do the messages going over the wire actually contain the wsse:Security element, together with all the wsse info?
Do you have the ws-security policy in the consumed wsdl contract?
1 of 1 people found this helpful
I was able to get a successful client set up after going through some pains to try to do things the "modern" way with a wsPolicy portion in the wsdl.
In the end, since my service is a product of JbossWS-Native running on a JBoss 4.2.3 server I had to programmatically set up the out and in interceptors for WSS4J.
something like the following is what I needed eventually. In my situation, the part that I lost the most time on was what is in bold below. The service pretty much only wanted to get things with direct-reference (by default) However given that I was using JBossWS (CXF) the default seemed to be the X509Data/X509IssuerSerial version.
//configure the outInterceptor to use the keys and to use DirectReference since that
//is the key id format the server expects.
WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(outProps);
outProps.put(WSHandlerConstants.ACTION, WSHandlerConstants.SIGNATURE +" "+ WSHandlerConstants.ENCRYPT );
//create the InInterceptor to apply the security on the returned messages
WSS4JInInterceptor wssIn = new WSS4JInInterceptor(inProps);
inProps.put(WSHandlerConstants.ACTION, WSHandlerConstants.SIGNATURE +" "+ WSHandlerConstants.ENCRYPT );
The following doc gives a pretty good start on getting things going. http://community.jboss.org/wiki/JBossWS-StackCXFUserGuide
As another side note, making sure you have enabled the WS module extention on the AS7 server and ensuring it is referenced in your MANIFEST.MF file are also critical steps to getting everything working correctly.
Thanks for having shared the result of you work to the community.
Yes, generally speaking you scenario tells us that when having to call a ws-security endpoint built on top on jbossws-native (hence having no ws-security policy in the published contract), it might be quicker to manually configure the Apache CXF WS-Security interceptors to map the "basic" security config on server side.
The need for setting " outProps.put(WSHandlerConstants.SIG_KEY_ID, "DirectReference");" comes from the native stack preferring direct references to security tokens in the messages. It should actually be able to deal with issuer serial references too on receiver side, however there might be a bug in that, we need to investigate.
As per the AS7 hints, for the logs also consider https://docs.jboss.org/author/display/JBWS/JBoss+Modules