ws-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kai Rommel <krommel2...@googlemail.com>
Subject Re: WS Security with attachment encryption
Date Mon, 27 Jun 2016 10:32:42 GMT
Hello Colm,

thanks. My configuration was wrong. I configured:

<entry key="encryptionParts" value="{Element}{
http://schemas.xmlsoap.org/soap/envelope/}Body; {}cid:Attachments" />
I oriented myself on https://ws.apache.org/wss4j/attachments.html

Now I am using (like in your test):

 <entry key="encryptionParts" value="{}{
http://schemas.xmlsoap.org/soap/envelope/}Body;{Element}cid:Attachments;">

and it works fine.

The documentation states {}cid:Attachments. Maybe it can be updated to
{Element}cid:Attachments.


Is there an special reason, why I have to use in signatureParts {Element}{
http://schemas.xmlsoap.org/soap/envelope/}Body and in encryptionParts {}{
http://schemas.xmlsoap.org/soap/envelope/}Body?

Thanks.

Best regards

Kai







2016-06-27 12:10 GMT+02:00 Colm O hEigeartaigh <coheigea@apache.org>:

> I can't reproduce...I added a similar test to CXF and it works fine:
>
> https://git1-us-west.apache.org/repos/asf?p=cxf.git;a=commit;h=0eafb7f8
>
> Colm.
>
> On Mon, Jun 27, 2016 at 10:02 AM, Kai Rommel <krommel2010@googlemail.com>
> wrote:
>
>> Hello Colm,
>>
>> I configured a WS-Consumer with WS-Security.
>> Works fine for body encryption, when message is send to WS-Provider. The
>> soap envelope contains beside soap header also soap body:
>>
>> ...</wsse:Security></soap:Header><soap:Body xmlns:wsu="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
>> wsu:Id="id-f2366587-d90a-44c5-9b03-22dccc6a177d"><xenc:EncryptedData .....
>>
>>
>> Now I enhanced my scenario by encrypting attachments, too.
>> My WSS4J Interceptor looks like this:
>> <bean class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor"
>>  id="Sign_Request">
>>  <constructor-arg>
>>      <map>
>>          <entry key="action" value="Timestamp Signature Encrypt" />
>>          <entry key="user" value="wss" />
>>          <entry key="signatureUser" value="wss" />
>>          <entry key="signaturePropFile" value="jks/client.properties" />
>>          <entry key="signatureKeyIdentifier" value="DirectReference" />
>>          <entry key="passwordCallbackClass"
>> value="demo.ws_rm.client.CallBack" />
>>          <!-- with attachments -->
>>          <entry key="signatureParts"
>>              value="{}cid:Attachments;
>>              {Element}{
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp
>> ;
>>              {Element}{http://schemas.xmlsoap.org/soap/envelope/}Body"/>
>>          <entry key="encryptionUser" value="wss" />
>>          <entry key="encryptionPropFile" value="jks/client.properties" />
>>          <entry key="encryptionParts"
>>           value="{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body;
>> {}cid:Attachments" />
>>      </map>
>>  </constructor-arg>
>> </bean>
>>
>> Now the soap:body is missing in the soap:envelope. Header element is
>> closed, but body not opened
>> ...</wsse:Security></soap:Header><xenc:EncryptedData xmlns:....
>>
>> Attachments are encrypted fine. But message can not be decrypted on
>> WS-Provider side, because of missing body element.
>>
>> I am using cxf 3.2.0-SNAPSHOT and wss4j 2.2.0-SNAPSHOT.
>>
>> Are you able to reproduce the error, or is my WSS4J interceptor
>> configuration wrong?
>>
>> Thanks for your help.
>>
>> Best regards
>> Kai
>>
>
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>

Mime
View raw message