[
https://issues.apache.org/jira/browse/CXF-4823?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sergey updated CXF-4823:
------------------------
Description:
We have a CXF web service secured with WS-Security. The problem is that Axis2
client which uses Rampart module cannot handle response generated by CXF.
Rampart expects that xenc:EncryptedKey goes first, and ds:Signature is next.
CXF puts elements in the opposite order. The workaround is
to re-order actions in Axis2 config file:
{code:xml}
<parameter name="InflowSecurity">
<action>
<!-- Signature Encrypt Timestamp makes the Axis2 client to throw
"Actions mismatch" exception !-->
<items>Encrypt Signature Timestamp</items>
</action>
</parameter>
{code}
The question is: how to make CXF to change the order of signature and encrypted
key elements in security header of the SOAP response to make it compatible with
Axis2 clients? Since the order of action is the same in both Axis and CXF
configuration files *Signature Encrypt Timestamp*, then it should work out of
the box, shouldn't it ?
Response sample:
{code:xml}
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";>
<soap:Header>
<wsse:Security
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
soap:mustUnderstand="1">
<wsu:Timestamp wsu:Id="TS-6">
<wsu:Created>2013-02-10T20:22:51.879Z</wsu:Created>
<wsu:Expires>2013-02-10T20:27:51.879Z</wsu:Expires>
</wsu:Timestamp>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";
Id="SIG-8">
<ds:SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; />
<ds:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"; />
<ds:Reference URI="#id-7">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";
/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";
/>
<ds:DigestValue>
otiRAVkSs777jSOZqqwBJlFILJo=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#TS-6">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";
/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";
/>
<ds:DigestValue>
wAJxVtTNvbPX6aHqrrX7/SOPplQ=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
Dy/OVbJOTr1lfqzbZCGxUlanJ0YKVmnyDV9F3Z1aJtB093rXffnKX35o4CxfWqVY/k1COF1TG6mfDZ6nbd1PqM6Vlbk8hBL5iSUFZAKe6RgilD9nYZmWPl2KaLAVrHS66jdmczWGWUh/15YTWB1s8cyNbBSVrwcyKx9FlOgI3pY=</ds:SignatureValue>
<ds:KeyInfo Id="KI-6029833839643E518513605277718807">
<wsse:SecurityTokenReference
wsu:Id="STR-6029833839643E518513605277718808">
<wsse:KeyIdentifier
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary";
ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1";>
4ZQm/eQOxdcAHohj09+Uk4ex3Lw=</wsse:KeyIdentifier>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
<xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";
Id="EK-6029833839643E518513605277718755">
<xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"; />
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<wsse:SecurityTokenReference>
<wsse:KeyIdentifier
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary";
ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1";>
mxCXzekKZqaJcrE3UmHFGOswTnI=</wsse:KeyIdentifier>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>
SQWm0I/90/iJUEDAts1jBPC4/W67aDTwrWGzZn1sYYRKyiFx/SxaGj3rtO3Nx8548I0e0ymfGN78ukjcytsUZHoABSNPmJb773Ou4r1l/S7oPqrGCW87A3OpFj3ri62u+iVP3c0u58tnjdIyKXqyeuZTpjtRETlTviH7O4YyInk=</xenc:CipherValue>
</xenc:CipherData>
<xenc:ReferenceList>
<xenc:DataReference URI="#ED-5" />
</xenc:ReferenceList>
</xenc:EncryptedKey>
</wsse:Security>
<Action xmlns="http://www.w3.org/2005/08/addressing";>
http://service.resadapter.myidtravel.lhsystems.com/RESAdapterServicePortType/getAvailabilityResponse</Action>
<MessageID xmlns="http://www.w3.org/2005/08/addressing";>
urn:uuid:f8f2570d-cd35-404a-b413-e5322ca92d01</MessageID>
<To xmlns="http://www.w3.org/2005/08/addressing";>
http://www.w3.org/2005/08/addressing/anonymous</To>
<RelatesTo xmlns="http://www.w3.org/2005/08/addressing";>
urn:uuid:65935AD1BEED993E3D1360527858578</RelatesTo>
</soap:Header>
<soap:Body
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
wsu:Id="id-7">
<xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";
Id="ED-5" Type="http://www.w3.org/2001/04/xmlenc#Content";>
<xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"; />
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<wsse:SecurityTokenReference
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd";
wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey";>
<wsse:Reference URI="#EK-6029833839643E518513605277718755" />
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>
hk6afclqW40YD/Lt91WdResuoUwzUwB9HYmcmmnMS2O3TdqOm7UC09l4h5Y2BCYoqM6+eBw8C1aS3Pg8TCYVksfVDRUW8Oai5VT+Hk7ihs/ABE2xZBeo2h50Nnx1EGVhizJfm2Be37yyJFz4i0MhI51Lto2LZvRppChyywe9GBdmxyC3+X+lM5cgSBRWPPi11KYgdNhcy6+FHaij5ZW4TjIlbg98gNGaGq8/5tR2H0luYadEq02bzMj0Qqjqxze7ixND9n750+BM89amhsnOXWCAbN9DXBjvA57qJSqmDRyyejUgj6srHV2n7VRMof75JpcmIdB0kfKMRPGXq0Jcd6LZIjjeG8+nit7HoJBRPk7VN3BO2A+5VZEjPW4Csb+4+KSx5+cmquIX+dxJvJ6M86iglkUVb+M+syekJffOVwOgFlZcZx54JL9O2VJIzsongff3KtYBg6Hxfhsx80ZfwTtH/6T8pf68rWF3MG6xSbP+cv6UjTegjQ/j84b7D2Gga5Vv5y+9c9PYlgpUIFX91Bx1RzmR+gkgEZ5EVG8OfhIlM6DGFyayXhSi0en4vpuRYu9qhOJKIgEjA7egc2G6rH81RQhObp4p9m1mlJrBakiUzxzayMsYXbzPduXTXdU7q2gEo/ZzjABnD9VVUY5oyMIGclnNDCNOtrVnnKm3zsM2xYlMhjIxUdTSFGHJmZXbGeApkZUef/b69hXvy3d0d6MP0L5zQatECj8NoOdIx5oJo26jsJId0wpPshkEAx+sgOu7Dnt+6sTnKg4zYQIKm4951d0nz9qP1bp3iWaRuid4oiZXfjBioqMom1teORmm1tEldTBen8Qa1p65y6sutb0D9B3E/j6ovHuaMs2J76+eU5q82N8fjkIPakvElVMBlvHIrgnyiburB9iCRjaI9SBcPbIlS1N6HExcdJSoB4o+glQb54o0KwV57919HvaZKii7tiIpDBMBPV7q3dyi5iXc0xYc7dFifwlxOyboH0ZlMBv2jmzo+sMZB7sN9BwAkJzRWKu9Bj44vZAqBSWL3dLIyKWSzDFchOV7xu8BBREr2sJKk2v0eFlIFwO8rfAowpgt0JLex0txXqIRx8gMq94lrAjquv4ADu91ImckDI8x7bURCax3O1YYA0un/oM5xH+kCuBk6dJNj+mUGOtM7qaJJEqGNpfMIIhoOCnc2BVP8WIt7CMVHM71DxOCWBZkQPFH+HlNs8MilXxWUFEjOFF5Fao8Cx62erSK3JBauiCdeMzVVyX8Xewwhg4pklYS/6fEpvovxgAt6DijH5cWfUDcwJIUMwY0JAMzC7uDB6kjTgYyphtcxHnS01xZISJeLqpPn8XOoQW1V2eUpcrITFHFgXd+85uCnP+vfVS9Z0Uv/ZNmYDqOnm837Y7VRNb9NIlUlgb6HNFVUThhqm6w0QzYMT3Vc304sc4LrvL/kfrLtqVzQwAT8zoikyOEj3kUOUdehJNWu4/yvyxZsyeQn436m/bPiZcYxQaN596VGRTOk8sYL5wDP7hWolBijswT9MFLb/lyK6fUinFc84pgq7gt8u7MoPWl4fxtzoMgyBvr85Rgtoyqopb0h+1XGcXd6rdC2JkEr3fCeM6M7CBAO/VycaLzDOkLW7TWlWEZDN/bQRGaV6QphY1l7qN3IpS8g1tnPSvbW0ots8OtLgyjIDidb6kPRKIzT16q8cTUuUZT8cO3NXMaIOwfbEKPN928pkQF8V15Bma2KBdMCWN5jHmLmLJZGWhXVi/flgo86Eoy8GpCJmr5IowrDfYOZZZbsw6m4bdTUsksDLpdXczlsY+8m6N1kQNwxXOJHbnbEb/e/qHAXmjgJ+fDVRjBd3MrJEZkcOf+bKP7NGjbY8AQzUgpZ/RdOfJ19WlwpvfPPG9f3UbifcUBliDTHFD2igeal3IUBVgYaGzmsw1fzT+G5nip64MadaVAF33TTMqFgQ3Pm/U+f/f0jKnJ9DnV4eH/k9XQyyvpbm58wHwBauI99vqWmce9gRkOwSc4X8eURM9I4ajCwod7iUUugbXvUegh9VckQncZPromBwL3R55RCPfj7XcbfjhSIrPbSbM+/TgP+0yTnwdJogm6F26IlfoPbbxWBhjgaGOW8P42ytJupbnVZUzChaC1Xip6UHDaYdy6WOsoasbp2LExY+LTmOrt/m1dy18z2DkO4nmlGBB8+KjjFh+7bD71a0shOoXImmW3paIudcDLMyhjUp0VfwXPUwiQnmgBLqj0FEF3yvul5ptJvzq6ZYWJ293IOVZFbxKmhyJVYctl2EmfaPtEYUMak3QIntWYr6PT5FRj2YBqiuhqsqOwA7CGSetbJ+9ArRd8JKZS5KEmsPlVloESzD7kwCjfkto+l+rb/dkDa5Bjk3X29dQC/U9vyxb5YZ8zxAYNii67e+LhfpxoCkFi22WXjFPsmRctFwpIVuTgObObRAqAcwNwk5QGrb9hNdCQZZ8RyVBx3T1m6k+5ZdRUkv9Vo/gdrh5WQa5oONa0J7e5jO/Ursim1/z86xbs0Wupu/90XHRuAtmxBBbvCv6ja2DquhvUFldhPueW+B1Ltr11OlZZ9jrGwmfGlwr5Z83v/PK9+nOvai9ibbOAe9j02uZBurigBPMRo0lBtcqu2Pj90WlR00HHZ8gPuxhL5siPr9f5aPWaVoPJtbACA+ukQveq5094B59Ez2vEFf3fZySHqgqMXtP+E19chT32mkF/ggq9I84jKurvDlmRRlFt/D/UAqVpON3W/0+CI7CeJ2/70IWgvdPghCuu70/sGXnXLX7EpdAnzDSwuCdt1KU5ZXvWKyWH86pizkRXNx3drSsLYVz1zbA5Y189aE4TvbYVvvxfxfe1CehLsJxzOmtmgu5fOUEEAyv6386PNPOBapsOW0Py46xpzAF9C9oqG4T+FHukaJGnMhk/oLMwIpruWfJt5qV2ydhCgQcWDf/biTQUUomK6mo+Bs/KuShUo+z0Ki4YbdjtQtYhNeqJqFYMKUSmBVqf+Pm5e63SuxXUBNqAaJtF9k4ZeolYoTfIILuNBytuuk6a5BGNhJ3gl+AKQBxFs8tjiharbLC0ckoECSheAPdb2OT7aCP5dxQfP5ovgRNQXIWlQJj7gxXQQjzIS3BcbaLegbi3VIt569bUiLT0wMnLgseBGmW9W+ue8pGEq/hqejgaaHn44qW7eNNwWojhSSjPq3FBQb0L3OedyYPom/w/F62fFTpe1WxTr3xMFOMp0JtXnAMx+tJvW1pI04wqXaIzV8AdBBGMvqTtJZ0pVgtxI3bBcIZP9ymIIIQ/odC96cZbM9ywVNknJHtptH0VUq2r0iWM62BHrSDYHJd+6rBwRQf9/LOk/JkVEPfggKkYkVPGMix3DB3ZvNUGxjbuZO/ReT+1XktijvOJX5sCcGn/pFIWKIxepiB5dtZ5AJeNqrbnc8asHb+bh5rPn/RkUCTcyEFCKGjgqpX5df9h+To0f5mkaTZP84g2dKDG+O08PojTdXr+QOHug5yPlC1cABbpkpnUbqnpJAh+lWl48GugnoIZZTbTISeGOFPNy4wdRKWaoFNITTnuST+X8HLGsybQPHhB0PaCDz8VKxq2gQw3rgNND78I6aLdNfaV9hZnOZuCX2qDNH34zXl4zCZd09r77mFQyCLO7lgQlTUT+tt+8+VAe6yTje34xX7W3jreDoVjVeL/+rzJmS6geg0RCYjE5I8OScYbx3vDyy8ONP+w0TByhOqb8LHEqfHSjUki3rQ9/2KZHJhHt7ZZ7bMCVJdzlEZOh/SF8auL83FKLkMxv9kdH9b8noZMtZzu1U7Q8j77J6kRx3wfJI3PCPzI7OOy7TN0w+/uqEwQSQ/LEqwdkBZKL9R68ngCKjxeIOEctqI0wc1fc/IwQ6iTZujYwdZNmMbiDKxM9gbklUOL4+iLrpmAOiaTXamAkrN7Xh29XGMvxtv7uC2derda0LszlGejRJISAqX1vkPclLU1q5UEUB6CrF0ilPQ7fkuJVaL920ooOW2LZoXBvUJ1Kl1OvqoRbbfiZIWzNZXTujRcwOOo9mxbWt5YBiLZN84tBWySeDuSqeNX4dXOs2rFz7IVBgLQH//64hSCG4GIBs00RElF8Fg/FqLg8wEowJA1OpZn49/j3Y9ZeNjGsBboRd7ZsOZjIY9w9Tn2wxpP3rXWMaKgUQkYU03cHdiSefQO4qGgpbQq8CQrBMQY1ZahEVPVPP33BST8XgDB9wQh5E7r8BqeDTMSpYmaObCnv3xRQzvZ6SBtWtkco/XbkEPNgMleFu0e3Lte/PmsstvNABfGbA==</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</soap:Body>
</soap:Envelope>
{code}
Rampart configuration :
{code:xml}
<parameter name="InflowSecurity">
<action>
<items>Signature Encrypt Timestamp</items>
</action>
</parameter>
{code}
CXF configuration:
{code:xml}
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xmlns:jaxws="http://cxf.apache.org/jaxws";
xmlns:wsa="http://cxf.apache.org/ws/addressing";
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://cxf.apache.org/jaxws
http://cxf.apache.org/schemas/jaxws.xsd
http://cxf.apache.org/ws/addressing
http://cxf.apache.org/schemas/ws-addr-conf.xsd";>
<import resource="classpath:META-INF/cxf/cxf.xml" />
<import resource="classpath:META-INF/cxf/cxf-extension-*.xml" />
<import resource="classpath:META-INF/cxf/cxf-servlet.xml" />
<!-- Spring manage ServiceBean -->
<bean id="RESAdapterService"
class="net.worldticket.edi.protocol.ota.RESAdapterService" />
<!--
Log4j is set to be used in META-INF\cxf\org.apache.cxf.Logger
Make sure that log4j INFO level is set for the following interceptors or
for the package org.apache.cxf to make them work.
-->
<bean id="logInInterceptor"
class="org.apache.cxf.interceptor.LoggingInInterceptor"/>
<bean id="logOutInterceptor"
class="org.apache.cxf.interceptor.LoggingOutInterceptor"/>
<!--
WSS4JInInterceptor for decrypting and validating the signature of the
SOAP request.
-->
<bean
id="TimestampSignEncrypt_Request"
class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
<constructor-arg>
<map>
<entry key="action" value="Signature Encrypt Timestamp"/>
<entry key="signaturePropFile" value="interop.properties"/>
<entry key="decryptionPropFile" value="interop.properties"/>
<entry key="passwordCallbackClass"
value="net.worldticket.myIdTravel.PasswordCallback"/>
</map>
</constructor-arg>
</bean>
<!--
WSS4JOutInterceptor for encoding and signing the SOAP response.
-->
<bean
id="TimestampSignEncrypt_Response"
class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
<constructor-arg>
<map>
<entry key="action" value="Signature Encrypt Timestamp"/>
<entry key="user" value="useReqSigCert"/>
<entry key="signatureUser" value="bob"/>
<entry key="signaturePropFile" value="interop.properties"/>
<entry key="encryptionPropFile" value="interop.properties"/>
<entry key="passwordCallbackClass"
value="net.worldticket.myIdTravel.PasswordCallback"/>
<entry key="signatureParts"
value="{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body;{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp"/>
<entry key="encryptionParts"
value="{Content}{http://schemas.xmlsoap.org/soap/envelope/}Body"/>
<entry key="encryptionSymAlgorithm"
value="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
<entry key="encryptionKeyTransportAlgorithm"
value="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
<entry key="encryptionKeyIdentifier" value="Thumbprint"/>
<entry key="signatureKeyIdentifier" value="Thumbprint"/>
</map>
</constructor-arg>
</bean>
<!-- JAX-WS Service Endpoint -->
<jaxws:endpoint id="resadapter" implementor="#RESAdapterService"
address="/resadapter">
<jaxws:outInterceptors>
<ref bean="logOutInterceptor"/>
<ref bean="TimestampSignEncrypt_Response"/>
</jaxws:outInterceptors>
<jaxws:inInterceptors>
<ref bean="logInInterceptor"/>
<ref bean="TimestampSignEncrypt_Request"/>
</jaxws:inInterceptors>
<jaxws:features>
<wsa:addressing allowDuplicates="false"/>
</jaxws:features>
</jaxws:endpoint>
</beans>
{code}
was:
We have a CXF web service secured with WS-Security. The problem is that Axis2
client which uses Rampart module cannot handle response generated by CXF.
Rampart expects that xenc:EncryptedKey goes first, and ds:Signature is next.
CXF puts elements in the opposite order. The workaround is
to re-order actions in Axis2 config file:
{code:xml}
<parameter name="InflowSecurity">
<action>
<items>Encrypt Signature Timestamp</items>
</action>
</parameter>
{code}
The question is: how to make CXF to change the order of signature and encrypted
key elements in security header of the SOAP response to make it compatible with
Axis2 clients? Since the order of action is the same in both Axis and CXF
configuration files *Signature Encrypt Timestamp*, then it should work out of
the box, shouldn't it ?
Response sample:
{code:xml}
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";>
<soap:Header>
<wsse:Security
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
soap:mustUnderstand="1">
<wsu:Timestamp wsu:Id="TS-6">
<wsu:Created>2013-02-10T20:22:51.879Z</wsu:Created>
<wsu:Expires>2013-02-10T20:27:51.879Z</wsu:Expires>
</wsu:Timestamp>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";
Id="SIG-8">
<ds:SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; />
<ds:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"; />
<ds:Reference URI="#id-7">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";
/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";
/>
<ds:DigestValue>
otiRAVkSs777jSOZqqwBJlFILJo=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#TS-6">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";
/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";
/>
<ds:DigestValue>
wAJxVtTNvbPX6aHqrrX7/SOPplQ=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
Dy/OVbJOTr1lfqzbZCGxUlanJ0YKVmnyDV9F3Z1aJtB093rXffnKX35o4CxfWqVY/k1COF1TG6mfDZ6nbd1PqM6Vlbk8hBL5iSUFZAKe6RgilD9nYZmWPl2KaLAVrHS66jdmczWGWUh/15YTWB1s8cyNbBSVrwcyKx9FlOgI3pY=</ds:SignatureValue>
<ds:KeyInfo Id="KI-6029833839643E518513605277718807">
<wsse:SecurityTokenReference
wsu:Id="STR-6029833839643E518513605277718808">
<wsse:KeyIdentifier
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary";
ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1";>
4ZQm/eQOxdcAHohj09+Uk4ex3Lw=</wsse:KeyIdentifier>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
<xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";
Id="EK-6029833839643E518513605277718755">
<xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"; />
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<wsse:SecurityTokenReference>
<wsse:KeyIdentifier
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary";
ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1";>
mxCXzekKZqaJcrE3UmHFGOswTnI=</wsse:KeyIdentifier>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>
SQWm0I/90/iJUEDAts1jBPC4/W67aDTwrWGzZn1sYYRKyiFx/SxaGj3rtO3Nx8548I0e0ymfGN78ukjcytsUZHoABSNPmJb773Ou4r1l/S7oPqrGCW87A3OpFj3ri62u+iVP3c0u58tnjdIyKXqyeuZTpjtRETlTviH7O4YyInk=</xenc:CipherValue>
</xenc:CipherData>
<xenc:ReferenceList>
<xenc:DataReference URI="#ED-5" />
</xenc:ReferenceList>
</xenc:EncryptedKey>
</wsse:Security>
<Action xmlns="http://www.w3.org/2005/08/addressing";>
http://service.resadapter.myidtravel.lhsystems.com/RESAdapterServicePortType/getAvailabilityResponse</Action>
<MessageID xmlns="http://www.w3.org/2005/08/addressing";>
urn:uuid:f8f2570d-cd35-404a-b413-e5322ca92d01</MessageID>
<To xmlns="http://www.w3.org/2005/08/addressing";>
http://www.w3.org/2005/08/addressing/anonymous</To>
<RelatesTo xmlns="http://www.w3.org/2005/08/addressing";>
urn:uuid:65935AD1BEED993E3D1360527858578</RelatesTo>
</soap:Header>
<soap:Body
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
wsu:Id="id-7">
<xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";
Id="ED-5" Type="http://www.w3.org/2001/04/xmlenc#Content";>
<xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"; />
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<wsse:SecurityTokenReference
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd";
wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey";>
<wsse:Reference URI="#EK-6029833839643E518513605277718755" />
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>
hk6afclqW40YD/Lt91WdResuoUwzUwB9HYmcmmnMS2O3TdqOm7UC09l4h5Y2BCYoqM6+eBw8C1aS3Pg8TCYVksfVDRUW8Oai5VT+Hk7ihs/ABE2xZBeo2h50Nnx1EGVhizJfm2Be37yyJFz4i0MhI51Lto2LZvRppChyywe9GBdmxyC3+X+lM5cgSBRWPPi11KYgdNhcy6+FHaij5ZW4TjIlbg98gNGaGq8/5tR2H0luYadEq02bzMj0Qqjqxze7ixND9n750+BM89amhsnOXWCAbN9DXBjvA57qJSqmDRyyejUgj6srHV2n7VRMof75JpcmIdB0kfKMRPGXq0Jcd6LZIjjeG8+nit7HoJBRPk7VN3BO2A+5VZEjPW4Csb+4+KSx5+cmquIX+dxJvJ6M86iglkUVb+M+syekJffOVwOgFlZcZx54JL9O2VJIzsongff3KtYBg6Hxfhsx80ZfwTtH/6T8pf68rWF3MG6xSbP+cv6UjTegjQ/j84b7D2Gga5Vv5y+9c9PYlgpUIFX91Bx1RzmR+gkgEZ5EVG8OfhIlM6DGFyayXhSi0en4vpuRYu9qhOJKIgEjA7egc2G6rH81RQhObp4p9m1mlJrBakiUzxzayMsYXbzPduXTXdU7q2gEo/ZzjABnD9VVUY5oyMIGclnNDCNOtrVnnKm3zsM2xYlMhjIxUdTSFGHJmZXbGeApkZUef/b69hXvy3d0d6MP0L5zQatECj8NoOdIx5oJo26jsJId0wpPshkEAx+sgOu7Dnt+6sTnKg4zYQIKm4951d0nz9qP1bp3iWaRuid4oiZXfjBioqMom1teORmm1tEldTBen8Qa1p65y6sutb0D9B3E/j6ovHuaMs2J76+eU5q82N8fjkIPakvElVMBlvHIrgnyiburB9iCRjaI9SBcPbIlS1N6HExcdJSoB4o+glQb54o0KwV57919HvaZKii7tiIpDBMBPV7q3dyi5iXc0xYc7dFifwlxOyboH0ZlMBv2jmzo+sMZB7sN9BwAkJzRWKu9Bj44vZAqBSWL3dLIyKWSzDFchOV7xu8BBREr2sJKk2v0eFlIFwO8rfAowpgt0JLex0txXqIRx8gMq94lrAjquv4ADu91ImckDI8x7bURCax3O1YYA0un/oM5xH+kCuBk6dJNj+mUGOtM7qaJJEqGNpfMIIhoOCnc2BVP8WIt7CMVHM71DxOCWBZkQPFH+HlNs8MilXxWUFEjOFF5Fao8Cx62erSK3JBauiCdeMzVVyX8Xewwhg4pklYS/6fEpvovxgAt6DijH5cWfUDcwJIUMwY0JAMzC7uDB6kjTgYyphtcxHnS01xZISJeLqpPn8XOoQW1V2eUpcrITFHFgXd+85uCnP+vfVS9Z0Uv/ZNmYDqOnm837Y7VRNb9NIlUlgb6HNFVUThhqm6w0QzYMT3Vc304sc4LrvL/kfrLtqVzQwAT8zoikyOEj3kUOUdehJNWu4/yvyxZsyeQn436m/bPiZcYxQaN596VGRTOk8sYL5wDP7hWolBijswT9MFLb/lyK6fUinFc84pgq7gt8u7MoPWl4fxtzoMgyBvr85Rgtoyqopb0h+1XGcXd6rdC2JkEr3fCeM6M7CBAO/VycaLzDOkLW7TWlWEZDN/bQRGaV6QphY1l7qN3IpS8g1tnPSvbW0ots8OtLgyjIDidb6kPRKIzT16q8cTUuUZT8cO3NXMaIOwfbEKPN928pkQF8V15Bma2KBdMCWN5jHmLmLJZGWhXVi/flgo86Eoy8GpCJmr5IowrDfYOZZZbsw6m4bdTUsksDLpdXczlsY+8m6N1kQNwxXOJHbnbEb/e/qHAXmjgJ+fDVRjBd3MrJEZkcOf+bKP7NGjbY8AQzUgpZ/RdOfJ19WlwpvfPPG9f3UbifcUBliDTHFD2igeal3IUBVgYaGzmsw1fzT+G5nip64MadaVAF33TTMqFgQ3Pm/U+f/f0jKnJ9DnV4eH/k9XQyyvpbm58wHwBauI99vqWmce9gRkOwSc4X8eURM9I4ajCwod7iUUugbXvUegh9VckQncZPromBwL3R55RCPfj7XcbfjhSIrPbSbM+/TgP+0yTnwdJogm6F26IlfoPbbxWBhjgaGOW8P42ytJupbnVZUzChaC1Xip6UHDaYdy6WOsoasbp2LExY+LTmOrt/m1dy18z2DkO4nmlGBB8+KjjFh+7bD71a0shOoXImmW3paIudcDLMyhjUp0VfwXPUwiQnmgBLqj0FEF3yvul5ptJvzq6ZYWJ293IOVZFbxKmhyJVYctl2EmfaPtEYUMak3QIntWYr6PT5FRj2YBqiuhqsqOwA7CGSetbJ+9ArRd8JKZS5KEmsPlVloESzD7kwCjfkto+l+rb/dkDa5Bjk3X29dQC/U9vyxb5YZ8zxAYNii67e+LhfpxoCkFi22WXjFPsmRctFwpIVuTgObObRAqAcwNwk5QGrb9hNdCQZZ8RyVBx3T1m6k+5ZdRUkv9Vo/gdrh5WQa5oONa0J7e5jO/Ursim1/z86xbs0Wupu/90XHRuAtmxBBbvCv6ja2DquhvUFldhPueW+B1Ltr11OlZZ9jrGwmfGlwr5Z83v/PK9+nOvai9ibbOAe9j02uZBurigBPMRo0lBtcqu2Pj90WlR00HHZ8gPuxhL5siPr9f5aPWaVoPJtbACA+ukQveq5094B59Ez2vEFf3fZySHqgqMXtP+E19chT32mkF/ggq9I84jKurvDlmRRlFt/D/UAqVpON3W/0+CI7CeJ2/70IWgvdPghCuu70/sGXnXLX7EpdAnzDSwuCdt1KU5ZXvWKyWH86pizkRXNx3drSsLYVz1zbA5Y189aE4TvbYVvvxfxfe1CehLsJxzOmtmgu5fOUEEAyv6386PNPOBapsOW0Py46xpzAF9C9oqG4T+FHukaJGnMhk/oLMwIpruWfJt5qV2ydhCgQcWDf/biTQUUomK6mo+Bs/KuShUo+z0Ki4YbdjtQtYhNeqJqFYMKUSmBVqf+Pm5e63SuxXUBNqAaJtF9k4ZeolYoTfIILuNBytuuk6a5BGNhJ3gl+AKQBxFs8tjiharbLC0ckoECSheAPdb2OT7aCP5dxQfP5ovgRNQXIWlQJj7gxXQQjzIS3BcbaLegbi3VIt569bUiLT0wMnLgseBGmW9W+ue8pGEq/hqejgaaHn44qW7eNNwWojhSSjPq3FBQb0L3OedyYPom/w/F62fFTpe1WxTr3xMFOMp0JtXnAMx+tJvW1pI04wqXaIzV8AdBBGMvqTtJZ0pVgtxI3bBcIZP9ymIIIQ/odC96cZbM9ywVNknJHtptH0VUq2r0iWM62BHrSDYHJd+6rBwRQf9/LOk/JkVEPfggKkYkVPGMix3DB3ZvNUGxjbuZO/ReT+1XktijvOJX5sCcGn/pFIWKIxepiB5dtZ5AJeNqrbnc8asHb+bh5rPn/RkUCTcyEFCKGjgqpX5df9h+To0f5mkaTZP84g2dKDG+O08PojTdXr+QOHug5yPlC1cABbpkpnUbqnpJAh+lWl48GugnoIZZTbTISeGOFPNy4wdRKWaoFNITTnuST+X8HLGsybQPHhB0PaCDz8VKxq2gQw3rgNND78I6aLdNfaV9hZnOZuCX2qDNH34zXl4zCZd09r77mFQyCLO7lgQlTUT+tt+8+VAe6yTje34xX7W3jreDoVjVeL/+rzJmS6geg0RCYjE5I8OScYbx3vDyy8ONP+w0TByhOqb8LHEqfHSjUki3rQ9/2KZHJhHt7ZZ7bMCVJdzlEZOh/SF8auL83FKLkMxv9kdH9b8noZMtZzu1U7Q8j77J6kRx3wfJI3PCPzI7OOy7TN0w+/uqEwQSQ/LEqwdkBZKL9R68ngCKjxeIOEctqI0wc1fc/IwQ6iTZujYwdZNmMbiDKxM9gbklUOL4+iLrpmAOiaTXamAkrN7Xh29XGMvxtv7uC2derda0LszlGejRJISAqX1vkPclLU1q5UEUB6CrF0ilPQ7fkuJVaL920ooOW2LZoXBvUJ1Kl1OvqoRbbfiZIWzNZXTujRcwOOo9mxbWt5YBiLZN84tBWySeDuSqeNX4dXOs2rFz7IVBgLQH//64hSCG4GIBs00RElF8Fg/FqLg8wEowJA1OpZn49/j3Y9ZeNjGsBboRd7ZsOZjIY9w9Tn2wxpP3rXWMaKgUQkYU03cHdiSefQO4qGgpbQq8CQrBMQY1ZahEVPVPP33BST8XgDB9wQh5E7r8BqeDTMSpYmaObCnv3xRQzvZ6SBtWtkco/XbkEPNgMleFu0e3Lte/PmsstvNABfGbA==</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</soap:Body>
</soap:Envelope>
{code}
Rampart configuration :
{code:xml}
<parameter name="InflowSecurity">
<action>
<items>Signature Encrypt Timestamp</items>
</action>
</parameter>
{code}
CXF configuration:
{code:xml}
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xmlns:jaxws="http://cxf.apache.org/jaxws";
xmlns:wsa="http://cxf.apache.org/ws/addressing";
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://cxf.apache.org/jaxws
http://cxf.apache.org/schemas/jaxws.xsd
http://cxf.apache.org/ws/addressing
http://cxf.apache.org/schemas/ws-addr-conf.xsd";>
<import resource="classpath:META-INF/cxf/cxf.xml" />
<import resource="classpath:META-INF/cxf/cxf-extension-*.xml" />
<import resource="classpath:META-INF/cxf/cxf-servlet.xml" />
<!-- Spring manage ServiceBean -->
<bean id="RESAdapterService"
class="net.worldticket.edi.protocol.ota.RESAdapterService" />
<!--
Log4j is set to be used in META-INF\cxf\org.apache.cxf.Logger
Make sure that log4j INFO level is set for the following interceptors or
for the package org.apache.cxf to make them work.
-->
<bean id="logInInterceptor"
class="org.apache.cxf.interceptor.LoggingInInterceptor"/>
<bean id="logOutInterceptor"
class="org.apache.cxf.interceptor.LoggingOutInterceptor"/>
<!--
WSS4JInInterceptor for decrypting and validating the signature of the
SOAP request.
-->
<bean
id="TimestampSignEncrypt_Request"
class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
<constructor-arg>
<map>
<entry key="action" value="Signature Encrypt Timestamp"/>
<entry key="signaturePropFile" value="interop.properties"/>
<entry key="decryptionPropFile" value="interop.properties"/>
<entry key="passwordCallbackClass"
value="net.worldticket.myIdTravel.PasswordCallback"/>
</map>
</constructor-arg>
</bean>
<!--
WSS4JOutInterceptor for encoding and signing the SOAP response.
-->
<bean
id="TimestampSignEncrypt_Response"
class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
<constructor-arg>
<map>
<entry key="action" value="Signature Encrypt Timestamp"/>
<entry key="user" value="useReqSigCert"/>
<entry key="signatureUser" value="bob"/>
<entry key="signaturePropFile" value="interop.properties"/>
<entry key="encryptionPropFile" value="interop.properties"/>
<entry key="passwordCallbackClass"
value="net.worldticket.myIdTravel.PasswordCallback"/>
<entry key="signatureParts"
value="{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body;{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp"/>
<entry key="encryptionParts"
value="{Content}{http://schemas.xmlsoap.org/soap/envelope/}Body"/>
<entry key="encryptionSymAlgorithm"
value="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
<entry key="encryptionKeyTransportAlgorithm"
value="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
<entry key="encryptionKeyIdentifier" value="Thumbprint"/>
<entry key="signatureKeyIdentifier" value="Thumbprint"/>
</map>
</constructor-arg>
</bean>
<!-- JAX-WS Service Endpoint -->
<jaxws:endpoint id="resadapter" implementor="#RESAdapterService"
address="/resadapter">
<jaxws:outInterceptors>
<ref bean="logOutInterceptor"/>
<ref bean="TimestampSignEncrypt_Response"/>
</jaxws:outInterceptors>
<jaxws:inInterceptors>
<ref bean="logInInterceptor"/>
<ref bean="TimestampSignEncrypt_Request"/>
</jaxws:inInterceptors>
<jaxws:features>
<wsa:addressing allowDuplicates="false"/>
</jaxws:features>
</jaxws:endpoint>
</beans>
{code}
> CXF - Rampart interoperability issue: order of signature and encrypted key
> elements in XML
> --------------------------------------------------------------------------------------------
>
> Key: CXF-4823
> URL: https://issues.apache.org/jira/browse/CXF-4823
> Project: CXF
> Issue Type: Bug
> Components: WS-* Components
> Reporter: Sergey
>
> We have a CXF web service secured with WS-Security. The problem is that Axis2
> client which uses Rampart module cannot handle response generated by CXF.
> Rampart expects that xenc:EncryptedKey goes first, and ds:Signature is next.
> CXF puts elements in the opposite order. The workaround is
> to re-order actions in Axis2 config file:
> {code:xml}
> <parameter name="InflowSecurity">
> <action>
> <!-- Signature Encrypt Timestamp makes the Axis2 client to throw
> "Actions mismatch" exception !-->
> <items>Encrypt Signature Timestamp</items>
> </action>
> </parameter>
> {code}
> The question is: how to make CXF to change the order of signature and
> encrypted key elements in security header of the SOAP response to make it
> compatible with Axis2 clients? Since the order of action is the same in both
> Axis and CXF configuration files *Signature Encrypt Timestamp*, then it
> should work out of the box, shouldn't it ?
> Response sample:
> {code:xml}
> <?xml version="1.0" encoding="utf-8"?>
> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";>
> <soap:Header>
> <wsse:Security
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
>
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
> soap:mustUnderstand="1">
> <wsu:Timestamp wsu:Id="TS-6">
> <wsu:Created>2013-02-10T20:22:51.879Z</wsu:Created>
> <wsu:Expires>2013-02-10T20:27:51.879Z</wsu:Expires>
> </wsu:Timestamp>
> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";
> Id="SIG-8">
> <ds:SignedInfo>
> <ds:CanonicalizationMethod
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; />
> <ds:SignatureMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"; />
> <ds:Reference URI="#id-7">
> <ds:Transforms>
> <ds:Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; />
> </ds:Transforms>
> <ds:DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; />
> <ds:DigestValue>
> otiRAVkSs777jSOZqqwBJlFILJo=</ds:DigestValue>
> </ds:Reference>
> <ds:Reference URI="#TS-6">
> <ds:Transforms>
> <ds:Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; />
> </ds:Transforms>
> <ds:DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; />
> <ds:DigestValue>
> wAJxVtTNvbPX6aHqrrX7/SOPplQ=</ds:DigestValue>
> </ds:Reference>
> </ds:SignedInfo>
> <ds:SignatureValue>
>
> Dy/OVbJOTr1lfqzbZCGxUlanJ0YKVmnyDV9F3Z1aJtB093rXffnKX35o4CxfWqVY/k1COF1TG6mfDZ6nbd1PqM6Vlbk8hBL5iSUFZAKe6RgilD9nYZmWPl2KaLAVrHS66jdmczWGWUh/15YTWB1s8cyNbBSVrwcyKx9FlOgI3pY=</ds:SignatureValue>
> <ds:KeyInfo Id="KI-6029833839643E518513605277718807">
> <wsse:SecurityTokenReference
> wsu:Id="STR-6029833839643E518513605277718808">
> <wsse:KeyIdentifier
> EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary";
>
> ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1";>
> 4ZQm/eQOxdcAHohj09+Uk4ex3Lw=</wsse:KeyIdentifier>
> </wsse:SecurityTokenReference>
> </ds:KeyInfo>
> </ds:Signature>
> <xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";
> Id="EK-6029833839643E518513605277718755">
> <xenc:EncryptionMethod
> Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"; />
> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
> <wsse:SecurityTokenReference>
> <wsse:KeyIdentifier
> EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary";
>
> ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1";>
> mxCXzekKZqaJcrE3UmHFGOswTnI=</wsse:KeyIdentifier>
> </wsse:SecurityTokenReference>
> </ds:KeyInfo>
> <xenc:CipherData>
> <xenc:CipherValue>
>
> SQWm0I/90/iJUEDAts1jBPC4/W67aDTwrWGzZn1sYYRKyiFx/SxaGj3rtO3Nx8548I0e0ymfGN78ukjcytsUZHoABSNPmJb773Ou4r1l/S7oPqrGCW87A3OpFj3ri62u+iVP3c0u58tnjdIyKXqyeuZTpjtRETlTviH7O4YyInk=</xenc:CipherValue>
> </xenc:CipherData>
> <xenc:ReferenceList>
> <xenc:DataReference URI="#ED-5" />
> </xenc:ReferenceList>
> </xenc:EncryptedKey>
> </wsse:Security>
> <Action xmlns="http://www.w3.org/2005/08/addressing";>
>
> http://service.resadapter.myidtravel.lhsystems.com/RESAdapterServicePortType/getAvailabilityResponse</Action>
> <MessageID xmlns="http://www.w3.org/2005/08/addressing";>
> urn:uuid:f8f2570d-cd35-404a-b413-e5322ca92d01</MessageID>
> <To xmlns="http://www.w3.org/2005/08/addressing";>
> http://www.w3.org/2005/08/addressing/anonymous</To>
> <RelatesTo xmlns="http://www.w3.org/2005/08/addressing";>
> urn:uuid:65935AD1BEED993E3D1360527858578</RelatesTo>
> </soap:Header>
> <soap:Body
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
> wsu:Id="id-7">
> <xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";
> Id="ED-5" Type="http://www.w3.org/2001/04/xmlenc#Content";>
> <xenc:EncryptionMethod
> Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"; />
> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
> <wsse:SecurityTokenReference
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
>
> xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd";
>
> wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey";>
> <wsse:Reference URI="#EK-6029833839643E518513605277718755" />
> </wsse:SecurityTokenReference>
> </ds:KeyInfo>
> <xenc:CipherData>
> <xenc:CipherValue>
>
> hk6afclqW40YD/Lt91WdResuoUwzUwB9HYmcmmnMS2O3TdqOm7UC09l4h5Y2BCYoqM6+eBw8C1aS3Pg8TCYVksfVDRUW8Oai5VT+Hk7ihs/ABE2xZBeo2h50Nnx1EGVhizJfm2Be37yyJFz4i0MhI51Lto2LZvRppChyywe9GBdmxyC3+X+lM5cgSBRWPPi11KYgdNhcy6+FHaij5ZW4TjIlbg98gNGaGq8/5tR2H0luYadEq02bzMj0Qqjqxze7ixND9n750+BM89amhsnOXWCAbN9DXBjvA57qJSqmDRyyejUgj6srHV2n7VRMof75JpcmIdB0kfKMRPGXq0Jcd6LZIjjeG8+nit7HoJBRPk7VN3BO2A+5VZEjPW4Csb+4+KSx5+cmquIX+dxJvJ6M86iglkUVb+M+syekJffOVwOgFlZcZx54JL9O2VJIzsongff3KtYBg6Hxfhsx80ZfwTtH/6T8pf68rWF3MG6xSbP+cv6UjTegjQ/j84b7D2Gga5Vv5y+9c9PYlgpUIFX91Bx1RzmR+gkgEZ5EVG8OfhIlM6DGFyayXhSi0en4vpuRYu9qhOJKIgEjA7egc2G6rH81RQhObp4p9m1mlJrBakiUzxzayMsYXbzPduXTXdU7q2gEo/ZzjABnD9VVUY5oyMIGclnNDCNOtrVnnKm3zsM2xYlMhjIxUdTSFGHJmZXbGeApkZUef/b69hXvy3d0d6MP0L5zQatECj8NoOdIx5oJo26jsJId0wpPshkEAx+sgOu7Dnt+6sTnKg4zYQIKm4951d0nz9qP1bp3iWaRuid4oiZXfjBioqMom1teORmm1tEldTBen8Qa1p65y6sutb0D9B3E/j6ovHuaMs2J76+eU5q82N8fjkIPakvElVMBlvHIrgnyiburB9iCRjaI9SBcPbIlS1N6HExcdJSoB4o+glQb54o0KwV57919HvaZKii7tiIpDBMBPV7q3dyi5iXc0xYc7dFifwlxOyboH0ZlMBv2jmzo+sMZB7sN9BwAkJzRWKu9Bj44vZAqBSWL3dLIyKWSzDFchOV7xu8BBREr2sJKk2v0eFlIFwO8rfAowpgt0JLex0txXqIRx8gMq94lrAjquv4ADu91ImckDI8x7bURCax3O1YYA0un/oM5xH+kCuBk6dJNj+mUGOtM7qaJJEqGNpfMIIhoOCnc2BVP8WIt7CMVHM71DxOCWBZkQPFH+HlNs8MilXxWUFEjOFF5Fao8Cx62erSK3JBauiCdeMzVVyX8Xewwhg4pklYS/6fEpvovxgAt6DijH5cWfUDcwJIUMwY0JAMzC7uDB6kjTgYyphtcxHnS01xZISJeLqpPn8XOoQW1V2eUpcrITFHFgXd+85uCnP+vfVS9Z0Uv/ZNmYDqOnm837Y7VRNb9NIlUlgb6HNFVUThhqm6w0QzYMT3Vc304sc4LrvL/kfrLtqVzQwAT8zoikyOEj3kUOUdehJNWu4/yvyxZsyeQn436m/bPiZcYxQaN596VGRTOk8sYL5wDP7hWolBijswT9MFLb/lyK6fUinFc84pgq7gt8u7MoPWl4fxtzoMgyBvr85Rgtoyqopb0h+1XGcXd6rdC2JkEr3fCeM6M7CBAO/VycaLzDOkLW7TWlWEZDN/bQRGaV6QphY1l7qN3IpS8g1tnPSvbW0ots8OtLgyjIDidb6kPRKIzT16q8cTUuUZT8cO3NXMaIOwfbEKPN928pkQF8V15Bma2KBdMCWN5jHmLmLJZGWhXVi/flgo86Eoy8GpCJmr5IowrDfYOZZZbsw6m4bdTUsksDLpdXczlsY+8m6N1kQNwxXOJHbnbEb/e/qHAXmjgJ+fDVRjBd3MrJEZkcOf+bKP7NGjbY8AQzUgpZ/RdOfJ19WlwpvfPPG9f3UbifcUBliDTHFD2igeal3IUBVgYaGzmsw1fzT+G5nip64MadaVAF33TTMqFgQ3Pm/U+f/f0jKnJ9DnV4eH/k9XQyyvpbm58wHwBauI99vqWmce9gRkOwSc4X8eURM9I4ajCwod7iUUugbXvUegh9VckQncZPromBwL3R55RCPfj7XcbfjhSIrPbSbM+/TgP+0yTnwdJogm6F26IlfoPbbxWBhjgaGOW8P42ytJupbnVZUzChaC1Xip6UHDaYdy6WOsoasbp2LExY+LTmOrt/m1dy18z2DkO4nmlGBB8+KjjFh+7bD71a0shOoXImmW3paIudcDLMyhjUp0VfwXPUwiQnmgBLqj0FEF3yvul5ptJvzq6ZYWJ293IOVZFbxKmhyJVYctl2EmfaPtEYUMak3QIntWYr6PT5FRj2YBqiuhqsqOwA7CGSetbJ+9ArRd8JKZS5KEmsPlVloESzD7kwCjfkto+l+rb/dkDa5Bjk3X29dQC/U9vyxb5YZ8zxAYNii67e+LhfpxoCkFi22WXjFPsmRctFwpIVuTgObObRAqAcwNwk5QGrb9hNdCQZZ8RyVBx3T1m6k+5ZdRUkv9Vo/gdrh5WQa5oONa0J7e5jO/Ursim1/z86xbs0Wupu/90XHRuAtmxBBbvCv6ja2DquhvUFldhPueW+B1Ltr11OlZZ9jrGwmfGlwr5Z83v/PK9+nOvai9ibbOAe9j02uZBurigBPMRo0lBtcqu2Pj90WlR00HHZ8gPuxhL5siPr9f5aPWaVoPJtbACA+ukQveq5094B59Ez2vEFf3fZySHqgqMXtP+E19chT32mkF/ggq9I84jKurvDlmRRlFt/D/UAqVpON3W/0+CI7CeJ2/70IWgvdPghCuu70/sGXnXLX7EpdAnzDSwuCdt1KU5ZXvWKyWH86pizkRXNx3drSsLYVz1zbA5Y189aE4TvbYVvvxfxfe1CehLsJxzOmtmgu5fOUEEAyv6386PNPOBapsOW0Py46xpzAF9C9oqG4T+FHukaJGnMhk/oLMwIpruWfJt5qV2ydhCgQcWDf/biTQUUomK6mo+Bs/KuShUo+z0Ki4YbdjtQtYhNeqJqFYMKUSmBVqf+Pm5e63SuxXUBNqAaJtF9k4ZeolYoTfIILuNBytuuk6a5BGNhJ3gl+AKQBxFs8tjiharbLC0ckoECSheAPdb2OT7aCP5dxQfP5ovgRNQXIWlQJj7gxXQQjzIS3BcbaLegbi3VIt569bUiLT0wMnLgseBGmW9W+ue8pGEq/hqejgaaHn44qW7eNNwWojhSSjPq3FBQb0L3OedyYPom/w/F62fFTpe1WxTr3xMFOMp0JtXnAMx+tJvW1pI04wqXaIzV8AdBBGMvqTtJZ0pVgtxI3bBcIZP9ymIIIQ/odC96cZbM9ywVNknJHtptH0VUq2r0iWM62BHrSDYHJd+6rBwRQf9/LOk/JkVEPfggKkYkVPGMix3DB3ZvNUGxjbuZO/ReT+1XktijvOJX5sCcGn/pFIWKIxepiB5dtZ5AJeNqrbnc8asHb+bh5rPn/RkUCTcyEFCKGjgqpX5df9h+To0f5mkaTZP84g2dKDG+O08PojTdXr+QOHug5yPlC1cABbpkpnUbqnpJAh+lWl48GugnoIZZTbTISeGOFPNy4wdRKWaoFNITTnuST+X8HLGsybQPHhB0PaCDz8VKxq2gQw3rgNND78I6aLdNfaV9hZnOZuCX2qDNH34zXl4zCZd09r77mFQyCLO7lgQlTUT+tt+8+VAe6yTje34xX7W3jreDoVjVeL/+rzJmS6geg0RCYjE5I8OScYbx3vDyy8ONP+w0TByhOqb8LHEqfHSjUki3rQ9/2KZHJhHt7ZZ7bMCVJdzlEZOh/SF8auL83FKLkMxv9kdH9b8noZMtZzu1U7Q8j77J6kRx3wfJI3PCPzI7OOy7TN0w+/uqEwQSQ/LEqwdkBZKL9R68ngCKjxeIOEctqI0wc1fc/IwQ6iTZujYwdZNmMbiDKxM9gbklUOL4+iLrpmAOiaTXamAkrN7Xh29XGMvxtv7uC2derda0LszlGejRJISAqX1vkPclLU1q5UEUB6CrF0ilPQ7fkuJVaL920ooOW2LZoXBvUJ1Kl1OvqoRbbfiZIWzNZXTujRcwOOo9mxbWt5YBiLZN84tBWySeDuSqeNX4dXOs2rFz7IVBgLQH//64hSCG4GIBs00RElF8Fg/FqLg8wEowJA1OpZn49/j3Y9ZeNjGsBboRd7ZsOZjIY9w9Tn2wxpP3rXWMaKgUQkYU03cHdiSefQO4qGgpbQq8CQrBMQY1ZahEVPVPP33BST8XgDB9wQh5E7r8BqeDTMSpYmaObCnv3xRQzvZ6SBtWtkco/XbkEPNgMleFu0e3Lte/PmsstvNABfGbA==</xenc:CipherValue>
> </xenc:CipherData>
> </xenc:EncryptedData>
> </soap:Body>
> </soap:Envelope>
> {code}
> Rampart configuration :
> {code:xml}
> <parameter name="InflowSecurity">
> <action>
> <items>Signature Encrypt Timestamp</items>
> </action>
> </parameter>
> {code}
> CXF configuration:
> {code:xml}
> <?xml version="1.0" encoding="UTF-8"?>
> <beans xmlns="http://www.springframework.org/schema/beans";
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
> xmlns:jaxws="http://cxf.apache.org/jaxws";
> xmlns:wsa="http://cxf.apache.org/ws/addressing";
> xsi:schemaLocation="http://www.springframework.org/schema/beans
> http://www.springframework.org/schema/beans/spring-beans.xsd
> http://cxf.apache.org/jaxws
> http://cxf.apache.org/schemas/jaxws.xsd
> http://cxf.apache.org/ws/addressing
> http://cxf.apache.org/schemas/ws-addr-conf.xsd";>
> <import resource="classpath:META-INF/cxf/cxf.xml" />
> <import resource="classpath:META-INF/cxf/cxf-extension-*.xml" />
> <import resource="classpath:META-INF/cxf/cxf-servlet.xml" />
> <!-- Spring manage ServiceBean -->
> <bean id="RESAdapterService"
> class="net.worldticket.edi.protocol.ota.RESAdapterService" />
> <!--
> Log4j is set to be used in META-INF\cxf\org.apache.cxf.Logger
> Make sure that log4j INFO level is set for the following interceptors or
> for the package org.apache.cxf to make them work.
> -->
> <bean id="logInInterceptor"
> class="org.apache.cxf.interceptor.LoggingInInterceptor"/>
> <bean id="logOutInterceptor"
> class="org.apache.cxf.interceptor.LoggingOutInterceptor"/>
> <!--
> WSS4JInInterceptor for decrypting and validating the signature of
> the SOAP request.
> -->
> <bean
> id="TimestampSignEncrypt_Request"
> class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
> <constructor-arg>
> <map>
> <entry key="action" value="Signature Encrypt Timestamp"/>
> <entry key="signaturePropFile" value="interop.properties"/>
> <entry key="decryptionPropFile" value="interop.properties"/>
> <entry key="passwordCallbackClass"
> value="net.worldticket.myIdTravel.PasswordCallback"/>
> </map>
> </constructor-arg>
> </bean>
> <!--
> WSS4JOutInterceptor for encoding and signing the SOAP response.
> -->
> <bean
> id="TimestampSignEncrypt_Response"
> class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
> <constructor-arg>
> <map>
> <entry key="action" value="Signature Encrypt Timestamp"/>
> <entry key="user" value="useReqSigCert"/>
> <entry key="signatureUser" value="bob"/>
> <entry key="signaturePropFile" value="interop.properties"/>
> <entry key="encryptionPropFile" value="interop.properties"/>
> <entry key="passwordCallbackClass"
> value="net.worldticket.myIdTravel.PasswordCallback"/>
> <entry key="signatureParts"
> value="{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body;{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp"/>
> <entry key="encryptionParts"
> value="{Content}{http://schemas.xmlsoap.org/soap/envelope/}Body"/>
> <entry key="encryptionSymAlgorithm"
> value="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
> <entry key="encryptionKeyTransportAlgorithm"
> value="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
> <entry key="encryptionKeyIdentifier" value="Thumbprint"/>
> <entry key="signatureKeyIdentifier" value="Thumbprint"/>
> </map>
> </constructor-arg>
> </bean>
> <!-- JAX-WS Service Endpoint -->
> <jaxws:endpoint id="resadapter" implementor="#RESAdapterService"
> address="/resadapter">
> <jaxws:outInterceptors>
> <ref bean="logOutInterceptor"/>
> <ref bean="TimestampSignEncrypt_Response"/>
> </jaxws:outInterceptors>
> <jaxws:inInterceptors>
> <ref bean="logInInterceptor"/>
> <ref bean="TimestampSignEncrypt_Request"/>
> </jaxws:inInterceptors>
> <jaxws:features>
> <wsa:addressing allowDuplicates="false"/>
> </jaxws:features>
> </jaxws:endpoint>
> </beans>
> {code}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
