1

First things first:

  • War with camel and cxf (tried latests versions and actually trying with 2.12.0 and 2.7.6 respectively).
  • A simple camel route without process, just from - log - to.
  • The final goal is to add WS-Security to a SOAP message.

Configuration:

application-context.xml

<!-- Import for camel config and beans -->    
<import resource="./cxf-beans-testws.xml" />
<import resource="./camel-testws.xml" />

camel-testws.xml

<!-- CAMEL CONTEXT -->
<camelContext id="camelContextTest" xmlns="http://camel.apache.org/schema/spring">
    <!-- CAMEL ROUTE -->
    <route id="TestWSRoute">
        <description>
            Camel route for testws
        </description>
        <from uri="cxf:bean:serviceTestProvider" />
        <log message="Process" loggingLevel="DEBUG" />
        <to uri="cxf:bean:serviceTestClient" />
    </route>
</camelContext>

cxf-beans-testws.xml (just the relevant part)

<bean id="wss4JOutInterceptorRea" class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
    <constructor-arg>
        <map>
            <entry key="action" value="Encrypt Signature"/>
            <entry key="useSingleCertificate" value="true" />
            <entry key="user" value="xxxx" />
            <entry key="signaturePropRefId" value="signaturePropertiesBean" />
            <entry key="signaturePropertiesBean" value-ref="signaturePropertiesTest" />
            <entry key="signatureUser" value="${test.signature.certificate.alias}" />
            <entry key="passwordCallbackRef" value-ref="clientCallbackTest" />
            <entry key="signatureAlgorithm" value="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
            <entry key="signatureKeyIdentifier" value="DirectReference" />
            <entry key="signatureParts" value="{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body" />
            <entry key="encryptionUser" value="${test.encryption.certificate.alias}" />
            <entry key="encryptionPropRefId" value="encryptionPropertiesBean" />
            <entry key="encryptionPropertiesBean" value-ref="encryptionPropertiesTest" />
        </map>
    </constructor-arg>
</bean>

When I call the web service exposed (serviceTestProvider), the SOAP message comes in, the log appears and the WSS configuration is placed. Then the message is sent to the endPoint... and always returns:

HTTP response '403: Forbidden' when communicating with http://...

If I remove the wss4jOutInterceptor, then the response is that there is no wss security (expected response).

But if I put log level to DEBUG, take the Outbound message from the log after all the interceptor chain handling and send it manually from REST Console or SoapUI... then works OK, no 403. So it seems that the message is well formed. Both calls are made from the same computer and without proxy or similar.

2016-06-17 08:59:12 INFO  WSTestCXFService:234 - Outbound Message
---------------------------
ID: 4
Address: http://correct-ws-url
Http-Method: POST
Content-Type: text/xml;charset=UTF-8
Headers: {Accept=[text/xml;charset=UTF-8], accept-encoding=[gzip,deflate], breadcrumbId=[ID-MACHINENAME-55387-1466145154908-1-4], Cache-Control=[No-Cache], Connection=[Keep-Alive], host=[correct-host], SOAPAction=[method], User-Agent=[Apache-HttpClient/4.1.1 (java 1.5)]}
Payload: <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><SOAP-ENV:Header xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" soap:mustUnderstand="1">...</wsse:Security></SOAP-ENV:Header><soap:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-5"><xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="ED-4" Type="http://www.w3.org/2001/04/xmlenc#Content">...</xenc:EncryptedData></soap:Body></soap:Envelope>

No https, just http endpoint. Tried with conduit to add headers just to match REST Console or SoapUI raw messages with no luck. Any guess?

Kenster
  • 23,465
  • 21
  • 80
  • 106
jakinho
  • 33
  • 2
  • 7
  • Did you check the serverside logs of the server responding with 403 to find out what the reason behind this is? Once I had a similar behaviour because of the missing SOAPAction-header. – Frank Jun 17 '16 at 09:59
  • I cannot access or ask for the serverside logs at this time. I tried pointing to a HTTP Monitor in SoapUI and the header is in the message: **soapaction: method**. – jakinho Jun 17 '16 at 11:19
  • 1
    You could try to use a proxy like fiddler or burp to intercept the requests from SoapUI and camel to your server to look at the complete request data and find out the exact difference between the two ways you are calling the webservice. – Frank Jun 17 '16 at 11:28
  • Did you solve this? Could you post the entire cxf-beans-testws.xml? – npeder Aug 08 '16 at 09:07

1 Answers1

0

Finally, it was a Windows/network problem. Some days later (2-3), no changes at all... it started working.

jakinho
  • 33
  • 2
  • 7