That's what I was afraid of. I removed the registration of the intercepters and
now am getting:
org.apache.cxf.binding.soap.SoapFault: MustUnderstand headers:
[{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security]
are not understood.
Both without and with the following properties added to the end point:
<jaxws:properties>
<entry key="security.callback-handler.sct"
value="gov.uscis.uscis.xsd.esb.authentication.AuthenticationServicePasswordCallback"
/>
<entry key="security.signature.properties.sct"
value="cxf/crypto.properties" />
<entry key="security.encryption.username.sct"
value="dls-vls-mock-service-client-key" />
</jaxws:properties>
I must say, the documentation is very vague in places. I'm assuming that
"username" is the JKS alias of the key used to sign/etc. the messages.
So what I have I left out now?
What's more confusing is that the WAR containing the mock service is running in
the same VM on my machine as the client. I deploy the service first (no errors)
and then the client, then it attempts to connect. The logging doesn't clearly
indicate if the exception is coming from the client or the server. Could that
be the case?
-----Original Message-----
From: Colm O hEigeartaigh [mailto:[email protected]]
Sent: Friday, November 03, 2017 3:17 AM
To: [email protected]
Subject: Re: Help with configuring web service to match security from WSDL
Hi,
You are mixing up the two different ways of configuring WS-Security in CXF.
When there is a security policy available, then you don't manually configure
the WSS4JInInterceptor or WSS4JOutInterceptors. They are used when there is no
security policy and you have to manually tell CXF what WS-Security actions to
perform. Instead the configuration is a lot simpler for the policy case.
I'd suggest you look at the example test-case for WS-SecureConversation in the
CXF source:
https://github.com/apache/cxf/blob/master/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/secconv/SecureConversationTest.java
In particular, the service configuration is here:
https://github.com/apache/cxf/blob/master/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/secconv/server.xml
Colm.
On Fri, Nov 3, 2017 at 2:43 AM, Morein, Arnie <[email protected]>
wrote:
> I have created a mock service based on a WSDL from a vendor that is
> already in use.
>
> One of the calls requires that the message be
> timestamped/signed/encrypted before transmission.
>
> The real service provider issued an X.509 certificate for our use. I
> have had our internal folks issue one like it with the same extensions.
>
> Everything is in place, but when the client app hits my mock service,
> it gets an error that is neither clear or helpful:
>
>
> org.apache.cxf.binding.soap.SoapFault: A security error was
> encountered when verifying the message ...
> Caused by: org.apache.wss4j.common.ext.WSSecurityException: An error
> was discovered processing the <wsse:Security> header
>
> Digging into the CXF trace log, I barely managed to find these:
>
> 2017-11-02 19:49:52.018 DEBUG
> [org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor]
> WSS4JInInterceptor: enter handleMessage()
> 2017-11-02 19:49:54.037 WARN
> [org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor]
> Security processing failed (actions mismatch)
>
> The messages are being generated by CXF (wsdl2java situation).
>
> The WSDL policy section is thus:
>
> <wsp:Policy wsu:Id="wsHttpEndPoint_policy">
> <wsp:ExactlyOne>
> <wsp:All>
> <sp:TransportBinding
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/
> securitypolicy"
> >
> <wsp:Policy>
> <sp:TransportToken>
> <wsp:Policy>
> <sp:HttpsToken
> RequireClientCertificate="false" />
> </wsp:Policy>
> </sp:TransportToken>
> <sp:AlgorithmSuite>
> <wsp:Policy>
> <sp:Basic256 />
> </wsp:Policy>
> </sp:AlgorithmSuite>
> <sp:Layout>
> <wsp:Policy>
> <sp:Strict />
> </wsp:Policy>
> </sp:Layout>
> <sp:IncludeTimestamp />
> </wsp:Policy>
> </sp:TransportBinding>
> <sp:EndorsingSupportingTokens
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/
> securitypolicy"
> >
> <wsp:Policy>
> <sp:SecureConversationToken
> sp:IncludeToken="http://
> schemas.xmlsoap.org/ws/2005/07/securitypolicy/
> IncludeToken/AlwaysToRecipient"
> >
> <wsp:Policy>
> <sp:BootstrapPolicy>
> <wsp:Policy>
> <sp:SignedParts>
> <sp:Body />
> <sp:Header
> Name="To"
> Namespace="
> http://www.w3.org/2005/08/addressing"; />
> <sp:Header
> Name="From"
> Namespace="
> http://www.w3.org/2005/08/addressing"; />
> <sp:Header
> Name="FaultTo"
> Namespace="
> http://www.w3.org/2005/08/addressing"; />
> <sp:Header
> Name="ReplyTo"
> Namespace="
> http://www.w3.org/2005/08/addressing"; />
> <sp:Header
> Name="MessageID"
> Namespace="
> http://www.w3.org/2005/08/addressing"; />
> <sp:Header
> Name="RelatesTo"
> Namespace="
> http://www.w3.org/2005/08/addressing"; />
> <sp:Header
> Name="Action"
> Namespace="
> http://www.w3.org/2005/08/addressing"; />
> </sp:SignedParts>
> <sp:EncryptedParts>
> <sp:Body />
> </sp:EncryptedParts>
> <sp:TransportBinding>
> <wsp:Policy>
> <sp:TransportToken>
> <wsp:Policy>
> <sp:HttpsToken
>
> RequireClientCertificate="false" />
> </wsp:Policy>
> </sp:TransportToken>
> <sp:AlgorithmSuite>
> <wsp:Policy>
> <sp:Basic256 />
> </wsp:Policy>
> </sp:AlgorithmSuite>
> <sp:Layout>
> <wsp:Policy>
> <sp:Strict />
> </wsp:Policy>
> </sp:Layout>
> <sp:IncludeTimestamp />
> </wsp:Policy>
> </sp:TransportBinding>
> <sp:EndorsingSupportingTokens>
> <wsp:Policy>
> <sp:X509Token
> sp:IncludeToken="
> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/
> IncludeToken/AlwaysToRecipient"
> >
> <wsp:Policy>
>
> <sp:RequireThumbprintReference />
>
> <sp:WssX509V3Token10 />
> </wsp:Policy>
> </sp:X509Token>
> <sp:SignedParts>
> <sp:Header
> Name="To"
> Namespace="
> http://www.w3.org/2005/08/addressing"; />
> </sp:SignedParts>
> </wsp:Policy>
> </sp:EndorsingSupportingTokens>
> <sp:Wss11>
> <wsp:Policy>
>
> <sp:MustSupportRefThumbprint />
> </wsp:Policy>
> </sp:Wss11>
> <sp:Trust10>
> <wsp:Policy>
>
> <sp:MustSupportIssuedTokens />
> <sp:RequireClientEntropy />
> <sp:RequireServerEntropy />
> </wsp:Policy>
> </sp:Trust10>
> </wsp:Policy>
> </sp:BootstrapPolicy>
> </wsp:Policy>
> </sp:SecureConversationToken>
> </wsp:Policy>
> </sp:EndorsingSupportingTokens>
> <sp:Wss11
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/
> securitypolicy">
> <wsp:Policy />
> </sp:Wss11>
> <sp:Trust10
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/
> securitypolicy"
> >
> <wsp:Policy>
> <sp:MustSupportIssuedTokens />
> <sp:RequireClientEntropy />
> <sp:RequireServerEntropy />
> </wsp:Policy>
> </sp:Trust10>
> <wsaw:UsingAddressing />
> </wsp:All>
> </wsp:ExactlyOne>
> </wsp:Policy>
>
> and a message being sent to my mock service looks like:
>
> ID: 1
> Address: https://localhost:8443/mock-vls-ws/services/
> mockAuthenticationService
> Encoding: UTF-8
> Http-Method: POST
> Content-Type: application/soap+xml; action="http://schemas.
> xmlsoap.org/ws/2005/02/trust/RST/SCT"; charset=UTF-8
> Headers: {Accept=[*/*], cache-control=[no-cache],
> connection=[keep-alive], content-type=[application/soap+xml;
> action="http://schemas.
> xmlsoap.org/ws/2005/02/trust/RST/SCT"; charset=UTF-8],
> host=[localhost:8443], pragma=[no-cache], transfer-encoding=[chunked],
> user-agent=[Apache-CXF/3.1.10]}
> Payload:
> <soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope";>
> <soap:Header>
> <Action xmlns="http://www.w3.org/2005/08/addressing";>
> http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT</Action>
> <MessageID xmlns="http://www.w3.org/2005/08/addressing";>urn:uuid:
> d4a37685-340a-41e3-9ad5-33d21601b2b2</MessageID>
> <To xmlns="http://www.w3.org/2005/08/addressing";
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-
> 200401-wss-wssecurity-utility-1.0.xsd"
> wsu:Id="_7f09a81a-706a-4d03-932e-c402c7af8d16"
> >https://localhost:8443/mock-vls-ws/services/
> mockAuthenticationService</To>
> <ReplyTo xmlns="http://www.w3.org/2005/08/addressing";>
> <Address>http://www.w3.org/2005/08/addressing/anonymous</
> Address>
> </ReplyTo>
> <wsse:Security
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-
> 200401-wss-wssecurity-secext-1.0.xsd"
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-
> 200401-wss-wssecurity-utility-1.0.xsd"
> soap:mustUnderstand="true"
> >
> <wsse:BinarySecurityToken
> EncodingType="http://docs.oasis-open.org/wss/2004/01/
> oasis-200401-wss-soap-message-security-1.0#Base64Binary"
>
> ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-
> 200401-wss-x509-token-profile-1.0#X509v3"
> wsu:Id="X509-fbd22553-2805-4f67-af0c-cd552b6c4ea1"
>
> >MIIHPzCCBSegAwIBAgITRAAAc2IaBbGCTk7sGwAAAABzYjANBgkqhkiG9w0B
> AQsFADBBMRMwEQYKCZImiZPyLGQBGRYDRFBTMRMwEQYKCZImiZPyLGQBGRYD
> VExFMRUwEwYDVQQDEwxEUFNJc3N1ZUNBMDEwHhcNMTcxMTAxMTczMTUzWhcN
> MjAxMDMxMTczMTUzWjCBjTELMAkGA1UEBhMCVVMxDjAMBgNVBAgTBVRleGFz
> MQ8wDQYDVQQHEwZBdXN0aW4xKjAoBgNVBAoTIVRleGFzIERlcGFydG1lbnQg
> b2YgUHVibGljIFNhZmV0eTELMAkGA1UECxMCSVQxJDAiBgNVBAMMG2Rwcy5k
> ZXZlbG9wZXJAZHBzLnRleGFzLmdvdjCCASIwDQYJKoZIhvcNAQEBBQADggEP
> ADCCAQoCggEBAIPrRFbLW92EYqeCr/jrEkFaHLP4Zm8lMnpNV1aJtEPuZno3GdBtRNadTH
> pg+ x6dKQemTgrpZJIzBCsm6iCWliB2PWqdFbQKt3DQoG4o8fT8DxPNZLod9Y/
> Rfi8Lb7NO33WdFu6JG8KRypTs1mQUItQ03TbKapACMmyoXhctZEgnSkwQUBY
> F6jUHMoOpcxj6pPr/oaV9YMfh4P2eyKxNTdJGJXGe9kUPpLRydgoBq9NHluUfjsxKQ4STw
> G45+ 8TMZnXZOF3qQpW2Ny1shn5V2wSECZBHiTaTtshcIz6Kxew47nW9DQ2ITpbba
> lYTXdnaBOalKpKkS0r4/96QD2HrYQECAwEAAaOCAuEwggLdMB0
> GA1UdDgQWBBRHFQmUcuBtf6vI5ikCLF1uudlSezAfBgNVHSMEGDAWgBSqB1gVMhLVRX/
> DsU7Cy9JdkhJExjCCAQQGA1UdHwSB/DCB+TCB9qCB86CB8IaBt2xkYXA6Ly8vQ04
> 9RFBTSXNzdWVDQTAxLENOPUhEUVBSRElUU0lDQTAwMSxDTj1DRFAsQ049UHV
> ibGljJTIwS2V5JTIwU2VydmljZXMsQ049U2VydmljZXMsQ049Q29uZmlndXJ
> hdGlvbixEQz1UTEUsREM9RFBTP2NlcnRpZmljYXRlUmV2b2NhdGlvbkxpc3Q/
> YmFzZT9vYmplY3RDbGFzcz1jUkxEaXN0cmlidXRpb25Qb2ludIY0aHR0cDov
> L2NybC5kcHMudGV4YXMuZ292L2NlcnRlbnJvbGwvRFBTSXNzdWVDQTAxLmNy
> bDCB5QYIKwYBBQUHAQEEgdgwgdUwgacGCCsGAQUFBzAChoGabGRhcDovLy9D
> Tj1EUFNJc3N1ZUNBMDEsQ049QUlBLENOPVB1YmxpYyUyMEtleSUyMFNlcnZp
> Y2VzLENOPVNlcnZpY2VzLENOPUNvbmZpZ3VyYXRpb24sREM9VExFLERDPURQ
> Uz9jQUNlcnRpZmljYXRlP2Jhc2U/b2JqZWN0Q2xhc3M9Y2VydGlmaWNhdG
> lvbkF1dGhvcml0eTApBggrBgEFBQcwAYYdaHR0cDovL2NybC5kcHMudGV4YX
> MuZ292L29jc3AwCwYDVR0PBAQDAgWgMDwGCSsGAQQBgjcVBwQvMC0GJSsGAQ
> QBgjcVCKu3YYWw7zKHhZsih5egL4PJzHwhhI+/NoO2ljQCAWQCAQUwKQYDVR0lBCIwIA
> YIKwYBBQUHAwQGCisGAQQBgjcKAwQGCCsGAQUFBwMCMDUGCSsGAQQBgjcVCg
> QoMCYwCgYIKwYBBQUHAwQwDAYKKwYBBAGCNwoDBDAKBggrBgEFBQcDAjANBg
> kqhkiG9w0BAQsFAAOCAgEApbhMNf/KZge1ZtpY9xpokh3Zuo3VbNnIi0A6V
> 5PWE/UN8AXIvq6IsbjES+XLxecIkNmSBvZllSvEzZzSnDy/XFlqVGCYRWS8LDrm/
> 1NAjyr4YXfRZyOTxE7W4RyyBsRpLRk2VsgCZ8wpO9kmG8vogp+
> 6Bd0DQQayuTrJbAtlw0SBBgCd6pIWfG9LoCsvKKmNd6xi65clijxxWm82w14KqlUEcR/
> mgFoCJLJ1qpshHmqK5nc283nDmlnKB1jdOBHOZ3S6j5YpLlxxWHZhntwd01w
> /wKntwAZDHSagRCSvWz+gct47//chfjcCIzaUqTTY9Pw0VjDy+
> KDgOaVp2lAlHEWs5Ts3nT0AfTJDSDtDmOikyfAJlUIM08jfKUIIMOh1w/
> DC4SEFESl8vnmOimnqN2bFO5KmyulMD4XwWQBxuwmub1eR80Z3//
> hynXp6aCcUEaTswDmlws24Ecv9ILuSVohQC+WtJAB5bbRQTbbuYu+
> taabxGNl9Hyh9zTyNrbM3nG5GkaxtSYy2fNiVqzS88sXOShye3GEfgb0a/
> OFpC736wbMPV+I7HNbqGa9Zi+KdsJLA32cbnJO1g2yThdpT05uoikNN
> QrHuse0RtOZJdpLEnRejW96WQYHmxm/tlL64ZPskl5dnlUrbzTqQ9oyJqueDe
> 1eP9jaId6NjAuKzLkQ=</wsse:BinarySecurityToken>
> <wsu:Timestamp wsu:Id="TS-c1511394-ae6f-4a4c-
> b8c4-a97df1bbd782">
> <wsu:Created>2017-11-02T22:02:30.558Z</wsu:Created>
> <wsu:Expires>2017-11-02T22:07:30.558Z</wsu:Expires>
> </wsu:Timestamp>
> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";
> Id="SIG-d17430ac-1be2-410d-b4ed-389fa2c71d9c"
> >
> <ds:SignedInfo>
> <ds:CanonicalizationMethod
>
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#
> "
> >
> <ec:InclusiveNamespaces
> xmlns:ec="http://www.w3.org/
> 2001/10/xml-exc-c14n#"
> PrefixList="soap" />
> </ds:CanonicalizationMethod>
> <ds:SignatureMethod
> Algorithm="http://www.w3.org/
> 2000/09/xmldsig#rsa-sha1" />
> <ds:Reference URI="#TS-c1511394-ae6f-4a4c-
> b8c4-a97df1bbd782">
> <ds:Transforms>
> <ds:Transform
> Algorithm="http://www.w3.org/
> 2001/10/xml-exc-c14n#"
> >
> <ec:InclusiveNamespaces
> xmlns:ec="http://www.w3.org/
> 2001/10/xml-exc-c14n#"
> PrefixList="wsse soap" />
> </ds:Transform>
> </ds:Transforms>
> <ds:DigestMethod
> Algorithm="http://www.w3.org/
> 2000/09/xmldsig#sha1" />
> <ds:DigestValue>oUUE187y3bNvLUk0KvKAMQi5oS0=</
> ds:DigestValue>
> </ds:Reference>
> <ds:Reference URI="#_7f09a81a-706a-4d03-
> 932e-c402c7af8d16">
> <ds:Transforms>
> <ds:Transform
> Algorithm="http://www.w3.org/
> 2001/10/xml-exc-c14n#"
> >
> <ec:InclusiveNamespaces
> xmlns:ec="http://www.w3.org/
> 2001/10/xml-exc-c14n#"
> PrefixList="soap" />
> </ds:Transform>
> </ds:Transforms>
> <ds:DigestMethod
> Algorithm="http://www.w3.org/
> 2000/09/xmldsig#sha1" />
> <ds:DigestValue>J3b0s0Tc7Z9nwyg6ryeyXi5V7Wk=</
> ds:DigestValue>
> </ds:Reference>
> </ds:SignedInfo>
> <ds:SignatureValue>UED8ewbdSQUhh6k7Py+P+
> 5wveYhhM8xwpaBhn5IYKqqPSFzQSkFCG3q7oN/tOL3Oe33N2Xm+
> zPD26Qr7t7LGSEIXUU3ALxtnf8MtS3FRo9C6pxPPC6QuN0dYupPFZnQpYtNB
> L9i9HIRB9dqh9I7NAdz3OGBCjdB8j0scP9V830YSf5fy5Sq5uC2uNV4Ee9tE
> mPbY1yStH8htwPHeQEAFlQ0eNRCGrKL30af9waXGPXetMfuoQPMIbNssImie
> 5cz2O56DGs88bBLZZaLG8LdoouAti9v2DGmlL9A42iJjXs19jQy+HP+4zy/
> vteV/aRhk4t8Q+tJcbn3piy7+pFnuhQ==</ds:SignatureValue>
> <ds:KeyInfo Id="KI-2b2d8678-1047-4bbb-a9f6-33de176b569e">
> <wsse:SecurityTokenReference
> xmlns:wsse="http://docs.oasis-
> open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
> xmlns:wsu="http://docs.oasis-
> open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
> wsu:Id="STR-2e70c6dd-87f9-449e-9659-e0853efef74f"
> >
> <wsse:KeyIdentifier
> EncodingType="http://docs.
> oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-
> security-1.0#Base64Binary"
> ValueType="http://docs.oasis-
> open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1"
> >y5plsGZ1ujCONeUMI+FuNgfF8LU=</wsse:KeyIdentifier>
> </wsse:SecurityTokenReference>
> </ds:KeyInfo>
> </ds:Signature>
> </wsse:Security>
> </soap:Header>
> <soap:Body>
> <wst:RequestSecurityToken xmlns:wst="http://schemas.
> xmlsoap.org/ws/2005/02/trust">
> <wst:RequestType>http://schemas.xmlsoap.org/ws/2005/
> 02/trust/Issue</wst:RequestType>
> <wsp:AppliesTo xmlns:wsp="http://www.w3.org/ns/ws-policy";>
> <wsa:EndpointReference xmlns:wsa="http://www.w3.org/
> 2005/08/addressing">
> <wsa:Address>https://localhost:8443/mock-vls-ws/
> services/mockAuthenticationService</wsa:Address>
> </wsa:EndpointReference>
> </wsp:AppliesTo>
> <wst:Lifetime
>
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-
> 200401-wss-wssecurity-utility-1.0.xsd"
> >
> <wsu:Created>2017-11-02T22:02:29.214Z</wsu:Created>
> <wsu:Expires>2017-11-02T22:07:29.214Z</wsu:Expires>
> </wst:Lifetime>
>
> <wst:TokenType>http://schemas.xmlsoap.org/ws/2005/02/sc/sct<
> /wst:TokenType>
> <wst:KeySize>256</wst:KeySize>
> <wst:Entropy>
> <wst:BinarySecret
> Type="http://schemas.xmlsoap.
> org/ws/2005/02/trust/Nonce"
> >0UEx1yrKYAbPt0/m6tuSeyjFvVV4bE1bvN97D9lT0bw=<
> /wst:BinarySecret>
> </wst:Entropy>
> <wst:ComputedKeyAlgorithm>http://schemas.xmlsoap.org/ws/
> 2005/02/trust/CK/PSHA1</wst:ComputedKeyAlgorithm>
> <wst:Renewing />
> </wst:RequestSecurityToken>
> </soap:Body>
> </soap:Envelope>
>
>
> Here is my Spring Endpoint config:
>
>
> <bean id="Aamva_Authentication_Request" class="org.apache.cxf.ws.
> security.wss4j.WSS4JInInterceptor">
> <constructor-arg>
> <map>
> <entry key="action" value="Timestamp Signature" />
> <entry key="user" value="dls-vls-mock-service-client-key"
> />
> <entry key="passwordType" value="PasswordText" />
> <entry key="passwordCallbackClass"
> value="gov.uscis.uscis.xsd.esb.authentication.
> AuthenticationServicePasswordCallback" />
> <entry key="decryptionPropFile"
> value="cxf/cxf-crypto.properties"
> />
> <entry key="signaturePropFile"
> value="cxf/cxf-crypto.properties"
> />
> <entry key="signatureUser"
> value="dls-vls-mock-service-client-key"
> />
> <entry key="signatureKeyIdentifier"
> value="X509KeyIdentifier " />
> <entry key="signatureParts"
> value="{Element}{http://docs.
> oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}
> BinarySecurityToken;{Element}{http://docs.oasis-open.org/
> wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}
> Timestamp;{}{http://www.w3.org/2000/09/xmldsig}Signature;
> {Content}{http://schemas.xmlsoap.org/soap/envelope/}Body;"; />
>
> <!--
> <entry key="encryptionPropFile"
> value="cxf/cxf-crypto.properties"
> />
> <entry key="encryptionParts"
>
> value="{Content}{http://schemas.xmlsoap.org/ws/2005/
> 07/securitypolicy}Body;" />
> -->
> </map>
> </constructor-arg>
> </bean>
>
> <bean id="Aamva_Authentication_Response" class="org.apache.cxf.ws.
> security.wss4j.WSS4JOutInterceptor">
> <constructor-arg>
> <map>
> <entry key="action" value="Timestamp Signature" />
> <entry key="user" value="dls-vls-mock-service-client-key"
> />
> <entry key="passwordType" value="PasswordText" />
> <entry key="passwordCallbackClass"
> value="gov.uscis.uscis.xsd.esb.authentication.
> AuthenticationServicePasswordCallback" />
> <entry key="signaturePropFile"
> value="cxf/cxf-crypto.properties"
> />
> <entry key="signatureKeyIdentifier"
> value="X509KeyIdentifier " />
> <entry key="signatureParts"
> value="{Element}{http://docs.
> oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}
> BinarySecurityToken;{Element}{http://docs.oasis-open.org/
> wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}
> Timestamp;{}{http://www.w3.org/2000/09/xmldsig}Signature;
> {Content}{http://schemas.xmlsoap.org/soap/envelope/}Body;"; />
> <!--
> <entry key="encryptionPropFile"
> value="cxf/cxf-crypto.properties"
> />
> <entry key="encryptionParts"
>
> value="{Content}{http://schemas.xmlsoap.org/ws/2005/
> 07/securitypolicy}Body;" />
> -->
> </map>
> </constructor-arg>
> </bean>
>
> <jaxws:endpoint id="mockAuthenticationServiceEndpoint" bus="cxf"
> address="/mockAuthenticationService"
> implementor="gov.uscis.uscis.xsd.esb.authentication.
> AuthenticationServiceImpl"
> >
> <jaxws:binding>
> <soap:soapBinding mtomEnabled="true" version="1.2" />
> </jaxws:binding>
>
> <jaxws:inInterceptors>
> <ref bean="Aamva_Authentication_Request" />
> <bean class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor"
> />
> </jaxws:inInterceptors>
>
> <jaxws:outInterceptors>
> <ref bean="Aamva_Authentication_Response" />
> <bean class="org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor"
> />
> </jaxws:outInterceptors>
>
> </jaxws:endpoint>
>
> Since adding the signatureParts entries, now I am getting:
>
> 2017-11-02 21:40:11.369 WARN [org.apache.cxf.common.logging.LogUtils]
> Interceptor for {http://aamva.org/authentication/3.1.0}
> AuthenticationService has thrown exception, unwinding now
> org.apache.cxf.interceptor.Fault: Message part {
> http://schemas.xmlsoap.org/ws/2005/02/trust}RequestSecurityToken was
> not recognized. (Does it exist in service WSDL?)
>
>
> I am out of my depth here. Can anyone suggest how to get the JAX:WS
> markup to match up with the WSDL policy?
>
> Thanks.
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
