Announcement Announcement Module
Collapse
No announcement yet.
wss4j encrypt/decrypt problem Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • wss4j encrypt/decrypt problem

    I have deployed 2 web apps, one representing web service and other representing ws client. When using SIGNING and TIMESTAMP-ing, everything works fine, client stamps message(but i think that he doesn't override the default 300s ttl), signs the message with his x509 cert, and sends it to ws. He, in the other hand, recives message and is able to valiadate timestamp and certificate/signature against clients trusted cert in his keystore.
    Problem arises when i add Encrypt operation to my configuration. Client seems to be able to encrypt the message, but ws seems not to be intrested in decrypting the message. He just sees that there is no endpoint mapping for
    [SaajSoapMessage {http://www.w3.org/2001/04/xmlenc#}EncryptedData] and throws WebServiceTransportException: Not Found [404] exception.

    SO can someone explain what I need to do in order to achieve timestamping,signing with x509 and encryption, again with x509?

    part of server app-context:
    PHP Code:
    ...
    <
    bean id="wss4jSecurityInterceptor" class="org.springframework.ws.soap.security.wss4j.Wss4jSecurityInterceptor">
        <
    property name="validationActions" value="Timestamp Signature Encrypt"/>
        <
    property name="enableSignatureConfirmation" value="true"/>
        <
    property name="validationSignatureCrypto">
            <
    ref bean="keystore"/>
        </
    property>
        <
    property name="validationDecryptionCrypto">
                <
    ref bean="keystore"/>
        </
    property>
        <
    property name="validationCallbackHandler">
            <
    bean class="org.springframework.ws.soap.security.wss4j.callback.KeyStoreCallbackHandler">
                <
    property name="privateKeyPassword" value="nikola"/>
            </
    bean>
        </
    property>
        
        <
    property name="timestampStrict" value="true"/>
        <
    property name="timeToLive" value="30"/>
        <
    property name="timestampPrecisionInMilliseconds" value="true"/>
        
        <
    property name="securementActions" value="Timestamp Signature Encrypt"/>
        <
    property name="securementUsername" value="wsserver"/>
        <
    property name="securementPassword" value="nikola"/>
        <
    property name="securementSignatureKeyIdentifier" value="DirectReference"/>
        
        <
    property name="securementSignatureCrypto">
            <
    ref bean="keystore"/>
        </
    property>
        <
    property name="securementEncryptionUser" value="wsclient"/>
        <
    property name="securementEncryptionCrypto">
            <
    ref bean="keystore"/>
        </
    property>
    </
    bean>

    <
    bean id="keystore" class="org.springframework.ws.soap.security.wss4j.support.CryptoFactoryBean">
          <
    property name="keyStorePassword" value="nikola"/>
          <
    property name="keyStoreLocation" value="WEB-INF/MyTruststore.jks"/>
    </
    bean

    <
    sws:interceptors>
    <
    ref bean="wss4jSecurityInterceptor"/>
    <
    bean id="validatingInterceptor"
          
    class="org.springframework.ws.soap.server.endpoint.interceptor.PayloadValidatingInterceptor">
        <
    property name="schema" value="/WEB-INF/person.xsd"/>
        <
    property name="validateRequest" value="true"/>
        <
    property name="validateResponse" value="true"/>
    </
    bean>
    <
    bean id ="loggingInterceptor" class="org.springframework.ws.server.endpoint.interceptor.PayloadLoggingInterceptor">
    </
    bean>
    </
    sws:interceptors>
    ... 
    part of client app-context:
    PHP Code:
    ...
    <
    bean id="webServiceTemplate" class="org.springframework.ws.client.core.WebServiceTemplate"
            
    p:marshaller-ref="jaxbMarshaller"
            
    p:unmarshaller-ref="jaxbMarshaller"
            
    p:defaultUri="http://localhost:15555/person/services"
            
    p:messageSender-ref="messageSender">
            <
    constructor-arg ref="messageFactory"/>
              <
    property name="interceptors">
                       <list>
                    <
    ref local="wss4jSecurityInterceptor"/>
                    </list>
              </
    property
        </
    bean>

    <
    bean id="messageSender" class="org.springframework.ws.transport.http.CommonsHttpMessageSender"/>
    <
    bean id="messageFactory" class="org.springframework.ws.soap.saaj.SaajSoapMessageFactory"/>

    <
    bean id="wss4jSecurityInterceptor" class="org.springframework.ws.soap.security.wss4j.Wss4jSecurityInterceptor">
     
        <
    property name="validationActions" value="Timestamp Signature Encrypt"/>
        <
    property name="enableSignatureConfirmation" value="true"/>
        <
    property name="validationSignatureCrypto">
            <
    ref bean="keystore"/>
        </
    property>
        <
    property name="validationDecryptionCrypto">
            <
    ref bean="keystore"/>
        </
    property>
        <
    property name="validationCallbackHandler">
            <
    bean class="org.springframework.ws.soap.security.wss4j.callback.KeyStoreCallbackHandler">
                <
    property name="privateKeyPassword" value="nikola"/>
            </
    bean>
        </
    property>
        
        <
    property name="timestampStrict" value="true"/>
        <
    property name="timeToLive" value="30"/>
        <
    property name="timestampPrecisionInMilliseconds" value="true"/>
       
        <
    property name="securementActions" value="Timestamp Signature Encrypt"/>
        <
    property name="securementSignatureKeyIdentifier" value="DirectReference"/>

        <
    property name="securementUsername" value="wsclient"/>
        <
    property name="securementPassword" value="nikola"/>
        
        <
    property name="securementSignatureCrypto">
            <
    ref bean="keystore"/>
        </
    property>
        
        <
    property name="securementEncryptionUser" value="wsserver"/>
        <
    property name="securementEncryptionCrypto">
            <
    ref bean="keystore"/>
        </
    property>
    </
    bean>

    <
    bean id="keystore" class="org.springframework.ws.soap.security.wss4j.support.CryptoFactoryBean">
          <
    property name="keyStorePassword" value="nikola"/>
          <
    property name="keyStoreLocation" value="WEB-INF/Keystore.jks"/>
    </
    bean>
    ... 
    logging says:
    DEBUG [org.springframework.ws.server.MessageTracing.recei ved] - Received request [SaajSoapMessage {http://www.w3.org/2001/04/xmlenc#}EncryptedData]

    DEBUG [org.springframework.ws.server.endpoint.mapping.Pay loadRootAnnotationMethodEndpointMapping] - Looking up endpoint for [{http://www.w3.org/2001/04/xmlenc#}EncryptedData]

    DEBUG [org.springframework.ws.soap.server.SoapMessageDisp atcher] - Endpoint mapping [org.springframework.ws.server.endpoint.mapping.Pay loadRootAnnotationMethodEndpointMapping@30a14083] has no mapping for request
    ...
    No endpoint mapping found for [SaajSoapMessage {http://www.w3.org/2001/04/xmlenc#}EncryptedData]
    org.springframework.ws.client.WebServiceTransportE xception: Not Found [404]
    ...

  • #2
    Well... continuing my own thread
    I solved the problem, well, kinda.

    Main thing was that I was using @PayloadRoot annotation, but my payloadRoot never was anything that my app could map to an endpoint...it was just EncryptedData.

    When I changed annotation to @SoapAction, and added WebServiceMessageCallback() interface to client's marshalSendAndReceive(), web service figured that he had no mapping for EncryptedData payload, so he looked for mapping with SoapActionAnnotationMethodEndpointMapping, and found one.

    Than, and only than, when the server had found mapping for request, he decrypted SOAP body...and found out that PayloadRoot was there

    Comment

    Working...
    X