Questions tagged [wss4j]

The Apache WSS4J™ is a Java implementation of the primary security standards for Web Services, namely the OASIS Web Services Security (WS-Security) specifications from the OASIS Web Services Security TC.

232 questions

votes

1 answer

How to configure wss4j signature verifier

I'm using WSS4J to verify sign and timestamp in soap messages. But when I receive message without signed timestamp part wssj4 thinks that everything is ok, and I would like to see error in that situation. My good message looks like that:

asked Jun 21 '12 at 06:36

Pawel

vote

1 answer

Apache CXF / WSS4J Certificate Validation

Is seem that the only way the certificate (X509) validation performs is: if a request to the server contains a certificate, that is already in the server's keystore, process the request (and the same with the server's response). Could you, please,…

java web-services spring cxf wss4j

asked Jan 30 '12 at 11:37

Dmitry

3,028
6
44
66

vote

1 answer

How to make wss4j to not create expires element in soap header

Is there any option in wss4j or cxf that controls whether element from ws-security is included in SOAP header. What I want to achieve is that SOAP header contains only element, e.g.

cxf ws-security wss4j

asked Dec 19 '11 at 14:21

Garlik

vote

1 answer

How to turn off SecureConversationToken in WCF web service

I have a WCF web service with WS-* security and I need to write a Java client for it using WSS4J API. But, as it turns out WSS4J does not support the and tags, which are specific to WS-SecureConversation. is…

java wcf web-services wss4j

asked Dec 18 '11 at 13:30

Tomer

17,787
15
78
137

vote

1 answer

How to disable wss4j timestamp cache

I need to update a javaEE application (still in java 1.7) that provides a SOAP web service. And I'd like to disable the TIMESTAMP_CACHE that wss4j (v2.0.2) uses to control reply attacks. It creates too many files and the OS reaches the maximum open…

soap wss4j

asked Nov 15 '22 at 13:59

Pedro

vote

1 answer

ClassCastException with multiple wars deployed in Tomcat

I have two WARs deployed to the same Tomcat 7 instance, and both use CXF + WSS4J. The two apps communicate via SOAP, and WSS4J interceptors handle SAML assertions in the SOAP headers. When testing each war in isolation everything works fine, but…

tomcat classloader cxf wss4j

asked Sep 08 '11 at 14:41

Jpnh

vote

1 answer

Spring-ws security header to load configurations for multiple cert

I am trying to invoke a SOAP webservice in my spring boot application using spring-ws with a keystore which has multiple certs. The configuration always defaults to single cert. Sample code below: Wss4jSecurityInterceptor wss4jSecurityInterceptor =…

spring-boot spring-ws wss4j

asked Mar 27 '22 at 15:58

Suria

vote

0 answers

How to know which key was used for SOAP body signature verification

Using CXF I came across a problem: I would like to log the public key used to verify the signature provided on the SOAP request. Initially, I thought about extending the org.apache.ws.security.crypto.provider, but that allows me to check which keys…

java cxf wss wss4j java-ws

asked Jul 01 '21 at 16:13

Francisco Spaeth

23,493
7
67
106

vote

2 answers

Apache Rampart WS-Security: one client, several service instances

I'm adding X.509 Mutual Certificate authentication into the project. The specific case here is that one client (let's say manager) can access several service instances (servers). Each server has its own certificate. When providing a policy.xml…

java soap mutual-authentication wss4j rampart

asked Feb 09 '21 at 06:07

sys463

vote

1 answer

Spring WS interceptor error - WSHandler: application provided null or empty password

I have to configure the interceptor to use Signature Timestamp actions for an SOAP application using Spring WS. I do the request with SOAP-UI with a configured project with the signature. For that i have this beans in a custom config file: …

java spring-ws wss4j

asked May 05 '20 at 08:01

Adrián Blesa

vote

1 answer

Sign envelope with X509 certificate in Python with same result as in Java

I got this Java code that I am executing from Python code as I am not able to sign a soap message the same way as Java do in Python. SOAP API says that the signature is not valid when I run my implementations in Python. I've tried zeep, signxml and…

java python soap x509 wss4j

asked Jan 23 '20 at 12:23

Marek

1,189
3
13
33

vote

1 answer

How can I enable RSA15 transport algorithm in WSS4J 2.2.3?

I'm upgrading a SOAP web service client to JDK 11 and WSS4J 2.2.3 (w/o CXF/Spring). The java code uses the 'stand-alone' approach to handle encryption and fails to decrypt the incoming response because it is encrypted using RSA15. The algorithm was…

java rsa wss4j

asked Jul 17 '19 at 18:49

user1867012

vote

1 answer

How to diagnose/fix Signature Digest Verification Failure on web service response?

I am using wss4jSecurityInterceptor for validation and securement actions on my webservice. The SOAP messages back and forth are secured with Signature, Encryption and Timestamp. The problem I am having is, the recipient is unable to verify my…

spring-boot spring-ws ws-security wss4j

asked Apr 11 '19 at 03:48

Kiv

vote

1 answer

Sign XML with WSS4J. No message with ID "noXMLSig"

I'm trying to sing SOAP message with Binary Security Token. In SoapUI everything works fine but I can't get the same result in Java. I'm using wss4j-2.2.2. SoapUI settings: What I'm trying to achieve:

java soap wss4j

asked Mar 24 '19 at 21:52

John

vote

1 answer

Wss4jSecurityInterceptor - My Custom Callback is interpreted as a CleanupCallback Object

I'm working in a project, made with Java 8 and Spring Boot, in which I want to add the Wss4jSecurityInterceptor for login purposes. So far, this is what I've done in the WebServiceConfig class @Bean public AuthorizationCallBackHandler…

java spring soap authentication wss4j

asked Feb 15 '19 at 11:21

Gianmarco F.

Prev 1 2 3

…

15 16 Next