Hi All,
I'm trying to secure my spring webservices using XwsSecurityInterceptor as follows:-
securityPolicy.xml contains:-
In SOAPUI I have configured the the keystores/Certififacte to point to my truststore.jks
In SOAPUI Outgoing WSS of the request I point to the keystore configuration.
Each time I make a soapui request to the webservice I get the following:-
org.springframework.ws.soap.security.AbstractWsSecurityInterceptor.handleValidationException(AbstractWsSecurityInterceptor.java:281)
Could not validate request: com.sun.xml.wss.XWSSecurityException: More Receiver requirements [ SignaturePolicy SignaturePolicy ]
specified than present in the message; nested exception is com.sun.xml.wss.XWSSecurityException: com.sun.xml.wss.XWSSecurityException:
More Receiver requirements [ SignaturePolicy SignaturePolicy ] specified than present in the message
The soap envelope request that soapui transmits contains the following:-
I'm new to WS Security and not sure about the following:-
1) I thought that I would be able to see the Certificate within the client request soap header( i.e. within BinarySecurityToken), hence is this the reason for the above error ?
2) The client is supposed to create a hash from the soap message body. The hash is then encrypt using the private key. Note sure were the private key comes from ?
3) The client transmits the soap message containing the Digital signature and the public key. Note sure were the public key comes from ?
4) The spring ws security documentation talks about using the above configuration to carry out Certificate Validation and Certificate Authentication.
As a design question, would you let the firewall server carry out certificate validation (i.e. checking expiration date passed, checking trusstore) rather than the webservice?
Mat
I'm trying to secure my spring webservices using XwsSecurityInterceptor as follows:-
securityPolicy.xml contains:-
In SOAPUI I have configured the the keystores/Certififacte to point to my truststore.jks
In SOAPUI Outgoing WSS of the request I point to the keystore configuration.
Each time I make a soapui request to the webservice I get the following:-
org.springframework.ws.soap.security.AbstractWsSecurityInterceptor.handleValidationException(AbstractWsSecurityInterceptor.java:281)
Could not validate request: com.sun.xml.wss.XWSSecurityException: More Receiver requirements [ SignaturePolicy SignaturePolicy ]
specified than present in the message; nested exception is com.sun.xml.wss.XWSSecurityException: com.sun.xml.wss.XWSSecurityException:
More Receiver requirements [ SignaturePolicy SignaturePolicy ] specified than present in the message
The soap envelope request that soapui transmits contains the following:-
I'm new to WS Security and not sure about the following:-
1) I thought that I would be able to see the Certificate within the client request soap header( i.e. within BinarySecurityToken), hence is this the reason for the above error ?
2) The client is supposed to create a hash from the soap message body. The hash is then encrypt using the private key. Note sure were the private key comes from ?
3) The client transmits the soap message containing the Digital signature and the public key. Note sure were the public key comes from ?
4) The spring ws security documentation talks about using the above configuration to carry out Certificate Validation and Certificate Authentication.
As a design question, would you let the firewall server carry out certificate validation (i.e. checking expiration date passed, checking trusstore) rather than the webservice?
Mat