[mule-user] Problem with WS-Security

93 views
Skip to first unread message

chirapol

unread,
Jan 27, 2010, 10:59:33 PM1/27/10
to us...@mule.codehaus.org
Hi,

We are getting an error setting up WS-Security with cxf for "Digital Signature". I followed instructions from
http://blogs.mulesoft.org/ws-security-and-saml-for-mule/

I received this error:

INFO: Interceptor has thrown exception, unwinding now
org.apache.cxf.binding.soap.SoapFault: *Empty username for specified action.*
at org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:179)

*I want to use only Ditital Signagure, but not the UsernameToken. Is there anything missing that I have to add to the config?*

Thanks,
Chirapol.

*Here is my mule-config.xml:*
<service name="WSBank">
<inbound>
<inbound-endpoint synchronous="true" address="file://./in" connector-ref="FileConnector">
<file:filename-wildcard-filter pattern="*.xml" />
</inbound-endpoint>
</inbound>
<outbound>
<chaining-router>

<cxf:outbound-endpoint
proxy="true"
payload="body"
synchronous="true"
enableMuleSoapHeaders="false"
address="http://localhost/WebServiceTest/Service1.asmx?Service=ReturnInput"
transformer-refs="AddSoapActionHeader">

<cxf:inInterceptors>
<spring:bean class="org.apache.cxf.interceptor.LoggingInInterceptor"/>
</cxf:inInterceptors>
<cxf:outInterceptors>
<spring:bean class="org.apache.cxf.interceptor.LoggingOutInterceptor"/>
<spring:bean class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
<spring:constructor-arg>
<spring:map>
<spring:entry key="action" value="Signature" />
<spring:entry key="signaturePropFile" value="wssecurity.properties" />


</spring:map>
</spring:constructor-arg>
</spring:bean>

</cxf:outInterceptors>

</cxf:outbound-endpoint>

<file:outbound-endpoint path="./temp">
<file:filename-wildcard-filter pattern="*.txt"/>
</file:outbound-endpoint>

</chaining-router>
</outbound>
</service>

*Here is the wssecurity.properties:*

org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.file=server-key/keystore.jks
org.apache.ws.security.crypto.merlin.keystore.password=changeit
org.apache.ws.security.crypto.merlin.keystore.alias=server-alias
org.apache.ws.security.crypto.merlin.keystore.type=jks

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

http://xircles.codehaus.org/manage_email


Mario Klaver

unread,
Jan 29, 2010, 3:40:56 AM1/29/10
to us...@mule.codehaus.org
Hi chirapol,

I see at least one missing configuration:
The password callback class is also needed by the WSS4J to sign the message. The password callback class is used to get the password for the private key to sign the message.

HTH
Mario

chirapol

unread,
Feb 2, 2010, 5:40:06 AM2/2/10
to us...@mule.codehaus.org
Thanks Mario.

I now added a password call back and user name. Now there is no error, *but it seem to stop working after it made the http connection. Nothing is sent to the outbound webservice.*

Any suggestions?

*Here is my configuration:*

<cxf:outbound-endpoint
proxy="true"
payload="body"
synchronous="true"
enableMuleSoapHeaders="false"

address="http://172.27.28.211/WebServiceTest/Service1.asmx?Service=ReturnInput"


transformer-refs="AddSoapActionHeader">

<cxf:inInterceptors>
<spring:bean class="org.apache.cxf.interceptor.LoggingInInterceptor"/>
</cxf:inInterceptors>
<cxf:outInterceptors>

<spring:bean class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
<spring:constructor-arg>
<spring:map>
<spring:entry key="action" value="Signature" />

<spring:entry key="user" value="server-alias" />
<spring:entry key="passwordCallbackClass" value="mypackage.handler.KeystorePasswordCallback" />


<spring:entry key="signaturePropFile" value="wssecurity.properties" />
</spring:map>
</spring:constructor-arg>
</spring:bean>

</cxf:outInterceptors>

</cxf:outbound-endpoint>

*Here is what printed out on the console:* The words "Keystore Password Call back" and "changeit1" is what I printed out from my callback function.

...
INFO 2010-02-02 17:36:38,647 [FileConnector.receiver.2] org.mule.transport.file.FileMessageReceiver: Lock obtained on file: /home/chirapol/workspace/mule-poc/in/Test4.xml
INFO 2010-02-02 17:36:39,633 [FileConnector.receiver.2] org.mule.transport.cxf.CxfMessageDispatcher: Connected: endpoint.outbound.http://172.27.28.211/WebServiceTest/Service1.asmx?Service=ReturnInput
Feb 2, 2010 5:36:39 PM org.mule.transport.cxf.transport.MuleUniversalConduit dispatchMuleMessage
INFO: Sending message to http://172.27.28.211/WebServiceTest/Service1.asmx?Service=ReturnInput
INFO 2010-02-02 17:36:40,069 [FileConnector.receiver.2] org.mule.transport.http.HttpConnector: Initialising: HttpConnector{this=14b74a7, started=false, initialised=false, name='connector.http.0', disposed=false, numberOfConcurrentTransactedReceivers=4, createMultipleTransactedReceivers=true, connected=false, supportedProtocols=[http], serviceOverrides=null}
INFO 2010-02-02 17:36:40,175 [FileConnector.receiver.2] org.mule.DefaultExceptionStrategy: Initialising exception listener: org.mule.DefaultExceptionStrategy@1a1bc40
INFO 2010-02-02 17:36:40,175 [FileConnector.receiver.2] org.mule.transport.http.HttpConnector: Connected: HttpConnector{this=14b74a7, started=false, initialised=true, name='connector.http.0', disposed=false, numberOfConcurrentTransactedReceivers=4, createMultipleTransactedReceivers=true, connected=true, supportedProtocols=[http], serviceOverrides=null}
INFO 2010-02-02 17:36:40,175 [FileConnector.receiver.2] org.mule.transport.http.HttpConnector: Starting: HttpConnector{this=14b74a7, started=false, initialised=true, name='connector.http.0', disposed=false, numberOfConcurrentTransactedReceivers=4, createMultipleTransactedReceivers=true, connected=true, supportedProtocols=[http], serviceOverrides=null}
INFO 2010-02-02 17:36:40,175 [FileConnector.receiver.2] org.mule.transport.http.HttpConnector: Started: HttpConnector{this=14b74a7, started=true, initialised=true, name='connector.http.0', disposed=false, numberOfConcurrentTransactedReceivers=4, createMultipleTransactedReceivers=true, connected=true, supportedProtocols=[http], serviceOverrides=null}
INFO 2010-02-02 17:36:40,192 [FileConnector.receiver.2] org.mule.transport.service.DefaultTransportServiceDescriptor: Loading default outbound transformer: org.mule.transport.http.transformers.ObjectToHttpClientMethodRequest
INFO 2010-02-02 17:36:40,396 [FileConnector.receiver.2] org.mule.transport.http.HttpClientMessageDispatcher: Connected: endpoint.outbound.http://172.27.28.211/WebServiceTest/Service1.asmx?Service=ReturnInput
Keystore Password Call back
changeit1


*Here is my wssecurity.properties:*

org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=changeit
org.apache.ws.security.crypto.merlin.keystore.alias=server-alias
org.apache.ws.security.crypto.merlin.file=server-key/keystore.jks

chirapol

unread,
Feb 5, 2010, 6:00:19 AM2/5/10
to us...@mule.codehaus.org
Here is some more information:

If I run from Eclipse, it will just stop after calling the PasswordCallback function with no reason. However, if I run from mule server (not through eclipse), it works fine.

Not sure if this is a bug?

Regards,
Chirapol.

Reply all
Reply to author
Forward
0 new messages