1

I'm using the action based approach to ws-security, as the WSDL I am interfacing to does not contain a security policy. Code for the interceptor and security is below.

I'm getting an error back from the server indicating my binary security token is not base 64 encoded. That was a head scratcher, since it appears to be, and indicates it is in the type description. Then I noticed some characters were being replaced with XML escape characters. If I brute force send a message where these characters are reverted, the server responds, so I suspect they are not gracefully converting these back upon receive.

How do I stop the header from getting escaped?

Here's the code I'm using to configure my client:

    JaxWsProxyFactoryBean factory = new JaxWsProxyFactoryBean( );
    factory.setServiceClass( Operations.class );
    factory.setAddress( serviceUrl );

    Map< String, Object > properties = Maps.newHashMap( );
    properties.put( "mtom-enabled", "false" );
    factory.setProperties( properties );

    outProps.put( "cryptoProperties", sig_props );

    outProps.put( WSHandlerConstants.ACTION, WSHandlerConstants.SIGNATURE + " " + WSHandlerConstants.ENCRYPT );
    outProps.put( WSHandlerConstants.USER, apiKeyPairAlias );
    outProps.put( WSHandlerConstants.SIG_PROP_REF_ID, "cryptoProperties" );
    outProps.put( WSHandlerConstants.ENC_PROP_REF_ID, "cryptoProperties" );
    outProps.put( WSHandlerConstants.SIG_KEY_ID, "DirectReference" );
    outProps.put( WSHandlerConstants.ENC_KEY_ID, "DirectReference" );
    outProps.put( WSHandlerConstants.SIGNATURE_USER, apiKeyPairAlias );
    outProps.put( WSHandlerConstants.ENCRYPTION_USER, apiKeyPairAlias );
    outProps.put( WSHandlerConstants.PW_CALLBACK_REF, new ClientPasswordHandler( ) );
    outProps.put( WSHandlerConstants.STORE_BYTES_IN_ATTACHMENT, "true" );
    outProps.put( WSHandlerConstants.USE_SINGLE_CERTIFICATE, "false" );

    WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor( outProps );
    factory.getOutInterceptors( ).add( wssOut );

    Map< String, Object > inProps = Maps.newHashMap( );
    inProps.put( WSHandlerConstants.ACTION, WSHandlerConstants.SIGNATURE + " " + WSHandlerConstants.ENCRYPT );
    inProps.put( "cryptoProperties", sig_props );
    outProps.put( WSHandlerConstants.SIG_PROP_REF_ID, "cryptoProperties" );
    outProps.put( WSHandlerConstants.ENC_PROP_REF_ID, "cryptoProperties" );
    outProps.put( WSHandlerConstants.PW_CALLBACK_REF, new ClientPasswordHandler( ) );

    WSS4JInInterceptor wssIn = new WSS4JInInterceptor( inProps );
    factory.getInInterceptors( ).add( wssIn );
Evan
  • 2,441
  • 23
  • 36
  • I've been trying to setup a marshaller instance that actually does something, but I've been completely unsuccessful. I'm creating new JAXB contexts from the oasis and server generated classes and setting the character escape handler property to a custom escape handler, but it is never called. – Evan May 03 '18 at 17:16
  • This should be fixed in the next CXF release: ref https://issues.apache.org/jira/browse/SANTUARIO-482 – Colm O hEigeartaigh May 04 '18 at 09:26
  • Thanks Colm. Appreciate you providing info via StackOverflow. For now, in case anyone else is struggling also, I ended up making an interceptor bound to PRE_STREAM that used stax2's EscapingWriterFactory. – Evan May 07 '18 at 19:53
  • I have the same problem with BinarySecurityToken being modified. @Evan, could you tell me more about your interceptor solution? – kotamotek Apr 17 '20 at 11:06
  • I'm afraid I don't have access to that source anymore to simply copy / paste, but I'm nearly certain I implemented the answer in this post: https://stackoverflow.com/questions/16099783/setting-characterescapehandler-variable-on-a-marshaller-doesnt-work-as-expected – Evan Apr 20 '20 at 03:00

0 Answers0