CXF Web service client not encrypting the SOAP Request XML message

Question

I am learning Webservice security . I am using CXF framework for that. I have developed one test service it will just double up the value whatever we sent. Based on this tutorial

i have added the WS-Policy for XML encryption and signature.

Then i developed the web service client for this service as a eclipse project using CXF. The following is my client configuration file

<jaxws:client id="doubleItClient" serviceClass="com.DoubleIt" address="http://localhost:8080/myencws/services/DoubleItPort?wsdl">
<jaxws:features>
            <bean class="org.apache.cxf.feature.LoggingFeature" />
</jaxws:features>

 <jaxws:properties>
            <entry key="ws-security.callback-handler" value="com.ClientKeystorePasswordCallback"/>        
            <entry key="ws-security.encryption.properties" value="com/clientKeystore.properties"/>
            <entry key="ws-security.signature.properties" value="com/clientKeystore.properties"/>
            <entry key="ws-security.encryption.username" value="myservicekey"/>
 </jaxws:properties>

I have generated all the keystore file , and i created the clientKeystore.properties file and placed in the src directory of my project.

But whenever i run this client the SOAP request message was not encrypted. So inn server side i am getting exception like

These policy alternatives can not be satisfied: {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}EncryptedParts {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SignedParts

The following is my SOAP request

<soap:Envelope
 xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><ns2:doubleValue
 xmlns:ns2="http://com/"><arg0>5</arg0></ns2:doubleValue></soap:Body></soap:Envelope>

I am using CXF2.7.3. I dont know whats wrong . Please help me.

Answer 1

I have a similar issue with my code before, what was missing was the jar dependencies which does the actual encryption when the security policy are read by your client from the WSDL.

My fix was to add certain maven dependencies in your POM to enable encryption. Check this url: http://cxf.apache.org/docs/using-cxf-with-maven.html

Also read "Enabling WS-SecurityPolicy" section in url http://cxf.apache.org/docs/ws-securitypolicy.html

I hope this helps

Answer 2

Make sure you are using the correct library. Try to include cxf bundle only, remove other cxf dependencies If you are using maven, something like this:

<dependency>
    <groupId>org.apache.cxf</groupId>
    <artifactId>cxf-bundle</artifactId>
    <version>2.7.18</version>
</dependency>

Answer 3

I ran into the same issue and after much experimentation, the following guidelines help every single time.

1. Structure your cxf client config xml to have import of META-INF cxf.xml.
2. Define the cxf bus features (for logging)
3. Define the http conduits (if needed for TLS Handshake etc)
4. jaxws:client bean with name attribute as {targetNameSpaceWSDL)/PortName and createdFromAPI=true and abstract=true
5. Make client tag contain jaxws features. Remember to use latest "security" and not "ws-security"
6. In your java client class, use the SpringBus to load the cxf client config xml.SVN Link for SpringBus Client Config
7. Make sure all the required dependencies for WS policy processing is present in classpath like cxf-rt-ws-policy and cxf-rt-ws-security.jar and bouncycastle providers if needed

Note: security.signature.properties and security.encryption.properties can be externalized as well and directly referred to with the absolute path in the xml value.