Answer the question
In order to leave comments, you need to log in
How to create a Web service based on CXF technology with WS-Security?
Good hour.
There was a situation when authorization on a web server is necessary on the certificate. I started looking towards WS-Security, but for some reason I can’t start the services normally.
Technologies used: Spring, Apache CXF
The whole thing starts on JBoss (WildFly 8.2.0)
Maybe someone met adequate documentation or an example on this topic?
The WSDL-First method is somehow not very desirable to use, a lot of things will have to be broken.
Answer the question
In order to leave comments, you need to log in
To create a service, I had to study the documentation from Apache, in general, as it turned out, everything is not so difficult.
To begin with, I created regular services on CXF, then saved the WSDL file and started editing it.
Added a block to the wsdl:binding block
and in wsdl:definitions
<wsp:Policy wsu:Id="SecurityServiceSignThenEncryptPolicy"
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:ExactlyOne>
<wsp:All>
<sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:InitiatorToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
<sp:WssX509V1Token11/>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:InitiatorToken>
<sp:RecipientToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
<wsp:Policy>
<sp:WssX509V1Token11/>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:TripleDesRsa15/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Lax/>
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp/>
<sp:EncryptSignature/>
<sp:OnlySignEntireHeadersAndBody/>
<sp:SignBeforeEncrypting/>
</wsp:Policy>
</sp:AsymmetricBinding>
<sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<sp:Body/>
</sp:SignedParts>
<sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<sp:Body/>
</sp:EncryptedParts>
<sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:MustSupportRefIssuerSerial/>
</wsp:Policy>
</sp:Wss10>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
keytool -genkey -keyalg RSA -sigalg SHA1withRSA -validity 730 -alias myservicekey -keypass skpass -storepass sspass -keystore serviceKeystore.jks -dname "cn=localhost"
keytool -genkey -keyalg RSA -sigalg SHA1withRSA -validity 730 -alias myclientkey -keypass ckpass -storepass cspass -keystore clientKeystore.jks -dname "cn=clientuser"
keytool -export -rfc -keystore clientKeystore.jks -storepass cspass -alias myclientkey -file MyClient.cer
keytool -export -rfc -keystore serviceKeystore.jks -storepass sspass -alias myservicekey -file MyService.cer
keytool -import -trustcacerts -keystore serviceKeystore.jks -storepass sspass -alias myclientkey -file MyClient.cer -noprompt
keytool -import -trustcacerts -keystore clientKeystore.jks -storepass cspass -alias myservicekey -file MyService.cer -noprompt
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=sspass
org.apache.ws.security.crypto.merlin.keystore.alias=myservicekey
org.apache.ws.security.crypto.merlin.file=serviceKeystore.jks
@EndpointProperties(value = {
@EndpointProperty(key = SecurityConstants.SIGNATURE_PROPERTIES, value = "server.properties"),
@EndpointProperty(key = SecurityConstants.ENCRYPT_PROPERTIES, value = "server.properties"),
@EndpointProperty(key = SecurityConstants.SIGNATURE_USERNAME, value = "myservicekey"),
@EndpointProperty(key = SecurityConstants.ENCRYPT_USERNAME, value = "myclientkey"),
@EndpointProperty(key = SecurityConstants.CALLBACK_HANDLER, value = "org.company.wsse.handler.KeystorePasswordCallback")
})
@WebService(portName = "hwPort",
serviceName = "hw",
wsdlLocation = "WEB-INF/wsdl/hw.wsdl",
targetNamespace = "http://wsssampl.company.org/",
endpointInterface = "org.company.wsse.IHelloWorld")
public class HelloWorldImpl implements IHelloWorld {
}
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question