ws-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Colm O hEigeartaigh <cohei...@apache.org>
Subject Re: WS Security configured via policies
Date Mon, 11 Jul 2016 09:21:09 GMT
Hi Kai,

Questions relating to CXF should go to the CXF users list. I took a quick
look and it looks like a bug in CXF, that policies placed at bus level are
not being registered (for WS-Security). Could you file a JIRA (in CXF?).

Colm.

On Sun, Jul 10, 2016 at 11:30 AM, Kai Rommel <krommel2010@googlemail.com>
wrote:

> Hello Colm,
>
> I configured WSS successfully via the WSS interceptors. Now my plan was to
> switch to policies and it does not work out.
>
> I am using an .xml to configure the cxf bus (configuring WSRM via the .xml
> works fine.)
> The bus config within the .xml looks like this:
>
> <cxf:bus>
>
> <cxf:features>
>
> <cxf:logging />
>
> <p:policies enabled="true">
>
> <wsp:Policy wsu:Id="Asymmetric124"
>
> xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> "
>
> xmlns:wsp="http://www.w3.org/ns/ws-policy">
>
> <wsp:ExactlyOne>
>
> <wsp:All>
>
> <sp:AsymmetricBinding
>
> xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
>
> <wsp:Policy>
>
> <sp:InitiatorToken>
>
> <wsp:Policy>
>
> <sp:X509Token
>
> sp:IncludeToken="
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient
> ">
>
> <wsp:Policy>
>
> <sp:WssX509V3Token10 />
>
> </wsp:Policy>
>
> </sp:X509Token>
>
> </wsp:Policy>
>
> </sp:InitiatorToken>
>
> <sp:RecipientToken>
>
> <wsp:Policy>
>
> <sp:X509Token
>
> sp:IncludeToken="
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never
> ">
>
> <wsp:Policy>
>
> <sp:WssX509V3Token10 />
>
> </wsp:Policy>
>
> </sp:X509Token>
>
> </wsp:Policy>
>
> </sp:RecipientToken>
>
> <sp:Layout>
>
> <wsp:Policy>
>
> <sp:Lax />
>
> </wsp:Policy>
>
> </sp:Layout>
>
> <sp:IncludeTimestamp />
>
> <sp:OnlySignEntireHeadersAndBody />
>
> <sp:AlgorithmSuite>
>
> <wsp:Policy>
>
> <sp:Basic128 />
>
> </wsp:Policy>
>
> </sp:AlgorithmSuite>
>
> </wsp:Policy>
>
> </sp:AsymmetricBinding>
>
> <sp:SignedParts
>
> xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
>
> <sp:Body />
>
> <sp:Header Name="To"
>
> Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing" />
>
> <sp:Header Name="From"
>
> Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing" />
>
> <sp:Header Name="FaultTo"
>
> Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing" />
>
> <sp:Header Name="MessageID"
>
> Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing" />
>
> <sp:Header Name="RelatesTo"
>
> Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing" />
>
> <sp:Header Name="Action"
>
> Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing" />
>
> <sp:Header Name="Timestamp"
>
> Namespace="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> " />
>
> </sp:SignedParts>
>
> <sp:EncryptedParts
>
> xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"
>
> xmlns:sapsp="http://www.sap.com/webas/630/soap/features/security/policy"
>
> xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:wst="
> http://docs.oasis-open.org/ws-sx/ws-trust/200512"
>
> xmlns:wsu="http://schemas.xmlsoap.org/ws/2002/07/utility"
>
> xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex">
>
> <sp:Body />
>
> <sp:Attachments />
>
> </sp:EncryptedParts>
>
> </wsp:All>
>
> </wsp:ExactlyOne>
>
> </wsp:Policy>
>
> </p:policies>
>
> </cxf:features>
>
> </cxf:bus>
>
>  Within the .java class I am loading the config:
>
>            SpringBusFactory bf = new SpringBusFactory();
>
>             URL busFile = ClientWSSviaPolicies.class.getResource(
> "clientWSSviaPoliciesWithAtt_WSRM.xml");
>
>             Bus bus = bf.createBus(busFile.toString());
>
>
>
>             BusFactory.setDefaultBus(bus);
> plus I am setting the needed properties
>
>             ((BindingProvider)port).getRequestContext().put(
> "ws-security.username", "wss");
>
>             ((BindingProvider)port).getRequestContext().put(
> "ws-security.callback-handler", "demo.ws_rm.client.CallBack");
>
>             ((BindingProvider)port).getRequestContext().put(
> "ws-security.signature.username", "wss");
>
>             ((BindingProvider)port).getRequestContext().put(
> "ws-security.signature.properties", "jks/client.properties");
>
>             ((BindingProvider)port).getRequestContext().put(
> "ws-security.encryption.username", "wss");
>
>             ((BindingProvider)port).getRequestContext().put(
> "ws-security.encryption.properties", "jks/client.properties");
>
>
> But the message which my client creates, is not signed nor encrypted.
>
> I search for samples, but I did not find a helpful one. I saw some
> examples with an wsdl containing the policies, but I wanted to set the
> policy via the bus.
>
> Can you give me a hint what I have done wrong?
>
> Thanks.
>
> Best regards
>
> Kai
>
>
>


-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

Mime
View raw message