org.apache.cxf.ws.policy.PolicyException: Cannot encrypt data
This is my sample WS-Security project.
===== IHelloWorld Interface
@WebService ( targetNamespace = "http://www.aaa.com/jbossws/ws-extensions/wssecurity" )
@PolicySets({"WS-Addressing","WS-SP-EX223_WSS11_Anonymous_X509_Sign_Encrypt"})
public interface IHelloWorld {
@WebMethod
@WebResult
public String sayHello(@WebParam String name);
}
===== CallbackHandler class
public class KeystorePasswordCallback implements CallbackHandler {
private Map<String, String> passwords = new HashMap<String, String>();
public KeystorePasswordCallback() { passwords.put("joseph", "password"); // adding only one user and password
}
@Override
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
// TODO Auto-generated method stub
for (int i = 0; i < callbacks.length; i++) {
WSPasswordCallback pc = (WSPasswordCallback)callbacks[i];
String pass = passwords.get(pc.getIdentifier());
if (pass != null) {
pc.setPassword(pass);
return;
}
}
}
public void setAliasPassword(String alias, String password) {
passwords.put(alias, password);
}
}
====== joseph.properties file
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=password
org.apache.ws.security.crypto.merlin.keystore.alias=joseph
org.apache.ws.security.crypto.merlin.keystore.file=META-INF/joseph.jks
====== client
public class WSSClient {
private final String serviceURL="http://localhost:8080/WSSHelloWorld/HelloWorld";
private IHelloWorld proxy;
public WSSClient() throws IOException {
QName serviceName = new QName("http://www.aaa.com/jbossws/ws-extensions/wssecurity", "HelloWorldService");
URL wsdlURL = new URL(serviceURL + "?wsdl");
Service service = Service.create(wsdlURL, serviceName);
proxy = (IHelloWorld)service.getPort(IHelloWorld.class);
((BindingProvider)proxy).getRequestContext().put(SecurityConstants.CALLBACK_HANDLER, new KeystorePasswordCallback());
((BindingProvider)proxy).getRequestContext().put(SecurityConstants.SIGNATURE_PROPERTIES, Thread.currentThread().getContextClassLoader().getResource("META-INF/joseph.properties"));
((BindingProvider)proxy).getRequestContext().put(SecurityConstants.ENCRYPT_PROPERTIES, Thread.currentThread().getContextClassLoader().getResource("META-INF/joseph.properties"));
((BindingProvider)proxy).getRequestContext().put(SecurityConstants.SIGNATURE_USERNAME, "joseph"); // same signature_username
((BindingProvider)proxy).getRequestContext().put(SecurityConstants.ENCRYPT_USERNAME, "joseph"); // same encrypt_username
}
public String callMethd(String name) {
return proxy.sayHello(name); // this method throws exception
}
joseph.jks file is generated with java keytool command like below,
> keytool –genkey –alias joseph –keystore joseph.jks –keyalg RSA –validity 180
Web Service deployment is ok, but client proxy.sayHello throws following exception.
Caused by: org.apache.cxf.ws.policy.PolicyException: Cannot encrypt data
at org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.policyNotAsserted(AbstractBindingBuilder.java:294)
at org.apache.cxf.ws.security.wss4j.policyhandlers.SymmetricBindingHandler.doEncryptionDerived(SymmetricBindingHandler.java:497)
at org.apache.cxf.ws.security.wss4j.policyhandlers.SymmetricBindingHandler.doEncryption
In WS-Security - JBoss Web Services - Project Documentation Editor document, both signature and encryption jks files are used. Each server and client side has its username and password.
I have no idea how to generate signature and encryption jks files and username.
Pls, inform me how fix this exception.
I need your advice, Thanks in advance.
Best regards.