RE: Help loading signature properties

Tue, 23 Sep 2014 11:05:49 -0700 

Thanx, Glen. I think the dependencies are there. There are several layers of 
pom file to decode, but the pom file building this bit has this:

    <dependency>
      <groupId>org.apache.cxf</groupId>
      <artifactId>cxf-rt-ws-security</artifactId>
      <version>${cxf-version}</version>
      <scope>test</scope>
    </dependency>

And it's parent pom file has this:

     <dependency>
      <groupId>org.springframework</groupId>
      <artifactId>spring-context</artifactId>
      <version>${spring-version}</version>
      <scope>test</scope>
    </dependency>

So I think I'm covered dependency-wise. I've specified Spring 3.1.0, because I 
was having issues with ehCache that seemed to warrant it.

Stephen W. Chappell

-----Original Message-----
From: Glen Mazza [mailto:glen.ma...@gmail.com] 
Sent: Tuesday, September 23, 2014 1:53 PM
To: users@cxf.apache.org
Subject: Re: Help loading signature properties

Did you add the required Spring dependencies (necessary to read your Spring 
config) to your code as part of the upgrade?  CXF 2.3 automatically included 
dependencies that later versions do not.

http://web-gmazza.rhcloud.com/blog/entry/cxf-usernametoken-profile#UTCXF2

Glen

On 09/23/2014 01:48 PM, stephen.ctr.chapp...@faa.gov wrote:
> I'm working on migrating some legacy code I've been stuck with from CXF 
> 2.3/WSS4J 1.5 up to CXF 2.7/WSS4J 1.6, and I'm having some troubles. The 
> latest issue is something that I'm sure is obvious and I'm just not seeing 
> ... I am getting this exception when I run one of my tests:
>
> org.apache.cxf.binding.soap.SoapFault: Security processing failed.
>          at 
> org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:280)
>          at 
> org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:141)
>          ....
> Caused by: org.apache.ws.security.WSSecurityException: Error during Signature:
>          at 
> org.apache.ws.security.action.SignatureAction.execute(SignatureAction.java:122)
>          at 
> org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.java:232)
>          at 
> org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor.access$200(WSS4JOutInterceptor.java:52)
>          at 
> org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:265)
>          ... 47 more
> Caused by: org.apache.ws.security.WSSecurityException: General security error 
> (WSSecurityEngine: No crypto property file supplied to verify signature)
>          at 
> org.apache.ws.security.message.WSSecSignature.getSigningCerts(WSSecSignature.java:789)
>          at 
> org.apache.ws.security.message.WSSecSignature.prepare(WSSecSignature.java:169)
>          at 
> org.apache.ws.security.action.SignatureAction.execute(SignatureAction.java:71)
>          ... 50 more
>
> I've shortened the stack trace a bit but that should be the most important 
> parts. Now the exception itself I think is clear - there's a problem with the 
> crypto properties. It's the exact problem that eludes me. In my Spring 
> configuration, the original developers referenced a Crypto bean rather than 
> using an external file. This is the bean configuration:
>
>    <bean id="wss4jOutInterceptor" 
> class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
>      <constructor-arg>
>        <map>
>          <entry key="action" value="Timestamp Signature" />
>          <entry key="user" value="test-user (test ca 1)" />
>          <entry key="timeToLive" value="60" />
>          <entry key="signatureUser" value="test-user (test ca 1)" />
>          <entry key="signatureKeyIdentifier" value="DirectReference" />
>          <entry key="SignaturePropRefId" value="signatureProperties" />
>          <entry key="signatureProperties" value-ref="cryptoProperties" />
>          <entry key="signatureParts" 
> value="{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body; 
> {Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp";
>  />
>          <entry key="signatureAlgorithm" 
> value="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
>          <entry key="signatureDigestAlgorithm" 
> value="http://www.w3.org/2001/04/xmlenc#sha256"/>
>          <entry key="passwordCallbackRef" value-ref="pwCallback" />
>        </map>
>      </constructor-arg>
>    </bean>
>
>    <bean id="wss4jInInterceptor" 
> class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
>      <constructor-arg>
>        <map>
>          <entry key="action" value="Signature Timestamp Encrypt" />
>          <entry key="SignaturePropRefId" value="cryptoProperties" />
>          <entry key="decryptionPropRefId" value="cryptoProperties" />
>          <entry key="cryptoProperties" value-ref="cryptoProperties" />
>          <entry key="passwordCallbackRef" value-ref="pwCallback" />
>        </map>
>      </constructor-arg>
>    </bean>
>
>    <util:properties id="cryptoProperties">
>      <prop 
> key="org.apache.ws.security.crypto.provider">org.apache.ws.security.components.crypto.Merlin</prop>
>      <prop 
> key="org.apache.ws.security.crypto.merlin.keystore.file">test-user.jks</prop>
>      <prop key="org.apache.ws.security.crypto.merlin.keystore.type">jks</prop>
>      <prop 
> key="org.apache.ws.security.crypto.merlin.keystore.provider"></prop> -->
>      <prop 
> key="org.apache.ws.security.crypto.merlin.keystore.password">xxxxx</prop>
>      <prop 
> key="org.apache.ws.security.crypto.merlin.load.cacerts">false</prop>
>    </util:properties>
>
> Does anyone have any ideas on what may be off here? Thanx,
>
> Stephen W. Chappell
>

Reply via email to