ws-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kai Rommel <krommel2...@googlemail.com>
Subject Re: WS Security configured via policies
Date Wed, 13 Jul 2016 09:18:02 GMT
Hello Colm,
I created CXF-6968 <https://issues.apache.org/jira/browse/CXF-6968>
Thanks.

Best regards,
Kai

2016-07-11 11:21 GMT+02:00 Colm O hEigeartaigh <coheigea@apache.org>:

> Hi Kai,
>
> Questions relating to CXF should go to the CXF users list. I took a quick
> look and it looks like a bug in CXF, that policies placed at bus level are
> not being registered (for WS-Security). Could you file a JIRA (in CXF?).
>
> Colm.
>
> On Sun, Jul 10, 2016 at 11:30 AM, Kai Rommel <krommel2010@googlemail.com>
> wrote:
>
>> Hello Colm,
>>
>> I configured WSS successfully via the WSS interceptors. Now my plan was
>> to switch to policies and it does not work out.
>>
>> I am using an .xml to configure the cxf bus (configuring WSRM via the
>> .xml works fine.)
>> The bus config within the .xml looks like this:
>>
>> <cxf:bus>
>>
>> <cxf:features>
>>
>> <cxf:logging />
>>
>> <p:policies enabled="true">
>>
>> <wsp:Policy wsu:Id="Asymmetric124"
>>
>> xmlns:wsu="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
>> "
>>
>> xmlns:wsp="http://www.w3.org/ns/ws-policy">
>>
>> <wsp:ExactlyOne>
>>
>> <wsp:All>
>>
>> <sp:AsymmetricBinding
>>
>> xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
>>
>> <wsp:Policy>
>>
>> <sp:InitiatorToken>
>>
>> <wsp:Policy>
>>
>> <sp:X509Token
>>
>> sp:IncludeToken="
>> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient
>> ">
>>
>> <wsp:Policy>
>>
>> <sp:WssX509V3Token10 />
>>
>> </wsp:Policy>
>>
>> </sp:X509Token>
>>
>> </wsp:Policy>
>>
>> </sp:InitiatorToken>
>>
>> <sp:RecipientToken>
>>
>> <wsp:Policy>
>>
>> <sp:X509Token
>>
>> sp:IncludeToken="
>> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never
>> ">
>>
>> <wsp:Policy>
>>
>> <sp:WssX509V3Token10 />
>>
>> </wsp:Policy>
>>
>> </sp:X509Token>
>>
>> </wsp:Policy>
>>
>> </sp:RecipientToken>
>>
>> <sp:Layout>
>>
>> <wsp:Policy>
>>
>> <sp:Lax />
>>
>> </wsp:Policy>
>>
>> </sp:Layout>
>>
>> <sp:IncludeTimestamp />
>>
>> <sp:OnlySignEntireHeadersAndBody />
>>
>> <sp:AlgorithmSuite>
>>
>> <wsp:Policy>
>>
>> <sp:Basic128 />
>>
>> </wsp:Policy>
>>
>> </sp:AlgorithmSuite>
>>
>> </wsp:Policy>
>>
>> </sp:AsymmetricBinding>
>>
>> <sp:SignedParts
>>
>> xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
>>
>> <sp:Body />
>>
>> <sp:Header Name="To"
>>
>> Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing" />
>>
>> <sp:Header Name="From"
>>
>> Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing" />
>>
>> <sp:Header Name="FaultTo"
>>
>> Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing" />
>>
>> <sp:Header Name="MessageID"
>>
>> Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing" />
>>
>> <sp:Header Name="RelatesTo"
>>
>> Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing" />
>>
>> <sp:Header Name="Action"
>>
>> Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing" />
>>
>> <sp:Header Name="Timestamp"
>>
>> Namespace="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
>> " />
>>
>> </sp:SignedParts>
>>
>> <sp:EncryptedParts
>>
>> xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"
>>
>> xmlns:sapsp="http://www.sap.com/webas/630/soap/features/security/policy"
>>
>> xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:wst="
>> http://docs.oasis-open.org/ws-sx/ws-trust/200512"
>>
>> xmlns:wsu="http://schemas.xmlsoap.org/ws/2002/07/utility"
>>
>> xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex">
>>
>> <sp:Body />
>>
>> <sp:Attachments />
>>
>> </sp:EncryptedParts>
>>
>> </wsp:All>
>>
>> </wsp:ExactlyOne>
>>
>> </wsp:Policy>
>>
>> </p:policies>
>>
>> </cxf:features>
>>
>> </cxf:bus>
>>
>>  Within the .java class I am loading the config:
>>
>>            SpringBusFactory bf = new SpringBusFactory();
>>
>>             URL busFile = ClientWSSviaPolicies.class.getResource(
>> "clientWSSviaPoliciesWithAtt_WSRM.xml");
>>
>>             Bus bus = bf.createBus(busFile.toString());
>>
>>
>>
>>             BusFactory.setDefaultBus(bus);
>> plus I am setting the needed properties
>>
>>             ((BindingProvider)port).getRequestContext().put(
>> "ws-security.username", "wss");
>>
>>             ((BindingProvider)port).getRequestContext().put(
>> "ws-security.callback-handler", "demo.ws_rm.client.CallBack");
>>
>>             ((BindingProvider)port).getRequestContext().put(
>> "ws-security.signature.username", "wss");
>>
>>             ((BindingProvider)port).getRequestContext().put(
>> "ws-security.signature.properties", "jks/client.properties");
>>
>>             ((BindingProvider)port).getRequestContext().put(
>> "ws-security.encryption.username", "wss");
>>
>>             ((BindingProvider)port).getRequestContext().put(
>> "ws-security.encryption.properties", "jks/client.properties");
>>
>>
>> But the message which my client creates, is not signed nor encrypted.
>>
>> I search for samples, but I did not find a helpful one. I saw some
>> examples with an wsdl containing the policies, but I wanted to set the
>> policy via the bus.
>>
>> Can you give me a hint what I have done wrong?
>>
>> Thanks.
>>
>> Best regards
>>
>> Kai
>>
>>
>>
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>

Mime
View raw message