Hi,
I think you can try with servicemix cxf binding component, which
leverage cxf ws-security feature.
You can refer to [1] [2] get more details
[1]http://svn.apache.org/repos/asf/incubator/servicemix/trunk/deployables/bindingcomponents/servicemix-cxf-bc/src/test/java/org/apache/servicemix/cxfbc/ws/security/CxfBcProviderSecurityTest.java
[2]http://svn.apache.org/repos/asf/incubator/servicemix/trunk/deployables/bindingcomponents/servicemix-cxf-bc/src/test/java/org/apache/servicemix/cxfbc/ws/security/CxfBCSecurityTest.java
Best Regards
Freeman
dobytek wrote:
Using servicemix 3.2, JDK1.6, RHEL3, I am trying to invoke an external web
service that runs on Geronimo using Spring Web Services 1.1 based on
WS-Security code from WSIT (FCS 1.0)
When I send a message from the bus to MyProviderService, it invokes the
external web service and I can see that the message payload looks OK, the
certificate serial nr and issuer are OK, and the XML signing elements are
present.
BUT on the destination side, the messages are rejected with 'XML signature
validation failure'. Tracing the code, I can see that the certificate is
found in the destination keystore - the failure seems to be with the
signature result itself.
When send a signed message from Synapse instead, to the same destination
service, it works!
Seems there's still a problem with XML signing even after 3.1.1. What web
service toolkit was servicemix's signing tested against?
As a workaround, if I can't use the http component, can I get CXF to do
outbound WS-Security?
Or maybe I can do it via CXF support in Camel? (No documentation at all for
that, though)
As a last resort I can generate my own stub using some WS toolkit that
works, and deploy it as a component, but I don't really want to do that
every time.
My config is below. Thanks for any ideas!
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns:http="http://servicemix.apache.org/http/1.0";
xmlns:sr="http://domain/apps/ourapp/";
xmlns:soap="http://servicemix.apache.org/soap/1.0";>
<http:endpoint service="sr:MyProviderService"
endpoint="myProvider"
role="provider"
soap="true"
soapVersion="1.1"
locationURI="http://machine:port/theservice";
wsdlResource="classpath:provider.wsdl">
<http:policies>
<soap:ws-security sendAction="Signature" username="xyz">
<soap:crypto>
<bean
class="org.apache.servicemix.soap.handlers.security.StandaloneCrypto">
<property name="keyStoreUrl" value="classpath:store.jks" />
<property name="keyStorePassword" value="***" />
<property name="keyPassword" value="***"/>
</bean>
</soap:crypto>
</soap:ws-security>
</http:policies>
</http:endpoint>
</beans>
