Stack Overflow
Stack Overflow

Questions tagged [wss4j]

The Apache WSS4J™ is a Java implementation of the primary security standards for Web Services, namely the OASIS Web Services Security (WS-Security) specifications from the OASIS Web Services Security TC.

232 questions
3
votes
2 answers

CallbackHandler in CXF 3.X & WSS4J 2.X

I'm trying to upgrade our current application to CXF 3 and WSS4J 2. This is causing me quite a headache. The current application code for the client: private void secureWebService( Client client, final Credentials credentials ) { // set some…
brostbeef
  • 366
  • 3
  • 15
3
votes
1 answer

org.apache.ws.security.WSSecurityException: General security error (No certificates were found for decryption (KeyId))

I have inherited some code that is a WSS4J secure webservice. It is based off of this popular tutorial: http://distributedsenses.blogspot.com/2008/09/configuring-cxf-for-web-service.html Now the server side is working with other clients, but mine…
mmaceachran
  • 3,178
  • 7
  • 53
  • 102
3
votes
2 answers

Howto correct SecurityTokenReference, using WSS4J to sign SOAP

I'm in the throes of using wss4j to sign a SOAP document. I want mine to look like fig.1. However, it's coming out like fig.2. That is, fig.1 has a , which points to the document's BinarySecurityToken. Whereas fig.2 has a , which references the…
Nutritioustim
  • 2,686
  • 4
  • 32
  • 57
3
votes
1 answer

CXF WSS4J interceptors vs WS-SecurityPolicy

I have a question on WS-Security policy. We can implement the WS-Security using CXF WSS4J interceptors or WS-Security Policy. What will be the difference of this two approaches? I found embedding a WS-Security Policy to a wsdl is more difficult than…
Dilip
  • 929
  • 3
  • 13
  • 32
3
votes
1 answer

CXF2.7.2 + Weblogic 12c + Java 1.7

There is an issue with running CXF application of Weblogic 12c. Exception is as following: org.apache.jcp.xml.dsig.internal.dom.DOMXMLSignatureFactory cannot be cast to javax.xml.crypto.dsig.XMLSignatureFactory The interesting here is that…
Milkywayfarer
  • 910
  • 1
  • 9
  • 25
3
votes
0 answers

CXF WSS4j interceptor in Android SOAP client

I'm using ksoap2 library to make a soap client on Android mobile phone and I need to use something like cxf's WSS4J interceptors like the following code: private WSS4JInInterceptor securityInInterceptor; private WSS4JOutInterceptor…
Marco
  • 1,284
  • 4
  • 17
  • 41
3
votes
2 answers

CXF WSS4J Interceptor documentation/manual

I have spent a fair amount of time finding tutorials and implementing signatures and encryption on a catalog of Web Services. Now i need to extend that functionality to allow each user to have their own signature and encryption keys. For that reason…
Martin Nielsen
  • 1,865
  • 6
  • 30
  • 54
3
votes
2 answers

How to digitally sign SOAP request using Eclipse generated proxy (axis 1.4) via WSS4J?

I have been provided a WSDL for a webservice. I am now required to digitally sign that request. The previous developer utilized the Eclipse feature to generate proxy classes. Add the WSDL to the project, then right click on it, click "Web Service",…
Paul Lemke
  • 5,494
  • 3
  • 47
  • 66
2
votes
0 answers

Adding SecurityContextToken to SOAP 1.1 Message using Apache CXF

I have to call a secure SOAP 1.1 (using X.509 Certificate) and currently getting error: An error occurred when verifying security for the message. I suspect(and I stand corrected), the SOAP request generated has BinarySecurityToken instead of the…
n002213f
  • 7,805
  • 13
  • 69
  • 105
2
votes
0 answers

Anyone succesfully used Wss4jSecurityInterceptor for Spring.WS for SAML security with a SAMLCallbackHandler in a Spring Boot application?

Is someone with experience in using Wss4jSecurityInterceptor able to help figuring out if we are doing something wrong regarding a SAMLCallbackHandler for supplying the assertion for the security header of a SOAP call? Specifically:…
Sonaten
  • 502
  • 2
  • 14
2
votes
1 answer

Signature & Digest value mismatch Java vs SOAP UI for same request body as input

I have signed soap request by following below stackoverflow URL. Signing soap message using WSS4j in Java The signed soap request generated from Java code and the one generated from SOUP UI for same input is not matching. Below listed have different…
JAYASHRI SHINDE
  • 79
  • 8
2
votes
0 answers

Load Certificates from DB with custom crypto provider

I am using CXF with WSS4J Interceptors and I want to fetch the keys and certificates from the DB rather than the standard Merlin propfile/JKS solution. I have started with a simple CryptoImplementation, but the methods never get called. public class…
Mawillec
  • 85
  • 7
2
votes
1 answer

JVM bug? java.lang.VerifyError: Bad type on operand stack

Using org.apache.wss4j artifacts to support ws-security part of a SOAP service calling inside a Play Framework (Java version) application resulted in this mess: java.util.concurrent.CompletionException: java.lang.RuntimeException:…
youhans
  • 6,101
  • 4
  • 27
  • 39
2
votes
1 answer

Apache CXF reverts to HTTP when should be using HTTPS

I'm trying to write a SOAP client to connect to a PeopleSoft web service that is expecting HTTPS with WS-security. I'm using Apache CXF for the client. Here's what I've done: 1) Added the server certificate to a truststore: 'jssecacerts', using a…
Mick Sear
  • 1,549
  • 15
  • 25
2
votes
0 answers

how can we generate wsu:Id in soap request xml using java

Please advise how can we generate dynamic wsu:Id in soap request xml. 2015-07-08T19:07:30.388Z
user2707491
  • 59
  • 10
1 2
3
15 16