> I have following content in this file. Value of the location attribute of the <soap:address> seems doesn't matter. I even set an > empty string on that, but it didn't make any difference. Are there any rules to set value for "location"?
No afaik as it'll get overwritten by the CXF runtime. > 2. End point for cxf-transport.xml and cxf-encrypted-ut.xml seems independent to each other. I configured end point for > cxf-transport.xml to be connected to OpenLDAP. Is that mean that I need to configure cxf-encrypted-ut.xml to reference to > OpenLDAP so that UserName token is validated against OpenLDAP rather than hard coded by default? Yes, as they are independent of each other. Of course you could always put shared config in a separate configuration file and import it. > 3. I don't think that I understand your previous email. The config files for the STS each define (one or more) JAX-WS endpoints for a particular port that is defined in the same WSDL, and each defines it's own address. Therefore when you look at the WSDL that is published for a particular endpoint, you will see the correct address in the WSDL only for that particular endpoint. In other words, the "Transport_UT" port configuration uses the address "/STSService" and hence when you look at the WSDL available via " https://wkengchoi.global.sdl.corp:9443/fedizidpsts/STSService?wsdl"; you see the correct address for this port, but not for the other ports. The "Transport" port uses the address "/STSServiceTransport" and so if you look at the WSDL available at " https://wkengchoi.global.sdl.corp:9443/fedizidpsts/STSServiceTransport?wsdl"; you will see the correct address for this port, etc. Colm. On Thu, Jul 12, 2012 at 12:52 PM, Gina Choi <[email protected]> wrote: > Hi Colm, > > I have attached my cxf-transport.xml, cxf-encrypted-ut.xml, > cxf-servlet.xml and ws-trust-1.4-service.wsdl and I have several questions > to these files. > > 1. ws-trust-1.4-service.wsdl > I have following content in this file. Value of the location attribute of > the <soap:address> seems doesn't matter. I even set an empty string on > that, but it didn't make any difference. Are there any rules to set value > for "location"? > > <wsdl:service name="SecurityTokenService"> > > <wsdl:port name="UT_Port" binding="tns:UT_Binding"> > > <soap:address location=" > http://wkengchoi.global.sdl.corp:8080/jaxws-sts/sts"; /> > > </wsdl:port> > > <wsdl:port name="X509_Port" binding="tns:X509_Binding"> > > <soap:address location=" > http://wkengchoi.global.sdl.corp:8080/jaxws-sts/sts"; /> > > </wsdl:port> > > <wsdl:port name="Transport_Port" binding="tns:Transport_Binding"> > > <soap:address location=" > http://wkengchoi.global.sdl.corp:8080/jaxws-sts/sts"; /> > > </wsdl:port> > > <wsdl:port name="UTEncrypted_Port" > binding="tns:UTEncrypted_Binding"> > > <soap:address location=" > http://wkengchoi.global.sdl.corp:8080/jaxws-sts/sts"; /> > > </wsdl:port> > > <wsdl:port name="TransportUT_Port" > binding="tns:TransportUT_Binding"> > > <soap:address location=" > http://wkengchoi.global.sdl.corp:8080/jaxws-sts/sts"; /> > > </wsdl:port> > > <wsdl:port name="TransportKerberos_Port" > binding="tns:TransportKerberos_Binding"> > > <soap:address location=" > http://wkengchoi.global.sdl.corp:8080/jaxws-sts/sts"; /> > > </wsdl:port> > > </wsdl:service> > > > 2. End point for cxf-transport.xml and cxf-encrypted-ut.xml seems > independent to each other. I configured end point for cxf-transport.xml to > be connected to OpenLDAP. Is that mean that I need to configure > cxf-encrypted-ut.xml to reference to OpenLDAP so that UserName token is > validated against OpenLDAP rather than hard coded by default? Live "alice" > vs "ecila"? > > 3. I don't think that I understand your previous email. > <<<< > I think the reason that when you view the WSDL via " > https://wkengchoi.global.sdl.corp:9443/fedizidpsts/STSService?wsdl"; you > only see the correct address for the "TransportUT_Port" is that > "/STSService" is the address defined for the TransportUT_Port in > cxf-transport.xml. If you want to see the correct address for the > "Transport_Port" in cxf-transport.xml you would use the WSDL location " > https://wkengchoi.global.sdl.corp:9443/fedizidpsts/STSServiceTransport?wsdl"; > etc. > >>>> > > If I look at cxf-transport.xml, I applied same wsdlLocation like bellow, > but it appears differently on the browser. I also attached wsdl file from > browser(STSService.wsdl). > > <jaxws:endpoint id="transportSTS2" > implementor="#transportSTSProviderBean" > > *address="/STSServiceTransport" > wsdlLocation="/WEB-INF/wsdl/ws-trust-1.4-service.wsdl"* > > xmlns:ns1=" > http://docs.oasis-open.org/ws-sx/ws-trust/200512/"; > > serviceName="ns1:SecurityTokenService" > endpointName="ns1:Transport_Port"> > > <jaxws:properties> > > </jaxws:properties> > > </jaxws:endpoint> > > > > <!-- This is added for OpenLdap --> > > <jaxws:endpoint id="transportSTSUT" > > > endpointName="ns1:TransportUT_Port" > > > serviceName="ns1:SecurityTokenService" > > > xmlns:ns1="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"; > > > *wsdlLocation="/WEB-INF/wsdl/ws-trust-1.4-service.wsdl"* > > > *address="/STSService"* > > > implementor="#transportSTSProviderBean"> > > <jaxws:properties> > > <entry > key="ws-security.ut.validator" > > > value-ref="jaasUTValidator"/> > > </jaxws:properties> > > </jaxws:endpoint> > > > > > On Wed, Jul 11, 2012 at 8:47 AM, Colm O hEigeartaigh > <[email protected]>wrote: > >> >> I think the reason that when you view the WSDL via " >> https://wkengchoi.global.sdl.corp:9443/fedizidpsts/STSService?wsdl"; you >> only see the correct address for the "TransportUT_Port" is that >> "/STSService" is the address defined for the TransportUT_Port in >> cxf-transport.xml. If you want to see the correct address for the >> "Transport_Port" in cxf-transport.xml you would use the WSDL location " >> https://wkengchoi.global.sdl.corp:9443/fedizidpsts/STSServiceTransport?wsdl"; >> etc. >> >> Colm. >> >> >> On Wed, Jul 11, 2012 at 12:43 PM, Gina Choi <[email protected]> wrote: >> >>> Following is what I have. >>> >>> <jaxws:client name="{ >>> http://www.example.org/contract/DoubleIt}DoubleItPort"; >>> createdFromAPI="true"> >>> <jaxws:properties> >>> <!-- Use below for UT Authentication between WSC and STS --> >>> <entry key="ws-security.sts.client"> >>> <bean class="org.apache.cxf.ws.security.trust.STSClient"> >>> <constructor-arg ref="cxf"/> >>> <property name="wsdlLocation" value=" >>> http://wkengchoi.global.sdl.corp:9080/fedizidpsts/STSService?wsdl"/> >>> <property name="serviceName" value="{ >>> http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService >>> "/> >>> <property name="endpointName" value="{ >>> http://docs.oasis-open.org/ws-sx/ws-trust/200512/}UTEncrypted_Port"/> >>> <property name="properties"> >>> <map> >>> <entry key="ws-security.username" >>> value="gchoi"/> >>> <entry key="ws-security.callback-handler" >>> value="client.ClientCallbackHandler"/> >>> <entry >>> key="ws-security.encryption.properties" value="clientKeystore.properties"/> >>> <entry key="ws-security.encryption.username" >>> value="mystskey"/> >>> </map> >>> </property> >>> </bean> >>> </entry> >>> </jaxws:properties> >>> </jaxws:client> >>> </beans> >>> >>> >>> On Wed, Jul 11, 2012 at 7:24 AM, Colm O hEigeartaigh < >>> [email protected]> wrote: >>> >>>> >>>> What does your client configuration look like for this case? >>>> >>>> Colm. >>>> >>>> >>>> On Wed, Jul 11, 2012 at 11:58 AM, Gina Choi <[email protected]>wrote: >>>> >>>>> Hi Colm, >>>>> >>>>> Thanks for confirmation. If I browse( >>>>> https://wkengchoi.global.sdl.corp:9443/fedizidpsts/STSService?wsdl) >>>>> Fediz STS wsdl file, I see following content. As you noticed that except >>>>> TransportUT_Port, >>>>> soap address for port UTEncrypted_Por, UT_Port and Transport_Port are >>>>> relative address(TransportKerberos_Port seems not ready. I might >>>>> comment this out). >>>>> >>>>> >>>>> <wsdl:service name="SecurityTokenService"> >>>>> >>>>> <wsdl:port binding="wstrust:X509_Binding" name="X509_Port"> >>>>> >>>>> <soap:address location="/X509"/> >>>>> >>>>> </wsdl:port> >>>>> >>>>> <wsdl:port binding="wstrust:TransportUT_Binding" >>>>> name="TransportUT_Port"> >>>>> >>>>> <soap:address location=" >>>>> https://wkengchoi.global.sdl.corp:9443/fedizidpsts/STSService"/> >>>>> >>>>> </wsdl:port> >>>>> >>>>> <wsdl:port binding="wstrust:TransportKerberos_Binding" >>>>> name="TransportKerberos_Port"> >>>>> >>>>> <soap:address location=" >>>>> http://wkengchoi.global.sdl.corp:9080/jaxws-sts/sts"/> >>>>> >>>>> </wsdl:port> >>>>> >>>>> <wsdl:port binding="wstrust:UTEncrypted_Binding" >>>>> name="UTEncrypted_Port"> >>>>> >>>>> <soap:address location="/UTEncrypted"/> >>>>> >>>>> </wsdl:port> >>>>> >>>>> <wsdl:port binding="wstrust:Transport_Binding" >>>>> name="Transport_Port"> >>>>> >>>>> <soap:address location="/STSServiceTransport"/> >>>>> >>>>> </wsdl:port> >>>>> >>>>> <wsdl:port binding="wstrust:UT_Binding" name="UT_Port"> >>>>> >>>>> <soap:address location="/UT"/> >>>>> >>>>> </wsdl:port> >>>>> >>>>> </wsdl:service> >>>>> >>>>> Part of current configuration of my ws-trust-1.4-service.wsdl is as >>>>> follow. >>>>> >>>>> <wsdl:service name="SecurityTokenService"> >>>>> >>>>> <wsdl:port name="UT_Port" binding="tns:UT_Binding"> >>>>> >>>>> <soap:address location=" >>>>> http://wkengchoi.global.sdl.corp:9080/jaxws-sts/sts"; /> >>>>> >>>>> </wsdl:port> >>>>> >>>>> <wsdl:port name="X509_Port" binding="tns:X509_Binding"> >>>>> >>>>> <soap:address location=" >>>>> http://wkengchoi.global.sdl.corp:9080/jaxws-sts/sts"; /> >>>>> >>>>> </wsdl:port> >>>>> >>>>> <wsdl:port name="Transport_Port" binding="tns:Transport_Binding"> >>>>> >>>>> <soap:address location=" >>>>> http://wkengchoi.global.sdl.corp:9080/jaxws-sts/sts"; /> >>>>> >>>>> </wsdl:port> >>>>> >>>>> <wsdl:port name="UTEncrypted_Port" >>>>> binding="tns:UTEncrypted_Binding"> >>>>> >>>>> <soap:address location=" >>>>> http://wkengchoi.global.sdl.corp:9080/jaxws-sts/sts"; /> >>>>> >>>>> </wsdl:port> >>>>> >>>>> <wsdl:port name="TransportUT_Port" >>>>> binding="tns:TransportUT_Binding"> >>>>> >>>>> <soap:address location=" >>>>> http://wkengchoi.global.sdl.corp:9080/jaxws-sts/sts"; /> >>>>> >>>>> </wsdl:port> >>>>> >>>>> <wsdl:port name="TransportKerberos_Port" >>>>> binding="tns:TransportKerberos_Binding"> >>>>> >>>>> <soap:address location=" >>>>> http://wkengchoi.global.sdl.corp:9080/jaxws-sts/sts"; /> >>>>> >>>>> </wsdl:port> >>>>> >>>>> </wsdl:service> >>>>> >>>>> >>>>> >>>>> When I run my client toward UTEncrypted_Port, I am getting following >>>>> exception. So, it doesn't like relative address. >>>>> >>>>> Exception in thread "main" javax.xml.ws.WebServiceException: Could not >>>>> send Message. >>>>> at >>>>> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:145) >>>>> at $Proxy25.doubleIt(Unknown Source) >>>>> at client.WSClient.doubleIt(WSClient.java:18) >>>>> at client.WSClient.main(WSClient.java:11) >>>>> *Caused by: java.net.MalformedURLException: no protocol: /UTEncrypted* >>>>> at java.net.URL.<init>(URL.java:567) >>>>> at java.net.URL.<init>(URL.java:464) >>>>> at java.net.URL.<init>(URL.java:413) >>>>> at >>>>> org.apache.cxf.transport.http.HTTPConduit.getURL(HTTPConduit.java:752) >>>>> at >>>>> org.apache.cxf.transport.http.HTTPConduit.getURL(HTTPConduit.java:741) >>>>> at >>>>> org.apache.cxf.transport.http.HTTPConduit.setupURL(HTTPConduit.java:685) >>>>> at >>>>> org.apache.cxf.transport.http.HTTPConduit.prepare(HTTPConduit.java:474) >>>>> at >>>>> org.apache.cxf.interceptor.MessageSenderInterceptor.handleMessage(MessageSenderInterceptor.java:46) >>>>> at >>>>> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262) >>>>> at >>>>> org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:532) >>>>> at >>>>> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:464) >>>>> at >>>>> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:367) >>>>> at >>>>> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:320) >>>>> at >>>>> org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:722) >>>>> at >>>>> org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:602) >>>>> at >>>>> org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:594) >>>>> at >>>>> org.apache.cxf.ws.security.policy.interceptors.IssuedTokenInterceptorProvider$IssuedTokenOutInterceptor.getTokenFromSTS(IssuedTokenInterceptorProvider.java:404) >>>>> at >>>>> org.apache.cxf.ws.security.policy.interceptors.IssuedTokenInterceptorProvider$IssuedTokenOutInterceptor.handleMessage(IssuedTokenInterceptorProvider.java:188) >>>>> at >>>>> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262) >>>>> at >>>>> org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:532) >>>>> at >>>>> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:464) >>>>> at >>>>> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:367) >>>>> at >>>>> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:320) >>>>> at >>>>> org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:89) >>>>> at >>>>> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:134) >>>>> >>>>> Thanks. >>>>> >>>>> Gina >>>>> >>>> >> >> >> -- >> Colm O hEigeartaigh >> >> Talend Community Coder >> http://coders.talend.com >> >> > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
