ws-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kai Rommel <krommel2...@googlemail.com>
Subject WS Security configured via policies
Date Sun, 10 Jul 2016 10:30:15 GMT
Hello Colm,

I configured WSS successfully via the WSS interceptors. Now my plan was to
switch to policies and it does not work out.

I am using an .xml to configure the cxf bus (configuring WSRM via the .xml
works fine.)
The bus config within the .xml looks like this:

<cxf:bus>

<cxf:features>

<cxf:logging />

<p:policies enabled="true">

<wsp:Policy wsu:Id="Asymmetric124"

xmlns:wsu="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
"

xmlns:wsp="http://www.w3.org/ns/ws-policy">

<wsp:ExactlyOne>

<wsp:All>

<sp:AsymmetricBinding

xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">

<wsp:Policy>

<sp:InitiatorToken>

<wsp:Policy>

<sp:X509Token

sp:IncludeToken="
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient
">

<wsp:Policy>

<sp:WssX509V3Token10 />

</wsp:Policy>

</sp:X509Token>

</wsp:Policy>

</sp:InitiatorToken>

<sp:RecipientToken>

<wsp:Policy>

<sp:X509Token

sp:IncludeToken="
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never
">

<wsp:Policy>

<sp:WssX509V3Token10 />

</wsp:Policy>

</sp:X509Token>

</wsp:Policy>

</sp:RecipientToken>

<sp:Layout>

<wsp:Policy>

<sp:Lax />

</wsp:Policy>

</sp:Layout>

<sp:IncludeTimestamp />

<sp:OnlySignEntireHeadersAndBody />

<sp:AlgorithmSuite>

<wsp:Policy>

<sp:Basic128 />

</wsp:Policy>

</sp:AlgorithmSuite>

</wsp:Policy>

</sp:AsymmetricBinding>

<sp:SignedParts

xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">

<sp:Body />

<sp:Header Name="To"

Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing" />

<sp:Header Name="From"

Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing" />

<sp:Header Name="FaultTo"

Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing" />

<sp:Header Name="MessageID"

Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing" />

<sp:Header Name="RelatesTo"

Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing" />

<sp:Header Name="Action"

Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing" />

<sp:Header Name="Timestamp"

Namespace="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
" />

</sp:SignedParts>

<sp:EncryptedParts

xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"

xmlns:sapsp="http://www.sap.com/webas/630/soap/features/security/policy"

xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:wst="
http://docs.oasis-open.org/ws-sx/ws-trust/200512"

xmlns:wsu="http://schemas.xmlsoap.org/ws/2002/07/utility"

xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex">

<sp:Body />

<sp:Attachments />

</sp:EncryptedParts>

</wsp:All>

</wsp:ExactlyOne>

</wsp:Policy>

</p:policies>

</cxf:features>

</cxf:bus>

 Within the .java class I am loading the config:

           SpringBusFactory bf = new SpringBusFactory();

            URL busFile = ClientWSSviaPolicies.class.getResource(
"clientWSSviaPoliciesWithAtt_WSRM.xml");

            Bus bus = bf.createBus(busFile.toString());



            BusFactory.setDefaultBus(bus);
plus I am setting the needed properties

            ((BindingProvider)port).getRequestContext().put(
"ws-security.username", "wss");

            ((BindingProvider)port).getRequestContext().put(
"ws-security.callback-handler", "demo.ws_rm.client.CallBack");

            ((BindingProvider)port).getRequestContext().put(
"ws-security.signature.username", "wss");

            ((BindingProvider)port).getRequestContext().put(
"ws-security.signature.properties", "jks/client.properties");

            ((BindingProvider)port).getRequestContext().put(
"ws-security.encryption.username", "wss");

            ((BindingProvider)port).getRequestContext().put(
"ws-security.encryption.properties", "jks/client.properties");


But the message which my client creates, is not signed nor encrypted.

I search for samples, but I did not find a helpful one. I saw some examples
with an wsdl containing the policies, but I wanted to set the policy via
the bus.

Can you give me a hint what I have done wrong?

Thanks.

Best regards

Kai

Mime
View raw message