Secure webservice on FUSE ESB
mpalvankar Mar 23, 2014 10:14 PMI am trying a secured web service with X.509 security with Apache CXF.
I have WSDL with WS-SecurityPolicy statements. I have created key pairs for the client and the web service provider.
I have configured the service to decrypt and verify the signature of the SOAP request, and encrypt and sign the SOAP response.
<cxf:cxfEndpoint id="secureServiceConsumer"
address="http://localhost:8092/cxf/doubleit"
serviceName="c:DoubleItService"
serviceClass="org.example.contract.doubleit.DoubleItPortType"
xmlns:c="http://www.example.org/contract/DoubleIt">
<jaxws:endpoint
id="doubleit"
implementor="com.secureservice.demo.DoubleItPortTypeImpl"
address="http://localhost:8092/cxf/doubleit"
serviceName="c:DoubleItService"
xmlns:c="http://www.example.org/contract/DoubleIt"
>
<jaxws:properties>
<entry key="ws-security.callback-handler">
<ref bean="myPasswordCallback"/>
</entry>
<entry key="ws-security.encryption.properties" value="META-INF/serviceKeystore.properties"/>
<entry key="ws-security.signature.properties" value="META-INF/serviceKeystore.properties"/>
<entry key="ws-security.encryption.username" value="useReqSigCert"/>
</jaxws:properties>
</jaxws:endpoint>
</cxf:cxfEndpoint>
I have configured the SOAP client to encrypt and sign the SOAP request, and decrypt and verify the signature of the SOAP response.
<jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItPort" createdFromAPI="true">
<jaxws:properties>
<entry key="ws-security.callback-handler" value="secureservice.client.ClientKeystorePasswordCallback"/>
<entry key="ws-security.encryption.properties" value="clientKeystore.properties"/>
<entry key="ws-security.signature.properties" value="clientKeystore.properties"/>
<entry key="ws-security.encryption.username" value="myservicekey"/>
</jaxws:properties>
</jaxws:client>
I am getting below exception on invoking the webservice.
Caused by: org.apache.cxf.binding.soap.SoapFault: MustUnderstand headers: [{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security] are not understood.