On Thu, Dec 23, 2010 at 6:00 PM, Dennis Sosnoski <[email protected]> wrote:
> John, you might try downloading the sample code from the > SymmetricBinding article referenced by Glen > (http://www.ibm.com/developerworks/java/library/j-jws17/index.html) as a > basis for trying your policy. First build and test the supplied sample > using your CXF installation, then substitute your policy for the one in > the sample code WSDL. Hopefully that could help you find the cause of > the problems. > > OK, using cxf 2.2.8, I make the policy substitution, and get this, with scencr: [java] Dec 24, 2010 1:55:01 PM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl build [java] WARNING: No assertion builder for type { http://schemas.microsoft.com/ws/2005/07/securitypolicy}SslContextTokenregistered. [java] Dec 24, 2010 1:55:02 PM org.apache.cxf.phase.PhaseInterceptorChain doDefaultLogging [java] WARNING: Interceptor for { http://schemas.xmlsoap.org/ws/2005/02/trust/wsdl}SecurityTokenService#{http://schemas.xmlsoap.org/ws/2005/02/trust/wsdl}RequestSecurityTokenhas thrown exception, unwinding now [java] org.apache.cxf.interceptor.Fault: No signature token [java] at org.apache.cxf.ws.security.wss4j.policyhandlers.SymmetricBindingHandler.doSignBeforeEncrypt(SymmetricBindingHandler.java:384) I interpret the first warning to mean an 'assertion builder' needs to be implemented and registered for this type. Is this 'builder' a pluggable component? How would I find out if a builder for this type already exists? Is implementing a builder a complex task? Is this work reserved to cxf developers or are users of the library expected to provide these as they need? If I get one, or write one, how do I register it? Is it easier to beg the service provider to change the policy and if so, how can I express that in their terms (I am an alien to the .net environment)? I interpret the second warning to mean that I did not satisfy the configuration requirement of the policy. In this case, it is missing its signature token. I need to discover the name of this property, and how to set it, and what value to set it to. So, I guess I have some digging through the cxf pages. Am I asking the right questions? and do you expect the cxf web pages will give me answers? Thanks, John The comment from the article that "CXF was the only stack that worked > with the policy as written." only applied to the WS-SecureConversation > policy shown in Listing 2. WS-SC configurations tend to be more > failure-prone than regular WS-Security configurations, in my experience, > since there are more "moving parts" involved in the operation. All three > of the stacks I tried were able to handle the basic SymmetricBinding > configuration. > > - Dennis > > Dennis M. Sosnoski > Java SOA and Web Services Consulting <http://www.sosnoski.com/consult.html > > > Axis2/CXF/Metro SOA and Web Services Training > <http://www.sosnoski.com/training.html> > Web Services Jump-Start <http://www.sosnoski.com/jumpstart.html> > > > On 12/24/2010 10:26 AM, Glen Mazza wrote: > > If *could* be your service provider is not detecting the > > SymmetricBinding tag because two additional libraries need to be > > declared in your web.xml: > > http://www.jroller.com/gmazza/entry/cxf_x509_profile_secpol (see the > > section on |contextConfigLocation|, it will point you to a username > > token article.) > > > > HTH, > > Glen > > > > > > > > > > On 23.12.2010 16:20, John Franey wrote: > >> Thanks. > >> > >> On Thu, Dec 23, 2010 at 4:01 PM, Glen Mazza<[email protected]> > >> wrote: > >> > >>> On http://www.sosnoski.com/articles.html, I think you'll want the 2nd > >>> article:WS-Security without client certificates< > >>> http://www.ibm.com/developerworks/java/library/j-jws17/index.html> > >>> > >>> This statement from that article is why I am wanting to use CXF: > >>> "CXF was > >> the only stack that worked with the policy as written." > >> > >> The policy I am consuming looks much like the ones in his article. > >> So, I'm > >> expecting success. I believe symmetric binding is supported. > >> > >> Should I conclude that the 'right wsdl' is enough to activate symmetric > >> binding? or is there some other configuration needed? > >> > >> The message "SymmetricBinding not supported" implies the latter, I > >> think. > >> > >> > >> HTH, > >>> Glen > >>> > >>> > >>> > >>> On 23.12.2010 15:32, John Franey wrote: > >>> > >>>> I believe symmetric binding policy is supported in cxf 2.3.1, but > >>>> this log > >>>> message says no: > >>>> > >>>> [PolicyEngineImpl] Alternative { > >>>> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}SymmetricBinding > <http://schemas.xmlsoap.org/ws/2005/07/securitypolicy%7DSymmetricBinding > >is > >>>> not > >>>> supported > >>>> > >>>> I've been working over the cxf documentation for over a day. I am > >>>> stumped. > >>>> > >>>> What do I have to do to turn on support for symmetric binding? > >>>> > >>>> I'm writing a client that will run in jbossws-cxf 3.4.0. > >>>> > >>>> Thanks, > >>>> John > >>>> > >>>> > >>> -- > >>> > >>> Glen Mazza > >>> gmazza at apache dot org > >>> http://www.jroller.com/gmazza > >>> > > > > >
