It`s my first project with CXF and Web Services,using Tomcat as a servlet container and my first question in StackOverflow too,so be patient with me....;-)
I'm using :
- Tomcat 9 (standalone and integrated with Eclipse).
- CXF (3.2.0)
- JDK 1.8
- Windows 7
**The problem:**WS-SecurityPolicy not enabled/ not working in the server side.
WS-SecurityPolicy is implemented in the wsdl file of the web service and the policy seems working fine,because in the client side the SOAP output message body is signed.
The problem I'm stuck is in the server side,none of the policies are applied in response.
The first issue I had was with the SOAP header "must understand=1",the server does not recognize the security headers and throws an exception.
My suspect was that the web service is not applying the policy,then to avoid the exception of the header I put a handler that does nothing whith it.
Now the server response the SOAP message but in clear form (unsigned, without the BinarySecurityTolen and other stuff),my suspect was true,the policy is not working.
I think the porblem is a misconfiguration of CXF files...
The cxf bean configuration of the web service is loaded during Tomcat's startup.
INFO: Creating Service {http://ole/wsTransaccion}WsTransaccionService from WSDL: wsdl/wsTransaccion.wsdl
....
....
INFO: Loading XML bean definitions from ServletContext resource [/WEB-INF/cxf-wsTransaccion.xml]
The cxf-wsTransaccion.xml file contains:
http://www.springframework.org/schema/beans/spring-beans-2.5.xsd http://cxf.apache.org/bindings/soap http://cxf.apache.org/schemas/configuration/soap.xsd http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd">
<bean id="myPasswordCallback"
class="implementacion.ServerKeystorePasswordCallback" />
<jaxws:endpoint xmlns:tns="http://ole/wsTransaccion" id="wsTransaccion"
implementor="implementacion.WsTransaccionImpl"
wsdlLocation="wsdl/wsTransaccion,wsdl" endpointName="tns:WsTransaccionPort"
serviceName="tns:WsTransaccionService" address="/WsTransaccionPort">
<jaxws:features>
<bean class="org.apache.cxf.feature.LoggingFeature" />
</jaxws:features>
<jaxws:properties>
<entry key="security.callback-handler">
<ref bean="myPasswordCallback"/>
</entry>
<entry key="security.encryption.properties" value="keystore.properties"/>
<entry key="security.signature.properties" value="keystore.properties"/>
<entry key="ws-security.encryption.username" value="useReqSigCert"/>
</jaxws:properties>
</jaxws:endpoint>
I think the problem coluld be in the location of the file keystore.properties, although no exception is thrown (like a java.io.FileNotFoundException) if not exists..
All examples I saw were Maven's projects ,but this is NOT A MAVEN project so I haven't the folder "resources" where properties files and keystore are placed.
I don't know the right place of keystore.properties, i think must be in the classpath ,then i put it in a package named resources with the keystore together.
The content of keystore.properties:
>org.apache.wss4j.crypto.provider=org.apache.ws.security.components.crypto.Merlin
>org.apache.wss4j.crypto.merlin.keystore.file=server.p12
>org.apache.wss4j.crypto.merlin.keystore.type=PKCS12
>org.apache.wss4j.crypto.merlin.keystore.alias=server
>org.apache.wss4j.crypto.merlin.keystore.password=xxxxxx<br/>
Other possibility is that org.apache.wss4j.crypto.merlin.keystore.file=server.p12 is not in the right place too, although is in the same place like keystore.properties
Any suggestion would be very appreciated. Thanks very much!!!.
