Regardless: I updated the cxf-xyz.xml files in each of the two WS jar projects
to reflect the property names:
<jaxws:client
id="aamva-security-token-service"
name="{http://schemas.xmlsoap.org/ws/2005/02/trust/wsdl}SecurityTokenService";
createdFromAPI="true"
>
<jaxws:properties>
<entry
key="security.signature.properties.sct"
value="/META-INF/cxf/client-crypto.properties" />
<entry
key="security.encryption.properties.sct"
value="/META-INF/cxf/client-crypto.properties" />
</jaxws:properties>
</jaxws:client>
<jaxws:client
id="aamva-authentication"
name="{http://aamva.org/authentication/3.1.0}wsHttpEndPoint";
createdFromAPI="true"
>
<jaxws:properties>
<entry
key="security.signature.properties.sct"
value="/META-INF/cxf/client-crypto.properties" />
<entry
key="security.encryption.properties.sct"
value="/META-INF/cxf/client-crypto.properties" />
</jaxws:properties>
</jaxws:client>
<jaxws:client id="aamva-vls3"
name="{http://uscis.gov/uscis/services/esb/vls/3.0}WSHttpBinding_IVLS30Service";
createdFromAPI="true"
>
<jaxws:properties>
<entry
key="security.signature.properties.sct"
value="/META-INF/cxf/client-crypto.properties" />
<entry
key="security.encryption.properties.sct"
value="/META-INF/cxf/client-crypto.properties" />
</jaxws:properties>
</jaxws:client>
No change to error message at all:
Feb21 08:02:40.666 WARN [JDBCExceptionReporter ][::] - Origination
unknown: [10228][11541][3.59.81] Security exceptions occurred while loading
driver. ERRORCODE=4223, SQLSTATE=null
Feb21 08:03:03.373 WARN [PhaseInterceptorChain ][::] - Interceptor for
{http://schemas.xmlsoap.org/ws/2005/02/trust/wsdl}SecurityTokenService#{http://schemas.xmlsoap.org/ws/2005/02/trust/wsdl}RequestSecurityToken
has thrown exception, unwinding now
org.apache.cxf.interceptor.Fault: Security configuration could not be detected.
Potential cause: Make sure jaxws:client element with name attribute value
matching endpoint port is defined as well as a security.signature.properties
element within it.
at
org.apache.cxf.ws.security.wss4j.policyhandlers.TransportBindingHandler.handleBinding(TransportBindingHandler.java:172)
~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
at
org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessageInternal(PolicyBasedWSS4JOutInterceptor.java:185)
~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
at
org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessage(PolicyBasedWSS4JOutInterceptor.java:109)
~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
at
org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessage(PolicyBasedWSS4JOutInterceptor.java:96)
~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308)
[cxf-core-3.1.10.jar:3.1.10]
at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:514)
[cxf-core-3.1.10.jar:3.1.10]
The SecurityTokenService isn't referenced in the WSDL, so I'm assuming it is
some kind of automatic service that can be included via configuration or
mention somewhere? Or should I get a WSDL with it referenced explicitly?
-----Original Message-----
From: Colm O hEigeartaigh [mailto:[email protected]]
Sent: Monday, February 20, 2017 8:39 AM
To: [email protected]
Subject: [EXTERNAL] Re: Problem calling WCF MS service with security, policies,
trust
For WS-SecureConversation, the configuration parameters for the "bootstrap"
phase end with ".sct". See the examples here:
https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=blob;f=systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/secconv/client.xml;h=b5a395f7048cfa4d084f38d311df4b5c4206070b;hb=HEAD
I'm not sure if your use-case is going to work by the way. Typically,
WS-SecureConversation is not used to obtain a token for once service and then
re-used for another service.
Colm.
On Fri, Feb 17, 2017 at 2:21 PM, Morein, Arnie <[email protected]>
wrote:
> My situation has two WSDLs: a and b.
>
> Both use the same keystore which contains two Trusted Cert Entries and
> a Private Key Entry (x.509 cert). This key is supposed to be used to
> sign and encrypt the messages.
>
> Calling the a::authentication.authenticate method should be over
> https, signed and encrypted with the cert as mentioned above. NO user
> credentials are supplied. A session token is returned if all is well.
>
> The session token, along with a user name and password are to be
> passed into all calls for WSDL b, using the same cert for signing and
> encryption.
>
> I created two maven projects, one for each WSDL, using the
> cxf-codegen-plugin (3.1.10). Each has a /META-INF/cxf/ folder with
> client-crypto.properties, a cfx-wsdl-a/b.xml file which is a Spring
> beans file with the required jaxws:client entries for the port names,
> and the related key store JKS file.
>
> Both were added to the main WAR project and in one of the Spring XML
> files, I added:
>
> <!-- set up the CXF bus -->
> <import resource="classpath:META-INF/cxf/cxf.xml" />
> <cxf:bus>
> <cxf:features>
> <p:policies />
> <cxf:logging />
> </cxf:features>
> </cxf:bus>
> <import resource="classpath:META-INF/cxf/cxf-aamva-authentication.xml"
> />
> <import resource="classpath:META-INF/cxf/cxf-aamva-vls3.xml" />
>
> And at boot time, spring finds those files and creates the beans. So
> no error THERE.
>
> Calling the constructor for the service class and getting the port
> instance works for WSDL a without error.
>
> But when calling .authenticate, I continually get the following. What
> gives? There isn't a SecurityTokenService listed in the a or b wsdl. I
> have no idea if the port name matches the syntax below ({
> http://schemas.xmlsoap.org/ws/2005/02/trust/wsdl}SecurityTokenService)
> or not.
>
>
>
> Feb17 08:17:37.735 WARN [PhaseInterceptorChain ][::] - Interceptor
> for {http://schemas.xmlsoap.org/ws/2005/02/trust/wsdl}
> SecurityTokenService#{http://schemas.xmlsoap.org/ws/2005/02/trust/wsdl
> } RequestSecurityToken has thrown exception, unwinding now
> org.apache.cxf.interceptor.Fault: Security configuration could not be
> detected. Potential cause: Make sure jaxws:client element with name
> attribute value matching endpoint port is defined as well as a
> security.signature.properties element within it.
> at org.apache.cxf.ws.security.wss4j.policyhandlers.
> TransportBindingHandler.handleBinding(TransportBindingHandler.java:172
> ) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
> at
> org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor
> $PolicyBasedWSS4JOutInterceptorInternal.handleMessageInternal(
> PolicyBasedWSS4JOutInterceptor.java:185) ~[cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
> at
> org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor
> $PolicyBasedWSS4JOutInterceptorInternal.handleMessage(
> PolicyBasedWSS4JOutInterceptor.java:109) ~[cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
> at
> org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor
> $PolicyBasedWSS4JOutInterceptorInternal.handleMessage(
> PolicyBasedWSS4JOutInterceptor.java:96) ~[cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
> at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> PhaseInterceptorChain.java:308) [cxf-core-3.1.10.jar:3.1.10]
> at
> org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:514)
> [cxf-core-3.1.10.jar:3.1.10]
> at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:423)
> [cxf-core-3.1.10.jar:3.1.10]
> at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:324)
> [cxf-core-3.1.10.jar:3.1.10]
> at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:277)
> [cxf-core-3.1.10.jar:3.1.10]
> at
> org.apache.cxf.ws.security.trust.AbstractSTSClient.issue(AbstractSTSCl
> ient.java:861) [cxf-rt-ws-security-3.1.10.jar:3.1.10]
> at org.apache.cxf.ws.security.trust.STSClient.
> requestSecurityToken(STSClient.java:61) [cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
> at org.apache.cxf.ws.security.trust.STSClient.
> requestSecurityToken(STSClient.java:55) [cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
> at org.apache.cxf.ws.security.trust.STSClient.
> requestSecurityToken(STSClient.java:51) [cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
> at org.apache.cxf.ws.security.policy.interceptors.
> SecureConversationOutInterceptor.issueToken(SecureConversationOutInter
> ceptor.java:198) [cxf-rt-ws-security-3.1.10.jar:3.1.10]
> at org.apache.cxf.ws.security.policy.interceptors.
> SecureConversationOutInterceptor.handleMessage(
> SecureConversationOutInterceptor.java:81) [cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
> at org.apache.cxf.ws.security.policy.interceptors.
> SecureConversationOutInterceptor.handleMessage(
> SecureConversationOutInterceptor.java:50) [cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
> at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> PhaseInterceptorChain.java:308) [cxf-core-3.1.10.jar:3.1.10]
> at
> org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:514)
> [cxf-core-3.1.10.jar:3.1.10]
> at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:423)
> [cxf-core-3.1.10.jar:3.1.10]
> at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:324)
> [cxf-core-3.1.10.jar:3.1.10]
> at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:277)
> [cxf-core-3.1.10.jar:3.1.10]
> at
> org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
> [cxf-rt-frontend-simple-3.1.10.jar:3.1.10]
> at
> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:139
> ) [cxf-rt-frontend-jaxws-3.1.10.jar:3.1.10]
> at com.sun.proxy.$Proxy56.authenticate(Unknown Source) [na:na]
> at
> txdps.dl.bpr.common.business.VlsBusiness.postConstruct(VlsBusiness.jav
> a:178)
> [VlsBusiness.class:na]
> ...
>
> Caused by: org.apache.cxf.ws.policy.PolicyException: Security
> configuration could not be detected. Potential cause: Make sure
> jaxws:client element with name attribute value matching endpoint port
> is defined as well as a security.signature.properties element within it.
> at org.apache.cxf.ws.security.wss4j.policyhandlers.
> AbstractCommonBindingHandler.unassertPolicy(AbstractCommonBindingHandl
> er.java:92) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
> at org.apache.cxf.ws.security.wss4j.policyhandlers.
> AbstractBindingBuilder.getSignatureBuilder(AbstractBindingBuilder.java
> :1821) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
> at org.apache.cxf.ws.security.wss4j.policyhandlers.
> TransportBindingHandler.doX509TokenSignature(TransportBindingHandler.j
> ava:388) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
> at org.apache.cxf.ws.security.wss4j.policyhandlers.
> TransportBindingHandler.handleEndorsingToken(TransportBindingHandler.j
> ava:319) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
> at org.apache.cxf.ws.security.wss4j.policyhandlers.
> TransportBindingHandler.handleEndorsingSupportingToken
> s(TransportBindingHandler.java:269) ~[cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
> at org.apache.cxf.ws.security.wss4j.policyhandlers.
> TransportBindingHandler.handleBinding(TransportBindingHandler.java:159
> ) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
> ... 270 common frames omitted
> Feb17 08:17:37.788 WARN [PhaseInterceptorChain ][::] - Interceptor
> for
> {http://aamva.org/authentication/3.1.0}AuthenticationService#{http://
> aamva.org/authentication/3.1.0}Authenticate has thrown exception,
> unwinding now
> org.apache.cxf.interceptor.Fault: Security configuration could not be
> detected. Potential cause: Make sure jaxws:client element with name
> attribute value matching endpoint port is defined as well as a
> security.signature.properties element within it.
> at org.apache.cxf.ws.security.wss4j.policyhandlers.
> TransportBindingHandler.handleBinding(TransportBindingHandler.java:172
> ) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
> at
> org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor
> $PolicyBasedWSS4JOutInterceptorInternal.handleMessageInternal(
> PolicyBasedWSS4JOutInterceptor.java:185) ~[cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
> at
> org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor
> $PolicyBasedWSS4JOutInterceptorInternal.handleMessage(
> PolicyBasedWSS4JOutInterceptor.java:109) ~[cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
> at
> org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor
> $PolicyBasedWSS4JOutInterceptorInternal.handleMessage(
> PolicyBasedWSS4JOutInterceptor.java:96) ~[cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
> at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> PhaseInterceptorChain.java:308) ~[cxf-core-3.1.10.jar:3.1.10]
> at
> org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:514)
> [cxf-core-3.1.10.jar:3.1.10]
> at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:423)
> [cxf-core-3.1.10.jar:3.1.10]
> at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:324)
> [cxf-core-3.1.10.jar:3.1.10]
> at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:277)
> [cxf-core-3.1.10.jar:3.1.10]
> at
> org.apache.cxf.ws.security.trust.AbstractSTSClient.issue(AbstractSTSCl
> ient.java:861) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
> at org.apache.cxf.ws.security.trust.STSClient.
> requestSecurityToken(STSClient.java:61) ~[cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
> at org.apache.cxf.ws.security.trust.STSClient.
> requestSecurityToken(STSClient.java:55) ~[cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
> at org.apache.cxf.ws.security.trust.STSClient.
> requestSecurityToken(STSClient.java:51) ~[cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
> at org.apache.cxf.ws.security.policy.interceptors.
> SecureConversationOutInterceptor.issueToken(SecureConversationOutInter
> ceptor.java:198) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
> at org.apache.cxf.ws.security.policy.interceptors.
> SecureConversationOutInterceptor.handleMessage(
> SecureConversationOutInterceptor.java:81) ~[cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
> at org.apache.cxf.ws.security.policy.interceptors.
> SecureConversationOutInterceptor.handleMessage(
> SecureConversationOutInterceptor.java:50) ~[cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
> at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> PhaseInterceptorChain.java:308) ~[cxf-core-3.1.10.jar:3.1.10]
> at
> org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:514)
> [cxf-core-3.1.10.jar:3.1.10]
> at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:423)
> [cxf-core-3.1.10.jar:3.1.10]
> at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:324)
> [cxf-core-3.1.10.jar:3.1.10]
> at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:277)
> [cxf-core-3.1.10.jar:3.1.10]
> at
> org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
> [cxf-rt-frontend-simple-3.1.10.jar:3.1.10]
> at
> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:139
> ) [cxf-rt-frontend-jaxws-3.1.10.jar:3.1.10]
> at com.sun.proxy.$Proxy56.authenticate(Unknown Source) [na:na]
> at
> txdps.dl.bpr.common.business.VlsBusiness.postConstruct(VlsBusiness.jav
> a:178)
> [VlsBusiness.class:na]
>
>
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
