1 Reply Latest reply on Mar 22, 2013 4:29 AM by stephen b

    JBossWS and WS-Security Client dependency issues using Maven

    stephen b Newbie

      Hi,

       

      I am currently trying to integrate Web service security to my web service following instructions from here https://docs.jboss.org/author/display/JBWS/WS-Security

       

      The tutorial specified that I can create a client using code below. The tutorial did not explain which jar dependencies I have to use for this to work. I managed to build my project using Eclipse and added Apache CXF 2.4.6 library as project build dependecies (pointing to directory of jboss-cxf-bin-dist) and it works fine - client and server encrypts and decrypts the request/response.

       

      QName serviceName = new QName("http://www.jboss.org/jbossws/ws-extensions/wssecuritypolicy", "SecurityService");

      URL wsdlURL = new URL(serviceURL + "?wsdl");

      Service service = Service.create(wsdlURL, serviceName);

      ServiceIface proxy = (ServiceIface)service.getPort(ServiceIface.class);

       

      ((BindingProvider)proxy).getRequestContext().put(SecurityConstants.CALLBACK_HANDLER, new KeystorePasswordCallback());

      ((BindingProvider)proxy).getRequestContext().put(SecurityConstants.SIGNATURE_PROPERTIES,

           Thread.currentThread().getContextClassLoader().getResource("META-INF/alice.properties"));

      ((BindingProvider)proxy).getRequestContext().put(SecurityConstants.ENCRYPT_PROPERTIES,

           Thread.currentThread().getContextClassLoader().getResource("META-INF/alice.properties"));

      ((BindingProvider)proxy).getRequestContext().put(SecurityConstants.SIGNATURE_USERNAME, "alice");

      ((BindingProvider)proxy).getRequestContext().put(SecurityConstants.ENCRYPT_USERNAME, "bob");

       

      proxy.sayHello();

       

      But when I use maven to build and run the test, client is not encrypting the SOAP message. I can't find any documentation which specifies the correct maven jar dependencies I have to add so that client side is able to encrypt the message. Based on logs and response from server it looks like the client did not send an encrypted SOAP message and service is throwing an Policy violation error to the client.

      I tried to fix the issue by adding jboss-cxf-client as dependency but still the same issue. I also tried dependency mentioned here http://cxf.apache.org/docs/using-cxf-with-maven.html but this is causing issues on my application due to some legacy Jar which uses JAXB 1.0, CXF seems to be using JAXB 2.0.

       

      My question is, what dependencies should I include to my POM file? Is there a JBoss CXF Maven artifact i have to explicitly add similar to the jars included in jboss-cxf-bin-dist? The jars in this distribution surprisingly does not conflict with our legacy jars.

       

      Thanks,

      Stephen