Questions tagged [wss4j]

The Apache WSS4J™ is a Java implementation of the primary security standards for Web Services, namely the OASIS Web Services Security (WS-Security) specifications from the OASIS Web Services Security TC.

232 questions

votes

1 answer

Java XML WS-Security Signature; X.509 Token Profile; adding a Security Token Reference

Below is the XML Signature keyinfo I need to generate in Java.

asked Nov 29 '16 at 12:58

Ant s

votes

2 answers

Encrypting username token with apache cxf

Greetings good people. I have a soap web service that I want to consume.I have created a small project to simulate what is required in the actual project especially on the username token encryption. There are steps provided on how to encrypt the…

cxf wss4j usernametoken

asked May 31 '16 at 15:16

chilopoda

votes

0 answers

Cannot read the token from the 'SignatureConfirmation' element..(Java-WCF)

I have a WCF(3.5) client talking to a Java Web Service (Spring-WS, WSS4J), the client fails while recieving the response from server giving the following exception message Cannot read the token from the 'SignatureConfirmation' element with the…

java wcf web-services spring-ws wss4j

asked Sep 02 '10 at 13:08

Shameer Kunjumohamed

votes

1 answer

How to use Axis2 WSDL2Code Plugin to Generate Client with Username Token Poliy

I am newer to maven but have been using SOAP services and Axis2 for awhile. As mentioned, I am trying to use axis2-wsdl2code-maven-plugin to generate code from a 3rd party wsdl. The code generation is working for the most part. I see the expected…

maven-3 apache-axis maven-plugin wss4j wsdl2code

asked Feb 16 '16 at 05:41

MonomiDev

votes

2 answers

IRS Soap Fault - Invalid WS Security Header

I am trying to send a Soap Request to IRS and facing the same error like others in this group - 'Invalid WS Security Header'. can someone guide me with a sample Soap Request? One more question is - as part of the Enrollment process, we submitted our…

web-services wss4j irs

asked Jan 22 '16 at 08:59

Sha

votes

2 answers

Is xmldsig apache santuario provider incompatible with jdk provider?

I'm creating a xml digital signature the same way it is mentioned in nearly all examples I have found: String providerName = System.getProperty("jsr105Provider", "org.jcp.xml.dsig.internal.dom.XMLDSigRI"); XMLSignatureFactory fac…

java xml-signature wss4j xml-dsig xmlsec

asked Jan 04 '16 at 12:28

soilworker

1,317
1
15
32

votes

2 answers

Allow the RSA v1.5 Key Transport Algorithm for WildFly / JBossWS / CXF / WSS4J stack

In response to a security advisory (see http://cxf.apache.org/note-on-cve-2011-1096.html) regarding the RSA v1.5 key transport algorithm, both CXF and WSS4J projects have disallowed use of all related algorithms by default. They have however…

cxf wildfly wss4j jbossws

asked Sep 15 '15 at 16:04

B. Nossing

votes

1 answer

What is the alternate to PasswordDigest when clear text password is not stored on the web-service producer?

Scenario: Web-service producer have only SHA-1 hash of passwords stored in database. We need to authenticate Web-service users using User Name/Password combination. Web Services Security UsernameToken Profile allows us to add soap headers for this…

security web-services passwords wss wss4j

asked Jun 24 '10 at 10:46

Tahir Akhtar

11,385
7
42
69

votes

2 answers

The signature or decryption was invalid when verifying with cxf

I am following cxf sample to verify the signature, unfortunately I got following error " org.apache.wss4j.common.ext.WSSecurityException: The signature or decryption was invalid" I've tried many days and don't find any solution. spring…

spring soap cxf wss4j

asked Jun 11 '15 at 12:44

yu-lian chen

votes

1 answer

Apache CXF 3.0.4 and Wss4j, issue with KeyIdentifier EncryptedKeySHA1

I'm using CXF 3.0.4 to encrypt a Webservice, and I want the KeyIdentifier to be set to EncryptedKeySHA1. To do so, I added the parameters to the context.xml in the…

security encryption cxf wss4j

asked Mar 02 '15 at 14:03

Laurent Fleifel

votes

1 answer

WSS4J complains "No Subject DN Certificate Constraints were defined. This could be a security issue" using Axis2 Rampart

We see the following warning message using Rampart-1.6.2 and wss4j-1.6.14. We wonder if anyone can advise how to set the cert subject DN constraint in Rampart. We found a way for Apache CXF though:…

wso2 cxf apache-axis rampart wss4j

asked Jul 10 '14 at 00:24

user2589347

votes

0 answers

How to add Timetamp to SOAP header with SpringWS

It seems the default option for adding a timestamp using SpringWS + Wss4j interceptor is to add the Timestamp within the security element within the header: ... …

java soap spring-ws wss4j

asked Sep 19 '13 at 16:44

James

1,720
5
29
50

votes

2 answers

spring-ws-security dependency conflict

I'd like to use spring-ws-security in order to secure my web service with Wss4jSecurityInterceptor and signatures. But there is a dependency conflict which make this system unworkable. The spring-ws-security:2.1.2.RELEASE seems to be not workable as…

spring-ws wss4j opensaml xmlsec

asked Aug 06 '13 at 15:12

darkled

votes

1 answer

WCF - How to debug "The signature verification failed" messages

I've created a WCF client that is calling a Spring Web Services 2.1.0 + Apache WSS4J 1.6.7 (WS-Sec 1.1) server and returning a response. WCF is complaining that the "Message security verification failed" with an InnerException of "The signature…

c# wcf soap wcf-security wss4j

asked Jan 21 '13 at 17:47

StickyMcGinty

votes

1 answer

WSS4J does not parse SOAP message

I have code like this: private WSSecurityEngine engine = new WSSecurityEngine(); private CallbackHandler callbackHandler = new UsernamePasswordCallbackHandler(); @Test public void testWss4jEngine() { InputStream in =…

soap ws-security wss4j

asked Jul 10 '12 at 16:25

Frank

Prev 1 2 3

…

15 16 Next