For WS-SecureConversation, the configuration parameters for the "bootstrap" phase end with ".sct". See the examples here:
https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=blob;f=systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/secconv/client.xml;h=b5a395f7048cfa4d084f38d311df4b5c4206070b;hb=HEAD I'm not sure if your use-case is going to work by the way. Typically, WS-SecureConversation is not used to obtain a token for once service and then re-used for another service. Colm. On Fri, Feb 17, 2017 at 2:21 PM, Morein, Arnie <[email protected]> wrote: > My situation has two WSDLs: a and b. > > Both use the same keystore which contains two Trusted Cert Entries and a > Private Key Entry (x.509 cert). This key is supposed to be used to sign and > encrypt the messages. > > Calling the a::authentication.authenticate method should be over https, > signed and encrypted with the cert as mentioned above. NO user credentials > are supplied. A session token is returned if all is well. > > The session token, along with a user name and password are to be passed > into all calls for WSDL b, using the same cert for signing and encryption. > > I created two maven projects, one for each WSDL, using the > cxf-codegen-plugin (3.1.10). Each has a /META-INF/cxf/ folder with > client-crypto.properties, a cfx-wsdl-a/b.xml file which is a Spring beans > file with the required jaxws:client entries for the port names, and the > related key store JKS file. > > Both were added to the main WAR project and in one of the Spring XML > files, I added: > > <!-- set up the CXF bus --> > <import resource="classpath:META-INF/cxf/cxf.xml" /> > <cxf:bus> > <cxf:features> > <p:policies /> > <cxf:logging /> > </cxf:features> > </cxf:bus> > <import resource="classpath:META-INF/cxf/cxf-aamva-authentication.xml" > /> > <import resource="classpath:META-INF/cxf/cxf-aamva-vls3.xml" /> > > And at boot time, spring finds those files and creates the beans. So no > error THERE. > > Calling the constructor for the service class and getting the port > instance works for WSDL a without error. > > But when calling .authenticate, I continually get the following. What > gives? There isn't a SecurityTokenService listed in the a or b wsdl. I have > no idea if the port name matches the syntax below ({ > http://schemas.xmlsoap.org/ws/2005/02/trust/wsdl}SecurityTokenService) or > not. > > > > Feb17 08:17:37.735 WARN [PhaseInterceptorChain ][::] - Interceptor > for {http://schemas.xmlsoap.org/ws/2005/02/trust/wsdl} > SecurityTokenService#{http://schemas.xmlsoap.org/ws/2005/02/trust/wsdl} > RequestSecurityToken has thrown exception, unwinding now > org.apache.cxf.interceptor.Fault: Security configuration could not be > detected. Potential cause: Make sure jaxws:client element with name > attribute value matching endpoint port is defined as well as a > security.signature.properties element within it. > at org.apache.cxf.ws.security.wss4j.policyhandlers. > TransportBindingHandler.handleBinding(TransportBindingHandler.java:172) > ~[cxf-rt-ws-security-3.1.10.jar:3.1.10] > at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor > $PolicyBasedWSS4JOutInterceptorInternal.handleMessageInternal( > PolicyBasedWSS4JOutInterceptor.java:185) ~[cxf-rt-ws-security-3.1.10. > jar:3.1.10] > at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor > $PolicyBasedWSS4JOutInterceptorInternal.handleMessage( > PolicyBasedWSS4JOutInterceptor.java:109) ~[cxf-rt-ws-security-3.1.10. > jar:3.1.10] > at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor > $PolicyBasedWSS4JOutInterceptorInternal.handleMessage( > PolicyBasedWSS4JOutInterceptor.java:96) ~[cxf-rt-ws-security-3.1.10. > jar:3.1.10] > at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept( > PhaseInterceptorChain.java:308) [cxf-core-3.1.10.jar:3.1.10] > at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:514) > [cxf-core-3.1.10.jar:3.1.10] > at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:423) > [cxf-core-3.1.10.jar:3.1.10] > at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:324) > [cxf-core-3.1.10.jar:3.1.10] > at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:277) > [cxf-core-3.1.10.jar:3.1.10] > at > org.apache.cxf.ws.security.trust.AbstractSTSClient.issue(AbstractSTSClient.java:861) > [cxf-rt-ws-security-3.1.10.jar:3.1.10] > at org.apache.cxf.ws.security.trust.STSClient. > requestSecurityToken(STSClient.java:61) [cxf-rt-ws-security-3.1.10. > jar:3.1.10] > at org.apache.cxf.ws.security.trust.STSClient. > requestSecurityToken(STSClient.java:55) [cxf-rt-ws-security-3.1.10. > jar:3.1.10] > at org.apache.cxf.ws.security.trust.STSClient. > requestSecurityToken(STSClient.java:51) [cxf-rt-ws-security-3.1.10. > jar:3.1.10] > at org.apache.cxf.ws.security.policy.interceptors. > SecureConversationOutInterceptor.issueToken(SecureConversationOutInterceptor.java:198) > [cxf-rt-ws-security-3.1.10.jar:3.1.10] > at org.apache.cxf.ws.security.policy.interceptors. > SecureConversationOutInterceptor.handleMessage( > SecureConversationOutInterceptor.java:81) [cxf-rt-ws-security-3.1.10. > jar:3.1.10] > at org.apache.cxf.ws.security.policy.interceptors. > SecureConversationOutInterceptor.handleMessage( > SecureConversationOutInterceptor.java:50) [cxf-rt-ws-security-3.1.10. > jar:3.1.10] > at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept( > PhaseInterceptorChain.java:308) [cxf-core-3.1.10.jar:3.1.10] > at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:514) > [cxf-core-3.1.10.jar:3.1.10] > at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:423) > [cxf-core-3.1.10.jar:3.1.10] > at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:324) > [cxf-core-3.1.10.jar:3.1.10] > at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:277) > [cxf-core-3.1.10.jar:3.1.10] > at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96) > [cxf-rt-frontend-simple-3.1.10.jar:3.1.10] > at > org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:139) > [cxf-rt-frontend-jaxws-3.1.10.jar:3.1.10] > at com.sun.proxy.$Proxy56.authenticate(Unknown Source) [na:na] > at > txdps.dl.bpr.common.business.VlsBusiness.postConstruct(VlsBusiness.java:178) > [VlsBusiness.class:na] > ... > > Caused by: org.apache.cxf.ws.policy.PolicyException: Security > configuration could not be detected. Potential cause: Make sure > jaxws:client element with name attribute value matching endpoint port is > defined as well as a security.signature.properties element within it. > at org.apache.cxf.ws.security.wss4j.policyhandlers. > AbstractCommonBindingHandler.unassertPolicy(AbstractCommonBindingHandler.java:92) > ~[cxf-rt-ws-security-3.1.10.jar:3.1.10] > at org.apache.cxf.ws.security.wss4j.policyhandlers. > AbstractBindingBuilder.getSignatureBuilder(AbstractBindingBuilder.java:1821) > ~[cxf-rt-ws-security-3.1.10.jar:3.1.10] > at org.apache.cxf.ws.security.wss4j.policyhandlers. > TransportBindingHandler.doX509TokenSignature(TransportBindingHandler.java:388) > ~[cxf-rt-ws-security-3.1.10.jar:3.1.10] > at org.apache.cxf.ws.security.wss4j.policyhandlers. > TransportBindingHandler.handleEndorsingToken(TransportBindingHandler.java:319) > ~[cxf-rt-ws-security-3.1.10.jar:3.1.10] > at org.apache.cxf.ws.security.wss4j.policyhandlers. > TransportBindingHandler.handleEndorsingSupportingToken > s(TransportBindingHandler.java:269) ~[cxf-rt-ws-security-3.1.10. > jar:3.1.10] > at org.apache.cxf.ws.security.wss4j.policyhandlers. > TransportBindingHandler.handleBinding(TransportBindingHandler.java:159) > ~[cxf-rt-ws-security-3.1.10.jar:3.1.10] > ... 270 common frames omitted > Feb17 08:17:37.788 WARN [PhaseInterceptorChain ][::] - Interceptor > for {http://aamva.org/authentication/3.1.0}AuthenticationService#{http:// > aamva.org/authentication/3.1.0}Authenticate has thrown exception, > unwinding now > org.apache.cxf.interceptor.Fault: Security configuration could not be > detected. Potential cause: Make sure jaxws:client element with name > attribute value matching endpoint port is defined as well as a > security.signature.properties element within it. > at org.apache.cxf.ws.security.wss4j.policyhandlers. > TransportBindingHandler.handleBinding(TransportBindingHandler.java:172) > ~[cxf-rt-ws-security-3.1.10.jar:3.1.10] > at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor > $PolicyBasedWSS4JOutInterceptorInternal.handleMessageInternal( > PolicyBasedWSS4JOutInterceptor.java:185) ~[cxf-rt-ws-security-3.1.10. > jar:3.1.10] > at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor > $PolicyBasedWSS4JOutInterceptorInternal.handleMessage( > PolicyBasedWSS4JOutInterceptor.java:109) ~[cxf-rt-ws-security-3.1.10. > jar:3.1.10] > at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor > $PolicyBasedWSS4JOutInterceptorInternal.handleMessage( > PolicyBasedWSS4JOutInterceptor.java:96) ~[cxf-rt-ws-security-3.1.10. > jar:3.1.10] > at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept( > PhaseInterceptorChain.java:308) ~[cxf-core-3.1.10.jar:3.1.10] > at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:514) > [cxf-core-3.1.10.jar:3.1.10] > at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:423) > [cxf-core-3.1.10.jar:3.1.10] > at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:324) > [cxf-core-3.1.10.jar:3.1.10] > at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:277) > [cxf-core-3.1.10.jar:3.1.10] > at > org.apache.cxf.ws.security.trust.AbstractSTSClient.issue(AbstractSTSClient.java:861) > ~[cxf-rt-ws-security-3.1.10.jar:3.1.10] > at org.apache.cxf.ws.security.trust.STSClient. > requestSecurityToken(STSClient.java:61) ~[cxf-rt-ws-security-3.1.10. > jar:3.1.10] > at org.apache.cxf.ws.security.trust.STSClient. > requestSecurityToken(STSClient.java:55) ~[cxf-rt-ws-security-3.1.10. > jar:3.1.10] > at org.apache.cxf.ws.security.trust.STSClient. > requestSecurityToken(STSClient.java:51) ~[cxf-rt-ws-security-3.1.10. > jar:3.1.10] > at org.apache.cxf.ws.security.policy.interceptors. > SecureConversationOutInterceptor.issueToken(SecureConversationOutInterceptor.java:198) > ~[cxf-rt-ws-security-3.1.10.jar:3.1.10] > at org.apache.cxf.ws.security.policy.interceptors. > SecureConversationOutInterceptor.handleMessage( > SecureConversationOutInterceptor.java:81) ~[cxf-rt-ws-security-3.1.10. > jar:3.1.10] > at org.apache.cxf.ws.security.policy.interceptors. > SecureConversationOutInterceptor.handleMessage( > SecureConversationOutInterceptor.java:50) ~[cxf-rt-ws-security-3.1.10. > jar:3.1.10] > at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept( > PhaseInterceptorChain.java:308) ~[cxf-core-3.1.10.jar:3.1.10] > at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:514) > [cxf-core-3.1.10.jar:3.1.10] > at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:423) > [cxf-core-3.1.10.jar:3.1.10] > at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:324) > [cxf-core-3.1.10.jar:3.1.10] > at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:277) > [cxf-core-3.1.10.jar:3.1.10] > at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96) > [cxf-rt-frontend-simple-3.1.10.jar:3.1.10] > at > org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:139) > [cxf-rt-frontend-jaxws-3.1.10.jar:3.1.10] > at com.sun.proxy.$Proxy56.authenticate(Unknown Source) [na:na] > at > txdps.dl.bpr.common.business.VlsBusiness.postConstruct(VlsBusiness.java:178) > [VlsBusiness.class:na] > > > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
