NO I was using 2.3.5 because with 2.4.1 my configuration is not working, a wsdl like this one:
<?xml version='1.0' encoding='UTF-8'?><wsdl:definitions name="CXFLibraryImplService" targetNamespace=" http://service2.ws.service.kprtech.com/" xmlns:ns1=" http://cxf.apache.org/bindings/xformat" xmlns:soap=" http://schemas.xmlsoap.org/wsdl/soap/" xmlns:tns=" http://service2.ws.service.kprtech.com/" xmlns:wsdl=" http://schemas.xmlsoap.org/wsdl/" xmlns:xsd=" http://www.w3.org/2001/XMLSchema"> <wsp:Policy wsu:Id="SignEncr" xmlns:wsu=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"> <wsp:ExactlyOne> <wsp:All> <sp:AsymmetricBinding xmlns:sp=" http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"> <wsp:Policy> <sp:InitiatorToken> <wsp:Policy> <sp:X509Token sp:IncludeToken=" http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient "> <wsp:Policy> <sp:RequireThumbprintReference/> <sp:WssX509V1Token10/> </wsp:Policy> </sp:X509Token> </wsp:Policy> </sp:InitiatorToken> <sp:RecipientToken> <wsp:Policy> <sp:X509Token sp:IncludeToken=" http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never "> <wsp:Policy> <sp:RequireThumbprintReference/> <sp:WssX509V3Token10/> </wsp:Policy> </sp:X509Token> </wsp:Policy> </sp:RecipientToken> <sp:AlgorithmSuite> <wsp:Policy> <sp:TripleDesRsa15/> </wsp:Policy> </sp:AlgorithmSuite> <sp:Layout> <wsp:Policy> <sp:Strict/> </wsp:Policy> </sp:Layout> <sp:IncludeTimestamp/> <sp:OnlySignEntireHeadersAndBody/> </wsp:Policy> </sp:AsymmetricBinding> <sp:Wss10 xmlns:sp=" http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> <wsp:Policy> <sp:MustSupportRefKeyIdentifier/> <sp:MustSupportRefIssuerSerial/> </wsp:Policy> </sp:Wss10> <sp:SignedParts xmlns:sp=" http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"> <sp:Body/> </sp:SignedParts> </wsp:All> </wsp:ExactlyOne> </wsp:Policy> <wsdl:types> <xs:schema elementFormDefault="unqualified" targetNamespace=" http://service2.ws.service.kprtech.com/" version="1.0" xmlns:tns=" http://service2.ws.service.kprtech.com/" xmlns:xs=" http://www.w3.org/2001/XMLSchema"> <xs:element name="sayHello" type="tns:sayHello" /> <xs:element name="sayHelloResponse" type="tns:sayHelloResponse" /> <xs:complexType name="sayHello"> <xs:sequence> <xs:element minOccurs="0" name="arg0" type="xs:string" /> </xs:sequence> </xs:complexType> <xs:complexType name="sayHelloResponse"> <xs:sequence> <xs:element minOccurs="0" name="return" type="xs:string" /> </xs:sequence> </xs:complexType> </xs:schema> </wsdl:types> <wsdl:message name="sayHelloResponse"> <wsdl:part element="tns:sayHelloResponse" name="parameters"> </wsdl:part> </wsdl:message> <wsdl:message name="sayHello"> <wsdl:part element="tns:sayHello" name="parameters"> </wsdl:part> </wsdl:message> <wsdl:portType name="Library"> <wsdl:operation name="sayHello"> <wsdl:input message="tns:sayHello" name="sayHello"> </wsdl:input> <wsdl:output message="tns:sayHelloResponse" name="sayHelloResponse"> </wsdl:output> </wsdl:operation> </wsdl:portType> <wsdl:binding name="CXFLibraryImplServiceSoapBinding" type="tns:Library"> <wsp:PolicyReference xmlns:wsp=" http://schemas.xmlsoap.org/ws/2004/09/policy" URI="#SignEncr"/> <soap:binding style="document" transport=" http://schemas.xmlsoap.org/soap/http" /> <wsdl:operation name="sayHello"> <soap:operation soapAction="" style="document" /> <wsdl:input name="sayHello"> <soap:body use="literal" /> </wsdl:input> <wsdl:output name="sayHelloResponse"> <soap:body use="literal" /> </wsdl:output> </wsdl:operation> </wsdl:binding> <wsdl:service name="CXFLibraryImplService"> <wsdl:port binding="tns:CXFLibraryImplServiceSoapBinding" name="CXFLibraryImplPort"> <soap:address location=" http://localhost:8080/domicilios/services/service2" /> </wsdl:port> </wsdl:service> </wsdl:definitions> The service exposed this way: <jaxws:endpoint id="service2" implementor="com.kprtech.service.ws.service2.CXFLibraryImpl" wsdlLocation="classpath:service2.wsdl" address="/service2"> <jaxws:properties> <entry key="ws-security.signature.properties" value="server-crypto.properties"/> <entry key="ws-security.signature.username" value="serverkey"/> <!--<entry key="ws-security.encryption.username" value="useReqSigCert"/>--> <entry key="ws-security.callback-handler" value="com.kprtech.service.ws.impl.ServerCallback"/> </jaxws:properties> </jaxws:endpoint> ANd the client generated using cxf tool. This is working perfectly in 2.3.5 and and 2.2.6. Has something changed for the 2.4.1 version when the wsdl first approach is used? I´m getting this error: 2011-07-19 09:26:23,720 [qtp32323148-24] WARN org.apache.cxf.phase.PhaseInterceptorChain - Interceptor for { http://service2.ws.service.kprtech.com/}CXFLibraryImplService has thrown exception, unwinding now org.apache.cxf.binding.soap.SoapFault: The signature or decryption was invalid On Tue, Jul 19, 2011 at 3:36 AM, Colm O hEigeartaigh <cohei...@apache.org>wrote: > Hi Jaime, > > What version of CXF are you using? There is a better way to do this > than via a CXF interceptor from CXF 2.4.0 onwards. Trust validation is > done by WSS4J via the SignatureTrustValidator, which is given the > certificate used to verify the signature, and verifies trust via the > CertPath API. You can simply plug your own Validator implementation in > here instead. See this blog entry for more details: > > > http://coheigea.blogspot.com/2011/06/custom-token-validation-in-apache-cxf.html > > Colm. > > On Mon, Jul 18, 2011 at 7:30 PM, Jaime Hablutzel Egoavil > <hablutz...@gmail.com> wrote: > > Hi I have a web service exposed with cxf with this wsdl: > > > > <?xml version='1.0' encoding='UTF-8'?><wsdl: > > definitions name="CXFLibraryImplService" targetNamespace=" > > http://service2.ws.service.kprtech.com/" xmlns:ns1=" > > http://cxf.apache.org/bindings/xformat" xmlns:soap=" > > http://schemas.xmlsoap.org/wsdl/soap/" xmlns:tns=" > > http://service2.ws.service.kprtech.com/" xmlns:wsdl=" > > http://schemas.xmlsoap.org/wsdl/" xmlns:xsd=" > > http://www.w3.org/2001/XMLSchema"> > > <wsdl:types> > > <xs:schema elementFormDefault="unqualified" targetNamespace=" > > http://service2.ws.service.kprtech.com/" version="1.0" xmlns:ns1=" > > http://cxf.apache.org/bindings/xformat" xmlns:soap=" > > http://schemas.xmlsoap.org/wsdl/soap/" xmlns:tns=" > > http://service2.ws.service.kprtech.com/" xmlns:wsdl=" > > http://schemas.xmlsoap.org/wsdl/" xmlns:xs=" > http://www.w3.org/2001/XMLSchema" > > xmlns:xsd="http://www.w3.org/2001/XMLSchema"> > > <xs:element name="sayHello" type="tns:sayHello" /> > > <xs:element name="sayHelloResponse" type="tns:sayHelloResponse" /> > > <xs:complexType name="sayHello"> > > <xs:sequence> > > <xs:element minOccurs="0" name="arg0" type="xs:string" /> > > </xs:sequence> > > </xs:complexType> > > <xs:complexType name="sayHelloResponse"> > > <xs:sequence> > > <xs:element minOccurs="0" name="return" type="xs:string" /> > > </xs:sequence> > > </xs:complexType> > > </xs:schema> > > </wsdl:types> > > <wsdl:message name="sayHello"> > > <wsdl:part element="tns:sayHello" name="parameters"> > > </wsdl:part> > > </wsdl:message> > > <wsdl:message name="sayHelloResponse"> > > <wsdl:part element="tns:sayHelloResponse" name="parameters"> > > </wsdl:part> > > </wsdl:message> > > <wsdl:portType name="Library"> > > <wsdl:operation name="sayHello"> > > <wsdl:input message="tns:sayHello" name="sayHello"> > > </wsdl:input> > > <wsdl:output message="tns:sayHelloResponse" name="sayHelloResponse"> > > </wsdl:output> > > </wsdl:operation> > > </wsdl:portType> > > <wsdl:binding name="CXFLibraryImplServiceSoapBinding" > type="tns:Library"> > > <wsp:PolicyReference URI="#SignEncr" xmlns:wsp=" > > http://schemas.xmlsoap.org/ws/2004/09/policy" /> > > <soap:binding style="document" transport=" > > http://schemas.xmlsoap.org/soap/http" /> > > <wsdl:operation name="sayHello"> > > <soap:operation soapAction="" style="document" /> > > <wsdl:input name="sayHello"> > > <soap:body use="literal" /> > > </wsdl:input> > > <wsdl:output name="sayHelloResponse"> > > <soap:body use="literal" /> > > </wsdl:output> > > </wsdl:operation> > > </wsdl:binding> > > <wsdl:service name="CXFLibraryImplService"> > > <wsdl:port binding="tns:CXFLibraryImplServiceSoapBinding" > > name="CXFLibraryImplPort"> > > <soap:address location=" > > http://localhost:8888/domicilios/services/service2" /> > > </wsdl:port> > > </wsdl:service> > > <wsp:Policy wsu:Id="SignEncr" xmlns:wsp=" > > http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsu=" > > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd > > "> > > > > <wsp:ExactlyOne> > > <wsp:All> > > <sp:AsymmetricBinding xmlns:sp=" > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"> > > <wsp:Policy> > > <sp:InitiatorToken> > > <wsp:Policy> > > <sp:X509Token sp:IncludeToken=" > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient > > "> > > <wsp:Policy> > > <sp:RequireThumbprintReference /> > > <sp:WssX509V1Token10 /> > > </wsp:Policy> > > </sp:X509Token> > > </wsp:Policy> > > </sp:InitiatorToken> > > <sp:RecipientToken> > > <wsp:Policy> > > <sp:X509Token sp:IncludeToken=" > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never > > "> > > <wsp:Policy> > > <sp:RequireThumbprintReference /> > > <sp:WssX509V3Token10 /> > > </wsp:Policy> > > </sp:X509Token> > > </wsp:Policy> > > </sp:RecipientToken> > > <sp:AlgorithmSuite> > > <wsp:Policy> > > <sp:TripleDesRsa15 /> > > </wsp:Policy> > > </sp:AlgorithmSuite> > > <sp:Layout> > > <wsp:Policy> > > <sp:Strict /> > > </wsp:Policy> > > </sp:Layout> > > <sp:IncludeTimestamp /> > > <sp:OnlySignEntireHeadersAndBody /> > > </wsp:Policy> > > </sp:AsymmetricBinding> > > <sp:Wss10 xmlns:sp=" > > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> > > <wsp:Policy> > > <sp:MustSupportRefKeyIdentifier /> > > <sp:MustSupportRefIssuerSerial /> > > </wsp:Policy> > > </sp:Wss10> > > <sp:SignedParts xmlns:sp=" > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"> > > <sp:Body /> > > </sp:SignedParts> > > > > </wsp:All> > > </wsp:ExactlyOne> > > </wsp:Policy> > > </wsdl:definitions> > > > > > > And I want to be able to get the certificate in a custom intereceptor to > be > > able to pass it to spring security session context. > > Another thing I want is to be able to override the default behaviour of > cxf > > trying to validate the certPath, because I want to do this by my own > because > > certificate aren't in a .jsk keystore but in a database. > > > > I have read that I need a second interceptor, but how to set an > interceptor > > and give it lower precedence?? > > > > Thanks. > > > > > > > > -- > > Jaime Hablutzel - 9-9956-3299 > > > > (tildes omitidas intencionalmente) > > > > > > -- > Colm O hEigeartaigh > > http://coheigea.blogspot.com/ > Talend - http://www.talend.com > -- Jaime Hablutzel - 9-9956-3299 (tildes omitidas intencionalmente)