Hi Pawel, It is not possible to do this using the non-policy WS-Security interceptors. However, you should be able to get it working by adapting one of the X509 test policies, e.g.:
http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/x509/DoubleItX509.wsdl?view=markup Colm. On Fri, Jun 29, 2012 at 12:06 PM, Paweł Gutowski <[email protected]>wrote: > I need to sign Body and BinarySecurityToken elements. > I get this exception when creating signature for the message: > > > Caused by: org.apache.ws.security.WSSecurityException: Error during > Signature: > ... 35 more > Caused by: org.apache.ws.security.WSSecurityException: Signature > creation failed (Cannot setup signature data structure) > ... 38 more > Caused by: org.apache.ws.security.WSSecurityException: General > security error (WSEncryptBody/WSSignEnvelope: Element to encrypt/sign > not found: > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd > , > BinarySecurityToken) > at > org.apache.ws.security.message.WSSecSignatureBase.addReferencesToSign(WSSecSignatureBase.java:160) > > > This is my Spring config part: > > <bean class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor"> > <constructor-arg> > <map> > <entry key="action" value="Signature" /> > <entry key="user" value="mySuer" /> > <entry key="passwordCallbackRef"> > <bean id="myPasswordCallback" > class="com.myCompany.MyPasswordCallback" /> > </entry> > <entry key="signaturePropFile" value="client_sign.properties" /> > <entry key="signatureKeyIdentifier" value="DirectReference" /> > <entry key="signatureParts" > value="{}{ > http://schemas.xmlsoap.org/soap/envelope/}Body;{}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}BinarySecurityToken > " > /> > <entry key="isBSPCompliant" value="false" /> > </map> > </constructor-arg> > </bean> > > > I also tried to change signatureParts value to: > <entry key="signatureParts" > value="Token;{}{http://schemas.xmlsoap.org/soap/envelope/}Body"; /> > > then I get the same exception: > Caused by: org.apache.ws.security.WSSecurityException: General > security error (WSEncryptBody/WSSignEnvelope: Element to encrypt/sign > not found: http://schemas.xmlsoap.org/soap/envelope/, Token) > at > org.apache.ws.security.message.WSSecSignatureBase.addReferencesToSign(WSSecSignatureBase.java:160) > ... 41 more > > > There is no problem with producing signature for Body and BST elements > on Weblogic server. > This is what I expect to produce: > > <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/ > " > xmlns:soap="http://soap.my.company.com/";> > <soapenv:Header> > <wsse:Security soap:mustUnderstand="1" > xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"; > xmlns:wsse=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd > "> > <wsse:BinarySecurityToken > ValueType=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3 > " > EncodingType=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary > " > xmlns:wsu=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd > " > wsu:Id="SecurityToken-270e5823-573d-4252-9607-db5f6286969b">MIIDg... > </wsse:BinarySecurityToken> > <Signature Id="cd56d279-7479-41ec-94e1-b0d72f961cf0" > xmlns="http://www.w3.org/2000/09/xmldsig#";> > <SignedInfo> > <ds:CanonicalizationMethod > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; > xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; /> > <SignatureMethod > Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"; /> > <Reference > URI="#SecurityToken-270e5823-573d-4252-9607-db5f6286969b"> > <Transforms> > <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; > /> > </Transforms> > <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; > /> > <DigestValue>oGYH...g=</DigestValue> > </Reference> > <Reference URI="#Id-117b61be-9ca0-4745-b0fa-946e2492f0a3"> > <Transforms> > <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; > /> > </Transforms> > <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; > /> > <DigestValue>Qo8S...=</DigestValue> > </Reference> > </SignedInfo> > <SignatureValue>KV2eV.....= > </SignatureValue> > <KeyInfo> > <wsse:SecurityTokenReference> > <wsse:Reference > URI="#SecurityToken-270e5823-573d-4252-9607-db5f6286969b" > ValueType=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3 > " > /> > </wsse:SecurityTokenReference> > </KeyInfo> > </Signature> > </wsse:Security> > </soapenv:Header> > <soapenv:Body wsu:Id="Id-117b61be-9ca0-4745-b0fa-946e2492f0a3"> > ..... > </soapenv:Body> > </soapenv:Envelope> > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
