CXF WSS4J Interceptors

Question

I'm trying to configure WSS4J Interceptors with code only using this:

        try {

        Map<String, Object> outProps = new HashMap<String, Object>();

        outProps.put(WSHandlerConstants.ACTION,
                WSHandlerConstants.TIMESTAMP + " "
                        + WSHandlerConstants.SIGNATURE + " "
                        + WSHandlerConstants.ENCRYPT);
        outProps.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT);
        outProps.put(WSHandlerConstants.PW_CALLBACK_CLASS,
                ClientKeystorePasswordCallback.class.getName());
        outProps.put(WSHandlerConstants.SIG_PROP_FILE,
                "clientWSsec-PC165.properties");
        outProps.put(WSHandlerConstants.ENC_PROP_FILE,
                "clientWSsec-PC165-Srv.properties");
        outProps.put(WSHandlerConstants.SIGNATURE_USER, "clientKey");
        outProps.put(WSHandlerConstants.ENCRYPTION_USER, "serverKey");

        Map<String, Object> inProps = new HashMap<String, Object>();

        inProps.put("action", "Timestamp Signature Encrypt");
        inProps.put("passwordType", "PasswordText");
        inProps.put("passwordCallbackClass",
                "utils.ClientKeystorePasswordCallback");
        inProps.put("signatureUser", "clientKey");
        inProps.put("encryptionUser", "serverKey");
        inProps.put("encryptionPropFile", "clientWSsec-PC165.properties");
        inProps.put("signaturePropFile", "clientWSsec-PC165.properties");


        DefaultCryptoCoverageChecker coverageChecker = new DefaultCryptoCoverageChecker();
        coverageChecker.setSignBody(true);
        coverageChecker.setSignTimestamp(true);
        coverageChecker.setEncryptBody(true);

        Service service = new Service ();
        WsService  wsService = service.getWsServiceSOAP();

        org.apache.cxf.endpoint.Client client = ClientProxy
                .getClient(wsService);
        client.getInInterceptors().add(new WSS4JInInterceptor(inProps));
        client.getOutInterceptors().add(new WSS4JOutInterceptor(outProps));
        client.getInInterceptors().add(coverageChecker);

        ResponseType parameters1 = new ResponseType();
        wsService.getResponse(getServiceHeader(),
                parameters1);

    } catch (UndeclaredThrowableException ex) {
        ex.getUndeclaredThrowable().printStackTrace();
    } catch (Exception ex) {
        ex.printStackTrace();
    }

But I'm getting this error :

javax.xml.ws.soap.SOAPFaultException: Security configuration could not be detected. Potential cause: Make sure jaxws:client element with name attribute value matching endpoint port is defined as well as a ws-security.signature.properties element within it.
at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:157)
at $Proxy29.getResponse(Unknown Source)
at utils.Client.main(Client.java:118)

Caused by: org.apache.cxf.ws.policy.PolicyException: Security configuration could not be detected. Potential cause: Make sure jaxws:client element with name attribute value matching endpoint port is defined as well as a ws-security.signature.properties element within it.
at org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.policyNotAsserted(AbstractBindingBuilder.java:313)
at org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.getSignatureBuilder(AbstractBindingBuilder.java:1827)
at org.apache.cxf.ws.security.wss4j.policyhandlers.AsymmetricBindingHandler.doSignature(AsymmetricBindingHandler.java:567)
at org.apache.cxf.ws.security.wss4j.policyhandlers.AsymmetricBindingHandler.doSignBeforeEncrypt(AsymmetricBindingHandler.java:147)
at org.apache.cxf.ws.security.wss4j.policyhandlers.AsymmetricBindingHandler.handleBinding(AsymmetricBindingHandler.java:98)
at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessage(PolicyBasedWSS4JOutInterceptor.java:176)
at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessage(PolicyBasedWSS4JOutInterceptor.java:90)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272)
at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:565)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:474)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:377)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:330)
at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:135)
... 2 more

I would like to know if I'm missing something in my code or if I'm not doing it the right way.

Thank you!

Answer 1

You are mixing "action-based" configuration using WSS4JOutInterceptor/WSS4JInInterceptor, with "policy-based" configuration. In your example, there is a WS-SecurityPolicy (AsymmetricBinding) which the CXF WS-Security runtime is using to configure security. In this case, you don't need to explicitly configure the WSS4JOutInterceptor. What you need to do instead is to add the relevant security properties. Here is a (code) example:

https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=blob_plain;f=systests/ws-security/src/test/java/org/apache/cxf/systest/ws/fault/FaultTest.java;hb=fd92c807e8773c363df37cfaf946971f5bac763b

In particular:

client.getRequestContext().put("ws-security.username", "bob");

client.getRequestContext().put("ws-security.encryption.properties", "bob.properties");

etc.

Colm.

Answer 2

What version of CXF are you using?

I had the same issue with CXF 2.7.11. The issue didn't occur in version 2.7.1.

You can also try to use the latest 3.0 version.