Yes, In fact most of the CXF package is imported via Maven. -----Original Message----- From: Colm O hEigeartaigh [mailto:[email protected]] Sent: Friday, November 03, 2017 8:03 AM To: Morein, Arnie Cc: [email protected] Subject: Re: Help with configuring web service to match security from WSDL
Have you got the cxf-rt-ws-policy on the classpath? Colm. On Fri, Nov 3, 2017 at 12:53 PM, Morein, Arnie <[email protected]> wrote: > That's what I was afraid of. I removed the registration of the > intercepters and now am getting: > > org.apache.cxf.binding.soap.SoapFault: MustUnderstand headers: [{ > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss- > wssecurity-secext-1.0.xsd}Security] are not understood. > > Both without and with the following properties added to the end point: > > <jaxws:properties> > <entry key="security.callback-handler.sct" > value="gov.uscis.uscis.xsd.esb.authentication. > AuthenticationServicePasswordCallback" /> > <entry key="security.signature.properties.sct" > value="cxf/crypto.properties" /> > <entry key="security.encryption.username.sct" > value="dls-vls-mock-service-client-key" /> > </jaxws:properties> > > I must say, the documentation is very vague in places. I'm assuming > that "username" is the JKS alias of the key used to sign/etc. the messages. > > So what I have I left out now? > > What's more confusing is that the WAR containing the mock service is > running in the same VM on my machine as the client. I deploy the > service first (no errors) and then the client, then it attempts to > connect. The logging doesn't clearly indicate if the exception is > coming from the client or the server. Could that be the case? > > > -----Original Message----- > From: Colm O hEigeartaigh [mailto:[email protected]] > Sent: Friday, November 03, 2017 3:17 AM > To: [email protected] > Subject: Re: Help with configuring web service to match security from > WSDL > > Hi, > > You are mixing up the two different ways of configuring WS-Security in CXF. > When there is a security policy available, then you don't manually > configure the WSS4JInInterceptor or WSS4JOutInterceptors. They are > used when there is no security policy and you have to manually tell > CXF what WS-Security actions to perform. Instead the configuration is > a lot simpler for the policy case. > > I'd suggest you look at the example test-case for > WS-SecureConversation in the CXF source: > > https://github.com/apache/cxf/blob/master/systests/ws- > security-examples/src/test/java/org/apache/cxf/systest/ > wssec/examples/secconv/SecureConversationTest.java > > In particular, the service configuration is here: > > https://github.com/apache/cxf/blob/master/systests/ws- > security-examples/src/test/resources/org/apache/cxf/ > systest/wssec/examples/secconv/server.xml > > Colm. > > On Fri, Nov 3, 2017 at 2:43 AM, Morein, Arnie > <[email protected] > > > wrote: > > > I have created a mock service based on a WSDL from a vendor that is > > already in use. > > > > One of the calls requires that the message be > > timestamped/signed/encrypted before transmission. > > > > The real service provider issued an X.509 certificate for our use. I > > have had our internal folks issue one like it with the same extensions. > > > > Everything is in place, but when the client app hits my mock > > service, it gets an error that is neither clear or helpful: > > > > > > org.apache.cxf.binding.soap.SoapFault: A security error was > > encountered when verifying the message ... > > Caused by: org.apache.wss4j.common.ext.WSSecurityException: An error > > was discovered processing the <wsse:Security> header > > > > Digging into the CXF trace log, I barely managed to find these: > > > > 2017-11-02 19:49:52.018 DEBUG > > [org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor] > > WSS4JInInterceptor: enter handleMessage() > > 2017-11-02 19:49:54.037 WARN [org.apache.cxf.ws.security. > wss4j.WSS4JInInterceptor] > > Security processing failed (actions mismatch) > > > > The messages are being generated by CXF (wsdl2java situation). > > > > The WSDL policy section is thus: > > > > <wsp:Policy wsu:Id="wsHttpEndPoint_policy"> > > <wsp:ExactlyOne> > > <wsp:All> > > <sp:TransportBinding > > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/ > > securitypolicy" > > > > > <wsp:Policy> > > <sp:TransportToken> > > <wsp:Policy> > > <sp:HttpsToken > > RequireClientCertificate="false" /> > > </wsp:Policy> > > </sp:TransportToken> > > <sp:AlgorithmSuite> > > <wsp:Policy> > > <sp:Basic256 /> > > </wsp:Policy> > > </sp:AlgorithmSuite> > > <sp:Layout> > > <wsp:Policy> > > <sp:Strict /> > > </wsp:Policy> > > </sp:Layout> > > <sp:IncludeTimestamp /> > > </wsp:Policy> > > </sp:TransportBinding> > > <sp:EndorsingSupportingTokens > > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/ > > securitypolicy" > > > > > <wsp:Policy> > > <sp:SecureConversationToken > > sp:IncludeToken="http:// > > schemas.xmlsoap.org/ws/2005/07/securitypolicy/ > > IncludeToken/AlwaysToRecipient" > > > > > <wsp:Policy> > > <sp:BootstrapPolicy> > > <wsp:Policy> > > <sp:SignedParts> > > <sp:Body /> > > <sp:Header > > Name="To" > > Namespace=" > > http://www.w3.org/2005/08/addressing"; /> > > <sp:Header > > Name="From" > > Namespace=" > > http://www.w3.org/2005/08/addressing"; /> > > <sp:Header > > Name="FaultTo" > > Namespace=" > > http://www.w3.org/2005/08/addressing"; /> > > <sp:Header > > Name="ReplyTo" > > Namespace=" > > http://www.w3.org/2005/08/addressing"; /> > > <sp:Header > > Name="MessageID" > > Namespace=" > > http://www.w3.org/2005/08/addressing"; /> > > <sp:Header > > Name="RelatesTo" > > Namespace=" > > http://www.w3.org/2005/08/addressing"; /> > > <sp:Header > > Name="Action" > > Namespace=" > > http://www.w3.org/2005/08/addressing"; /> > > </sp:SignedParts> > > <sp:EncryptedParts> > > <sp:Body /> > > </sp:EncryptedParts> > > <sp:TransportBinding> > > <wsp:Policy> > > <sp:TransportToken> > > <wsp:Policy> > > > > <sp:HttpsToken > > > > RequireClientCertificate="false" /> > > </wsp:Policy> > > </sp:TransportToken> > > <sp:AlgorithmSuite> > > <wsp:Policy> > > <sp:Basic256 /> > > </wsp:Policy> > > </sp:AlgorithmSuite> > > <sp:Layout> > > <wsp:Policy> > > <sp:Strict /> > > </wsp:Policy> > > </sp:Layout> > > <sp:IncludeTimestamp /> > > </wsp:Policy> > > </sp:TransportBinding> > > <sp:EndorsingSupportingTokens> > > <wsp:Policy> > > <sp:X509Token > > sp:IncludeToken=" > > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/ > > IncludeToken/AlwaysToRecipient" > > > > > <wsp:Policy> > > > > <sp:RequireThumbprintReference /> > > > > <sp:WssX509V3Token10 /> > > </wsp:Policy> > > </sp:X509Token> > > <sp:SignedParts> > > <sp:Header > > Name="To" > > Namespace=" > > http://www.w3.org/2005/08/addressing"; /> > > </sp:SignedParts> > > </wsp:Policy> > > </sp:EndorsingSupportingTokens> > > <sp:Wss11> > > <wsp:Policy> > > > > <sp:MustSupportRefThumbprint /> > > </wsp:Policy> > > </sp:Wss11> > > <sp:Trust10> > > <wsp:Policy> > > > > <sp:MustSupportIssuedTokens /> > > > > <sp:RequireClientEntropy > /> > > > > <sp:RequireServerEntropy > /> > > </wsp:Policy> > > </sp:Trust10> > > </wsp:Policy> > > </sp:BootstrapPolicy> > > </wsp:Policy> > > </sp:SecureConversationToken> > > </wsp:Policy> > > </sp:EndorsingSupportingTokens> > > <sp:Wss11 > > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/ > > securitypolicy"> > > <wsp:Policy /> > > </sp:Wss11> > > <sp:Trust10 > > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/ > > securitypolicy" > > > > > <wsp:Policy> > > <sp:MustSupportIssuedTokens /> > > <sp:RequireClientEntropy /> > > <sp:RequireServerEntropy /> > > </wsp:Policy> > > </sp:Trust10> > > <wsaw:UsingAddressing /> > > </wsp:All> > > </wsp:ExactlyOne> > > </wsp:Policy> > > > > and a message being sent to my mock service looks like: > > > > ID: 1 > > Address: https://localhost:8443/mock-vls-ws/services/ > > mockAuthenticationService > > Encoding: UTF-8 > > Http-Method: POST > > Content-Type: application/soap+xml; action="http://schemas. > > xmlsoap.org/ws/2005/02/trust/RST/SCT"; charset=UTF-8 > > Headers: {Accept=[*/*], cache-control=[no-cache], > > connection=[keep-alive], content-type=[application/soap+xml; action=" > http://schemas. > > xmlsoap.org/ws/2005/02/trust/RST/SCT"; charset=UTF-8], > > host=[localhost:8443], pragma=[no-cache], > > transfer-encoding=[chunked], user-agent=[Apache-CXF/3.1.10]} > > Payload: > > <soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope";> > > <soap:Header> > > <Action xmlns="http://www.w3.org/2005/08/addressing";> > > http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT</Action> > > <MessageID xmlns="http://www.w3.org/2005/08/addressing > ">urn:uuid: > > d4a37685-340a-41e3-9ad5-33d21601b2b2</MessageID> > > <To xmlns="http://www.w3.org/2005/08/addressing"; > > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis- > > 200401-wss-wssecurity-utility-1.0.xsd" > > wsu:Id="_7f09a81a-706a-4d03-932e-c402c7af8d16" > > >https://localhost:8443/mock-vls-ws/services/ > > mockAuthenticationService</To> > > <ReplyTo xmlns="http://www.w3.org/2005/08/addressing";> > > > > <Address>http://www.w3.org/2005/08/addressing/anonymous</ > > Address> > > </ReplyTo> > > <wsse:Security > > > > xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis- > > 200401-wss-wssecurity-secext-1.0.xsd" > > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis- > > 200401-wss-wssecurity-utility-1.0.xsd" > > soap:mustUnderstand="true" > > > > > <wsse:BinarySecurityToken > > > > EncodingType="http://docs.oasis-open.org/wss/2004/01/ > > oasis-200401-wss-soap-message-security-1.0#Base64Binary" > > > > ValueType="http://docs.oasis-open.org/wss/2004/01/oasis- > > 200401-wss-x509-token-profile-1.0#X509v3" > > wsu:Id="X509-fbd22553-2805-4f67-af0c-cd552b6c4ea1" > > > > >MIIHPzCCBSegAwIBAgITRAAAc2IaBbGCTk7sGwAAAABzYjANBgkqhkiG9w0B > > AQsFADBBMRMwEQYKCZImiZPyLGQBGRYDRFBTMRMwEQYKCZImiZPyLGQBGRYD > > VExFMRUwEwYDVQQDEwxEUFNJc3N1ZUNBMDEwHhcNMTcxMTAxMTczMTUzWhcN > > MjAxMDMxMTczMTUzWjCBjTELMAkGA1UEBhMCVVMxDjAMBgNVBAgTBVRleGFz > > MQ8wDQYDVQQHEwZBdXN0aW4xKjAoBgNVBAoTIVRleGFzIERlcGFydG1lbnQg > > b2YgUHVibGljIFNhZmV0eTELMAkGA1UECxMCSVQxJDAiBgNVBAMMG2Rwcy5k > > ZXZlbG9wZXJAZHBzLnRleGFzLmdvdjCCASIwDQYJKoZIhvcNAQEBBQADggEP > > ADCCAQoCggEBAIPrRFbLW92EYqeCr/jrEkFaHLP4Zm8lMnpNV1aJtEPuZno3GdBtRNad > > TH > > pg+ x6dKQemTgrpZJIzBCsm6iCWliB2PWqdFbQKt3DQoG4o8fT8DxPNZLod9Y/ > > Rfi8Lb7NO33WdFu6JG8KRypTs1mQUItQ03TbKapACMmyoXhctZEgnSkwQUBY > > F6jUHMoOpcxj6pPr/oaV9YMfh4P2eyKxNTdJGJXGe9kUPpLRydgoBq9NHluUfjsxKQ4S > > Tw > > G45+ 8TMZnXZOF3qQpW2Ny1shn5V2wSECZBHiTaTtshcIz6Kxew47nW9DQ2ITpbba > > lYTXdnaBOalKpKkS0r4/96QD2HrYQECAwEAAaOCAuEwggLdMB0 > > GA1UdDgQWBBRHFQmUcuBtf6vI5ikCLF1uudlSezAfBgNVHSMEGDAWgBSqB1gVMhLVRX/ > > DsU7Cy9JdkhJExjCCAQQGA1UdHwSB/DCB+TCB9qCB86CB8IaBt2xkYXA6Ly8vQ04 > > 9RFBTSXNzdWVDQTAxLENOPUhEUVBSRElUU0lDQTAwMSxDTj1DRFAsQ049UHV > > ibGljJTIwS2V5JTIwU2VydmljZXMsQ049U2VydmljZXMsQ049Q29uZmlndXJ > > hdGlvbixEQz1UTEUsREM9RFBTP2NlcnRpZmljYXRlUmV2b2NhdGlvbkxpc3Q/ > > YmFzZT9vYmplY3RDbGFzcz1jUkxEaXN0cmlidXRpb25Qb2ludIY0aHR0cDov > > L2NybC5kcHMudGV4YXMuZ292L2NlcnRlbnJvbGwvRFBTSXNzdWVDQTAxLmNy > > bDCB5QYIKwYBBQUHAQEEgdgwgdUwgacGCCsGAQUFBzAChoGabGRhcDovLy9D > > Tj1EUFNJc3N1ZUNBMDEsQ049QUlBLENOPVB1YmxpYyUyMEtleSUyMFNlcnZp > > Y2VzLENOPVNlcnZpY2VzLENOPUNvbmZpZ3VyYXRpb24sREM9VExFLERDPURQ > > Uz9jQUNlcnRpZmljYXRlP2Jhc2U/b2JqZWN0Q2xhc3M9Y2VydGlmaWNhdG > > lvbkF1dGhvcml0eTApBggrBgEFBQcwAYYdaHR0cDovL2NybC5kcHMudGV4YX > > MuZ292L29jc3AwCwYDVR0PBAQDAgWgMDwGCSsGAQQBgjcVBwQvMC0GJSsGAQ > > QBgjcVCKu3YYWw7zKHhZsih5egL4PJzHwhhI+/NoO2ljQCAWQCAQUwKQYDVR0lBCIwIA > > YIKwYBBQUHAwQGCisGAQQBgjcKAwQGCCsGAQUFBwMCMDUGCSsGAQQBgjcVCg > > QoMCYwCgYIKwYBBQUHAwQwDAYKKwYBBAGCNwoDBDAKBggrBgEFBQcDAjANBg > > kqhkiG9w0BAQsFAAOCAgEApbhMNf/KZge1ZtpY9xpokh3Zuo3VbNnIi0A6V > > 5PWE/UN8AXIvq6IsbjES+XLxecIkNmSBvZllSvEzZzSnDy/XFlqVGCYRWS8LDrm/ > > 1NAjyr4YXfRZyOTxE7W4RyyBsRpLRk2VsgCZ8wpO9kmG8vogp+ > > 6Bd0DQQayuTrJbAtlw0SBBgCd6pIWfG9LoCsvKKmNd6xi65clijxxWm82w14KqlUEcR/ > > mgFoCJLJ1qpshHmqK5nc283nDmlnKB1jdOBHOZ3S6j5YpLlxxWHZhntwd01w > > /wKntwAZDHSagRCSvWz+gct47//chfjcCIzaUqTTY9Pw0VjDy+ > > KDgOaVp2lAlHEWs5Ts3nT0AfTJDSDtDmOikyfAJlUIM08jfKUIIMOh1w/ > > DC4SEFESl8vnmOimnqN2bFO5KmyulMD4XwWQBxuwmub1eR80Z3// > > hynXp6aCcUEaTswDmlws24Ecv9ILuSVohQC+WtJAB5bbRQTbbuYu+ > > taabxGNl9Hyh9zTyNrbM3nG5GkaxtSYy2fNiVqzS88sXOShye3GEfgb0a/ > > OFpC736wbMPV+I7HNbqGa9Zi+KdsJLA32cbnJO1g2yThdpT05uoikNN > > QrHuse0RtOZJdpLEnRejW96WQYHmxm/tlL64ZPskl5dnlUrbzTqQ9oyJqueDe > > 1eP9jaId6NjAuKzLkQ=</wsse:BinarySecurityToken> > > <wsu:Timestamp wsu:Id="TS-c1511394-ae6f-4a4c- > > b8c4-a97df1bbd782"> > > <wsu:Created>2017-11-02T22:02:30.558Z</wsu:Created> > > <wsu:Expires>2017-11-02T22:07:30.558Z</wsu:Expires> > > </wsu:Timestamp> > > <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; > > Id="SIG-d17430ac-1be2-410d-b4ed-389fa2c71d9c" > > > > > <ds:SignedInfo> > > <ds:CanonicalizationMethod > > > > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n# > > " > > > > > <ec:InclusiveNamespaces > > xmlns:ec="http://www.w3.org/ > > 2001/10/xml-exc-c14n#" > > PrefixList="soap" /> > > </ds:CanonicalizationMethod> > > <ds:SignatureMethod > > Algorithm="http://www.w3.org/ > > 2000/09/xmldsig#rsa-sha1" /> > > <ds:Reference URI="#TS-c1511394-ae6f-4a4c- > > b8c4-a97df1bbd782"> > > <ds:Transforms> > > <ds:Transform > > Algorithm="http://www.w3.org/ > > 2001/10/xml-exc-c14n#" > > > > > <ec:InclusiveNamespaces > > xmlns:ec="http://www.w3.org/ > > 2001/10/xml-exc-c14n#" > > PrefixList="wsse soap" /> > > </ds:Transform> > > </ds:Transforms> > > <ds:DigestMethod > > Algorithm="http://www.w3.org/ > > 2000/09/xmldsig#sha1" /> > > > > <ds:DigestValue>oUUE187y3bNvLUk0KvKAMQi5oS0=</ > > ds:DigestValue> > > </ds:Reference> > > <ds:Reference URI="#_7f09a81a-706a-4d03- > > 932e-c402c7af8d16"> > > <ds:Transforms> > > <ds:Transform > > Algorithm="http://www.w3.org/ > > 2001/10/xml-exc-c14n#" > > > > > <ec:InclusiveNamespaces > > xmlns:ec="http://www.w3.org/ > > 2001/10/xml-exc-c14n#" > > PrefixList="soap" /> > > </ds:Transform> > > </ds:Transforms> > > <ds:DigestMethod > > Algorithm="http://www.w3.org/ > > 2000/09/xmldsig#sha1" /> > > > > <ds:DigestValue>J3b0s0Tc7Z9nwyg6ryeyXi5V7Wk=</ > > ds:DigestValue> > > </ds:Reference> > > </ds:SignedInfo> > > <ds:SignatureValue>UED8ewbdSQUhh6k7Py+P+ > > 5wveYhhM8xwpaBhn5IYKqqPSFzQSkFCG3q7oN/tOL3Oe33N2Xm+ > > zPD26Qr7t7LGSEIXUU3ALxtnf8MtS3FRo9C6pxPPC6QuN0dYupPFZnQpYtNB > > L9i9HIRB9dqh9I7NAdz3OGBCjdB8j0scP9V830YSf5fy5Sq5uC2uNV4Ee9tE > > mPbY1yStH8htwPHeQEAFlQ0eNRCGrKL30af9waXGPXetMfuoQPMIbNssImie > > 5cz2O56DGs88bBLZZaLG8LdoouAti9v2DGmlL9A42iJjXs19jQy+HP+4zy/ > > vteV/aRhk4t8Q+tJcbn3piy7+pFnuhQ==</ds:SignatureValue> > > <ds:KeyInfo Id="KI-2b2d8678-1047-4bbb- > a9f6-33de176b569e"> > > <wsse:SecurityTokenReference > > xmlns:wsse="http://docs.oasis- > > open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" > > xmlns:wsu="http://docs.oasis- > > open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" > > wsu:Id="STR-2e70c6dd-87f9- > 449e-9659-e0853efef74f" > > > > > <wsse:KeyIdentifier > > EncodingType="http://docs. > > oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message- > > security-1.0#Base64Binary" > > ValueType="http://docs.oasis- > > open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1" > > >y5plsGZ1ujCONeUMI+FuNgfF8LU=< > /wsse:KeyIdentifier> > > </wsse:SecurityTokenReference> > > </ds:KeyInfo> > > </ds:Signature> > > </wsse:Security> > > </soap:Header> > > <soap:Body> > > <wst:RequestSecurityToken xmlns:wst="http://schemas. > > xmlsoap.org/ws/2005/02/trust"> > > <wst:RequestType>http://schemas.xmlsoap.org/ws/2005/ > > 02/trust/Issue</wst:RequestType> > > <wsp:AppliesTo xmlns:wsp="http://www.w3.org/ns/ws-policy";> > > <wsa:EndpointReference xmlns:wsa="http://www.w3.org/ > > 2005/08/addressing"> > > <wsa:Address>https://localhost:8443/mock-vls-ws/ > > services/mockAuthenticationService</wsa:Address> > > </wsa:EndpointReference> > > </wsp:AppliesTo> > > <wst:Lifetime > > > > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis- > > 200401-wss-wssecurity-utility-1.0.xsd" > > > > > <wsu:Created>2017-11-02T22:02:29.214Z</wsu:Created> > > <wsu:Expires>2017-11-02T22:07:29.214Z</wsu:Expires> > > </wst:Lifetime> > > > > <wst:TokenType>http://schemas.xmlsoap.org/ws/2005/02/sc/sct< > > /wst:TokenType> > > <wst:KeySize>256</wst:KeySize> > > <wst:Entropy> > > <wst:BinarySecret > > Type="http://schemas.xmlsoap. > > org/ws/2005/02/trust/Nonce" > > >0UEx1yrKYAbPt0/m6tuSeyjFvVV4bE1bvN97D9lT0bw=< > > /wst:BinarySecret> > > </wst:Entropy> > > <wst:ComputedKeyAlgorithm>http://schemas.xmlsoap.org/ws/ > > 2005/02/trust/CK/PSHA1</wst:ComputedKeyAlgorithm> > > <wst:Renewing /> > > </wst:RequestSecurityToken> > > </soap:Body> > > </soap:Envelope> > > > > > > Here is my Spring Endpoint config: > > > > > > <bean id="Aamva_Authentication_Request" class="org.apache.cxf.ws. > > security.wss4j.WSS4JInInterceptor"> > > <constructor-arg> > > <map> > > <entry key="action" value="Timestamp Signature" /> > > <entry key="user" value="dls-vls-mock-service- > client-key" > > /> > > <entry key="passwordType" value="PasswordText" /> > > <entry key="passwordCallbackClass" > > value="gov.uscis.uscis.xsd.esb.authentication. > > AuthenticationServicePasswordCallback" /> > > <entry key="decryptionPropFile" value="cxf/cxf-crypto. > properties" > > /> > > <entry key="signaturePropFile" value="cxf/cxf-crypto. > properties" > > /> > > <entry key="signatureUser" > > value="dls-vls-mock-service- > client-key" > > /> > > <entry key="signatureKeyIdentifier" > > value="X509KeyIdentifier " /> > > <entry key="signatureParts" > > value="{Element}{http://docs. > > oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xs > > d} BinarySecurityToken;{Element}{http://docs.oasis-open.org/ > > wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd} > > Timestamp;{}{http://www.w3.org/2000/09/xmldsig}Signature; > > {Content}{http://schemas.xmlsoap.org/soap/envelope/}Body;"; /> > > > > <!-- > > <entry key="encryptionPropFile" value="cxf/cxf-crypto. > properties" > > /> > > <entry key="encryptionParts" > > > > value="{Content}{http://schemas.xmlsoap.org/ws/2005/ > > 07/securitypolicy}Body;" /> > > --> > > </map> > > </constructor-arg> > > </bean> > > > > <bean id="Aamva_Authentication_Response" class="org.apache.cxf.ws. > > security.wss4j.WSS4JOutInterceptor"> > > <constructor-arg> > > <map> > > <entry key="action" value="Timestamp Signature" /> > > <entry key="user" value="dls-vls-mock-service- > client-key" > > /> > > <entry key="passwordType" value="PasswordText" /> > > <entry key="passwordCallbackClass" > > value="gov.uscis.uscis.xsd.esb.authentication. > > AuthenticationServicePasswordCallback" /> > > <entry key="signaturePropFile" value="cxf/cxf-crypto. > properties" > > /> > > <entry key="signatureKeyIdentifier" > > value="X509KeyIdentifier " /> > > <entry key="signatureParts" > > value="{Element}{http://docs. > > oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xs > > d} BinarySecurityToken;{Element}{http://docs.oasis-open.org/ > > wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd} > > Timestamp;{}{http://www.w3.org/2000/09/xmldsig}Signature; > > {Content}{http://schemas.xmlsoap.org/soap/envelope/}Body;"; /> > > <!-- > > <entry key="encryptionPropFile" value="cxf/cxf-crypto. > properties" > > /> > > <entry key="encryptionParts" > > > > value="{Content}{http://schemas.xmlsoap.org/ws/2005/ > > 07/securitypolicy}Body;" /> > > --> > > </map> > > </constructor-arg> > > </bean> > > > > <jaxws:endpoint id="mockAuthenticationServiceEndpoint" bus="cxf" > > address="/mockAuthenticationService" > > implementor="gov.uscis.uscis.xsd.esb.authentication. > > AuthenticationServiceImpl" > > > > > <jaxws:binding> > > <soap:soapBinding mtomEnabled="true" version="1.2" /> > > </jaxws:binding> > > > > <jaxws:inInterceptors> > > <ref bean="Aamva_Authentication_Request" /> > > <bean class="org.apache.cxf.binding. > soap.saaj.SAAJInInterceptor" > > /> > > </jaxws:inInterceptors> > > > > <jaxws:outInterceptors> > > <ref bean="Aamva_Authentication_Response" /> > > <bean class="org.apache.cxf.binding. > soap.saaj.SAAJOutInterceptor" > > /> > > </jaxws:outInterceptors> > > > > </jaxws:endpoint> > > > > Since adding the signatureParts entries, now I am getting: > > > > 2017-11-02 21:40:11.369 WARN [org.apache.cxf.common.logging.LogUtils] > > Interceptor for {http://aamva.org/authentication/3.1.0} > > AuthenticationService has thrown exception, unwinding now > > org.apache.cxf.interceptor.Fault: Message part { > > http://schemas.xmlsoap.org/ws/2005/02/trust}RequestSecurityToken was > > not recognized. (Does it exist in service WSDL?) > > > > > > I am out of my depth here. Can anyone suggest how to get the JAX:WS > > markup to match up with the WSDL policy? > > > > Thanks. > > > > > > -- > Colm O hEigeartaigh > > Talend Community Coder > http://coders.talend.com > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
