cxf ws-security signing message problem
Issue
- We have a web application deployed on EAP that acts as a client of another service of which I have the WSDL. We have to sign the message. We are using the code below:
***********************************************************************
System.setProperty("javax.net.ssl.trustStore",
"/home/nicoletta/cert/trustStore");
System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
QName serviceName = new QName("http://com.redhat/",
"ServiceName");
String serviceURL = "file:///com.redhat.Service.wsdl";
URL wsdlURL = new URL(serviceURL);
Service service = Service.create(wsdlURL, serviceName);
ServiceImpl proxy = (Service) service.getPort(Service.class);
setupTLS(proxy);
STSClient s = new org.apache.cxf.ws.security.trust.STSClient(org.apache.cxf.BusFactory.getDefaultBus());
s.setWsdlLocation("/Service.wsdl");
((BindingProvider) proxy).getRequestContext().put("ws-security.sts.client", s);
((BindingProvider) proxy).getRequestContext().put(" ws-security.sts.token.usecert", true);
((BindingProvider) proxy).getRequestContext().put(
"ws-security.callback-handler", new KeystorePasswordCallback());
((BindingProvider) proxy).getRequestContext().put(
"ws-security.signature.properties",
Thread.currentThread().getContextClassLoader()
.getResource("/edotto.properties"));
((BindingProvider) proxy).getRequestContext().put(
"ws-security.encryption.properties",
Thread.currentThread().getContextClassLoader()
.getResource("/edotto.properties"));
((BindingProvider) proxy).getRequestContext().put(
"ws-security.signature.username", "noemalife");
SdoRequest filter = new SdoRequest();
filter.setNumScheda("09000001");
filter.setCodIstituto("160907");
GetSDO gds = new GetSDO();
gds.setFiltriRequest(filter);
AttributiAutorizzativi aa = new AttributiAutorizzativi();
aa.setRuoloIstituzionale("RIS000260");
aa.setIdentificativoUtente("BCCNDR78P18G843Y");
aa.setIdentificativoServizio("getSDO");
try {
GetSDOResponse resp = proxy.getSDO(gds, aa);
SdoResponse result = resp.getReturn();
_logger.info("CF: " + result.getCodFiscale());
return "<cf>" + result.getCodFiscale() + "</cf>";
} catch (Exception e) {
throw new Throwable(e);
}
**************************************************************
- Here is the
ws-security.signature.propertiesfile:
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=changeit
org.apache.ws.security.crypto.merlin.keystore.alias=someAlias
org.apache.ws.security.crypto.merlin.keystore.file=/home/cert/keystore.jks
-
We also put in the WEB-INF/classes directory the
wsit-client.xmlfile, but its not used. -
Unfortunately, with the code above, we obtain the following error:
org.apache.cxf.ws.policy.PolicyException: These policy alternatives can not be satisfied:
{http://ws-sx/ws-securitypolicy/200702}SignedParts: {http://schemas.xmlsoap.org/soap/envelope/}Body not SIGNED
- An analogous code running in a standalone client with the metro library works. The difference is that in metro, we can set the PrivateKey, and the X509Certificate for client and server. Here you have the snippet:
CertificateFactory fact = CertificateFactory.getInstance("X509");
PrivateKey key = readPrivateKey("/home/cert/keystore.cer");
X509Certificate cert = (X509Certificate) fact.generateCertificate(new FileInputStream("/home/cert/keystore.crt"));
X509Certificate serverCert = (X509Certificate)fact.generateCertificate(new FileInputStream("server.cer"));
((BindingProvider) stub).getRequestContext().put(XWSSConstants.CERTIFICATE_PROPERTY, cert);
((BindingProvider) stub).getRequestContext().put(XWSSConstants.PRIVATEKEY_PROPERTY, key);
((BindingProvider) stub).getRequestContext().put(XWSSConstants.SERVER_CERTIFICATE_PROPERTY, serverCert);
- We think the problem is to set the analogous properties of
XWSSConstants.CERTIFICATE_PROPERTY,XWSSConstants.PRIVATEKEY_PROPERTY,XWSSConstants.SERVER_CERTIFICATE_PROPERTYfor CXF.
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Close
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.