTokens>
<sp:Wss11>
<wsp:Policy>
<sp:RequireSignatureConfirmation />
<sp:MustSupportRefEncryptedKey />
</wsp:Policy>
</sp:Wss11>
</wsp:Policy>
<types>
<xsd:schema>
<xsd:import namespace="http://swap/test/v01";
schemaLocation="http://localhost:7001/swaptest/SwapTest?xsd=1"; />
</xsd:schema>
</types>
<message name="testSwap">
<part name="parameters" element="tns:testSwap" />
</message>
<message name="testSwapResponse">
<part name="parameters" element="tns:testSwapResponse" />
</message>
<portType name="TestWSImpl">
<operation name="testSwap">
<input message="tns:testSwap" />
<output message="tns:testSwapResponse" />
</operation>
</portType>
<binding name="SwapTestPortBinding" type="tns:TestWSImpl">
<soap:binding style="document"
transport="http://schemas.xmlsoap.org/soap/http"; />
<wsp:PolicyReference
URI="#wss11_x509_token_with_message_protection_service_policy"
wsdl:required="false" />
<operation name="testSwap">
<soap:operation soapAction="" />
<input>
<soap:body use="literal" />
<wsp:PolicyReference
URI="#SwapTestPort_Input_Policy"
wsdl:required="false" />
</input>
<output>
<soap:body use="literal" />
<wsp:PolicyReference
URI="#SwapTestPort_Output_Policy"
wsdl:required="false" />
</output>
</operation>
</binding>
<service name="SwapTestService">
<port name="SwapTestPort" binding="tns:SwapTestPortBinding">
<soap:address
location="http://localhost:7001/swaptest/SwapTest"; />
<wsa:EndpointReference>
<wsa:Address>http://localhost:7001/swaptest/SwapTest</wsa:Address>
<wsid:Identity>
<dsig:KeyInfo>
<dsig:X509Data>
<dsig:X509Certificate>MIIEUDCCAjigAwIBAgIBATANBgkqhkiG9w0BAQUFADCBhDELMAkGA1UEBhMCQlIxEzARBgNVBAgTClBlcm5hbWJ1Y28xDzANBgNVBAcTBlJlY2lmZTENMAsGA1UEChMEVEpQRTEfMB0GA1UECxMWQXJxdWl0ZXR1cmEgZSBJbm92YWNhbzEfMB0GA1UEAxMWQXJxdWl0ZXR1cmEgZSBJbm92YWNhbzAeFw0wOTA4MTEyMTI1MDdaFw0xNDA4MTEyMTI1MDdaMFkxCzAJBgNVBAYTAkJSMQ0wCwYDVQQKEwRUSlBFMR8wHQYDVQQLExZBcnF1aXRldHVyYSBlIElub3ZhY2FvMRowGAYDVQQDExFJbnRlZ3JhY2FvIEZpc2NhbDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAictuCNxhLJ2kP9p6TZvwRUTvuoKHS2HMUVjVR3u42BoMf7t83eZMUvBxc3+KdF4MjABgn8H/dPzlc09xCQcd/E5NbYEqagvW3mcJRmO/RyTQEbEySzHLoG/yEJZSz/5adwrTMaZCdm5SLzqfbL8g2Ojmrw11kGNOgLhD9W4UpnECAwEAAaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFPNBvtmMi8wQ6I2PjOWjTNcICTV6MB8GA1UdIwQYMBaAFDv3oNoqns9YZw4QoyP4tzKaZv1SMA0GCSqGSIb3DQEBBQUAA4ICAQBkDVoCKmkMGdDF7sQAPfv6kKXQoWutQZ62jgoXLy9TLnGFDh1lde+AF6uE68PwzhpSq0+LVtysW0nwoV5lm0bqU4xw/eopelyMrXLjRaWEZ45owDzOE/+qOATMsV4AfXb5MVnQVpAQXQPntJtwFivw1AIBacluL8RXWepz1N5dols1HSERDI3jyPZ067nfFLfCbv9pTrRjLk5MQiQ4+Ri7lFT7Oj8gxqO+4mMt4W9xE4SfR3rUDq3Srtz9bQE2sP5vyG3+D+smmtENb5Wv+TlmNzBzYjvBe76gChMDG9ftGuaiX4NOERod0u7x2s2Q94pDngL7wxRuVpI1cCQ2LxYMGeZ1Nf9fqdj9fvG+prg17OPP/Jp/LiO9rz8CZs3krFFcZI0KXvsCfSK67moxW4acE14pBbkNnGsV1V9AogCUHPmrxs/vaAF/+5GKr0USIHIfS/LsSvW0A8I8BFoa72nLtp7nfsx43sXgzGZ/O0XV75guzu/CEA7XtvvYcgcibEjW+1IaXsIWjUljMDFC81IKP+bbUX0lQEfu9lLiwXBh8EPiVmR59ioQIdAZsiPWSn54146aqWoL2qpPrjMBtvQat9q+XZOdwPn0KlmPUdz/khLp8AInFmuUnGJz6/9CPYP+eG/5vJ7kjAGmt8ckkmAdC4dntC6hxYJpLaq418SEtw==</dsig:X509Certificate>
<dsig:X509IssuerSerial>
<dsig:X509IssuerName>CN=Arquitetura e Inovacao, OU=Arquitetura e
Inovacao, O=TJPE, L=Recife, ST=Pernambuco, C=BR</dsig:X509IssuerName>
<dsig:X509SerialNumber>1</dsig:X509SerialNumber>
</dsig:X509IssuerSerial>
<dsig:X509SubjectName>CN=Integracao Fiscal, OU=Arquitetura e
Inovacao,
O=TJPE, C=BR</dsig:X509SubjectName>
<dsig:X509SKI>80G+2YyLzBDojY+M5aNM1wgJNXo=</dsig:X509SKI>
</dsig:X509Data>
</dsig:KeyInfo>
</wsid:Identity>
</wsa:EndpointReference>
</port>
</service>
</definitions>
Please, any help will be much appretiated !
Thank you !
