Hi Colm,
I tried the unit test you are referring then I added my operation/port
type/binding in the wsdl they are using (double.wsdl) and added a new method to
try it but the result is the same (output message body cames out empty).
One difference I can look at is the securityPolicy.
Mine test contains 'usernameToken'
<sp:SignedSupportingTokens
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";<http://schemas.xmlsoap.org/ws/2005/07/securitypolicy>>
<wsp:Policy>
<sp:UsernameToken
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";<http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient>/>
</wsp:Policy>
</sp:SignedSupportingTokens>
while the others contains a policy with the inner tag 'RSTTemplate'
<sp:SignedEndorsingSupportingTokens
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";<http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702>>
<wsp:Policy>
<sp:IssuedToken
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient";<http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient>>
<sp:RequestSecurityTokenTemplate>
<t:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</t:TokenType>
<t:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicKey</t:KeyType>
</sp:RequestSecurityTokenTemplate>
<wsp:Policy>
<sp:RequireInternalReference/>
</wsp:Policy>
</sp:IssuedToken>
</wsp:Policy>
</sp:SignedEndorsingSupportingTokens>
could perhaps be this the cause of the null body ?
Leonardo
On 29/01/2020 11:43, Colm O hEigeartaigh wrote:
Hi Leonardo,
Here is an example of a system test in CXF that uses the STSClient, rather
than configuring it in Spring, perhaps this might help you:
https://github.com/apache/cxf/blob/fc89f35c1f80863d8500eef359ba6259fac49e44/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/template/TemplateTest.java#L124
Colm.
On Mon, Jan 20, 2020 at 4:27 PM Leonardo Battagli
<[email protected]><mailto:[email protected]>
wrote:
Hi all,
I am trying to use CXF with ws-trust and I am trying to use it with simple
java code without Spring.
I have the policy configuration with sp:SignedSupportingTokens and
sp:UserNameToken but after settings property on the STSClient and putting
in the Bus I have is a empty body (</wsa:Action></soap:Header><*soap:Body*
/></soap:Envelope).
Output message has been logged with LoggingInterceptor.
The STS service I am sending it to is answering that RST is missing
(<env:Text xml:lang="en">The required element wst:RequestSecurityToken is
missing</env:Text>)
I configured the STSClient on the bus and I set it with its property
(ws-security.sts.client) but how can I dig out why this STSClient does not
get called ?
Is it possible to use CXF Ws-Trust support without Spring ? I can't
understand what is missing
I am attaching URL of XValueSTS JunitTest.
https://github.com/Leonets/XValueSTS.git
GitHub project contains WSDL of the server, URI of the server is not
available because it is on a private VPN.
Best Regards
Leonardo
--
*Leonardo Battagli*
IT Solution
Direzione PAC/Sanità
[email protected]<mailto:[email protected]>
*Engineering Ingegneria Informatica SpA*
Via Torre degli Agli, 48 - I- 50144 Firenze - ITALY
Tel. +39-055.4365454
Interno 5454
Mobile +39-
www.eng.it<http://www.eng.it>
[image: cid:[email protected]]
Rispetta l'ambiente. Non stampare questa e-mail se non necessario.
Respect the environment. Please don't print this e-mail unless you really
need to.
Le informazioni trasmesse sono destinate esclusivamente alla persona o
alla società in indirizzo e sono da intendersi confidenziali e riservate.
Ogni trasmissione, inoltro, diffusione o altro uso di queste informazioni a
persone o società differenti dal destinatario è proibita. Se ricevete
questa comunicazione per errore, contattate il mittente e cancellate le
informazioni da ogni computer.
The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material. Any review, retransmission, dissemination or other use of, or
taking of any action in reliance upon, this information by persons or
entities other than the intended recipient is prohibited. If you received
this in error, please contact the sender and delete the material from any
computer.
