Skip to main content

Problem using MTomFeature when calling WS

3 replies [Last post]
katatonias
Offline
Joined: 2012-08-23
Points: 0

Hi,

I have a WebService that is deployed on a server with the help of CXF Api. This WebService need a Certificate to authenticate when a Client calls it. This WebService uses also OptimizedMimeSerialization to manage big files. The wsdl of the WebService is like this:

name="MyWebService"
targetNamespace="urn:be:cin:nip:tools:xades"
xmlns:tns="urn:be:cin:nip:tools:xades"
xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"
xmlns:soap12="http://schemas.xmlsoap.org/wsdl/soap12/"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"
xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl"
xmlns:wsrm="http://schemas.xmlsoap.org/ws/2005/02/rm/policy"
xmlns:wsrmp="http://schemas.xmlsoap.org/ws/2005/02/rm/policy"
xmlns:wsoma="http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">











































...

When i create the port for this WebService with a Metro Client, i used this code:

protected void createMyWebServicePort(String wsdlLocation, String endpoint) throws Exception {
MyWeb_Service service = new MyWeb_Service(this.getClass().getResource(wsdlLocation), new QName("urn:be:my:web:service", "MyWebService"));
port = service.getMyWebServiceSOAP12(new MTOMFeature(true, 10000000));
Map reqContext = ((BindingProvider) port).getRequestContext();
reqContext.put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, endpoint);
}

I force MTom to put an attached file only if the size of the file is more than 10000000.

To attach the Certificate to the message, i used this CallBackHandler that i attached to the message:

public MyCallbackHandler implements javax.security.auth.callback.CallbackHandler {

public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
for (Callback callback : callbacks) {
if (callback instanceof SignatureKeyCallback) {
SignatureKeyCallback.DefaultPrivKeyCertRequest request = (SignatureKeyCallback.DefaultPrivKeyCertRequest) ((SignatureKeyCallback) callback).getRequest();
try {
X509Certificate cert = (X509Certificate) BaseClassTest.store.getCertificate(BaseClassTest.storeAlias);
validateCertificate(cert, "MyWebService WS-Security (client)");

request.setPrivateKey((PrivateKey) BaseClassTest.store.getKey(BaseClassTest.storeAlias, BaseClassTest.storePassword.toCharArray()));
request.setX509Certificate(cert);
} catch (Exception e) {
throw new RuntimeException(e);
}
}
}
}

But when i execute the code, the certificate is still in attachment of my request.

Do you know if there is a specifics way to force Metro to not put a certificate in attachment of the request?

Thanks

Reply viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
Kumar Jayanti Guest
Offline
Joined: 2011-04-02
Points: 0

Currently there is no way. The Certificate is Binary Data and when MTOM feature is enabled a certificate might endup as an Attachment. However it should not create any interop problems. Are you seeing some issue ?.

On Aug 23, 2012, at 4:43 PM, forums@java.net wrote:

> Hi, I have a WebService that is deployed on a server with the help of CXF
> Api. This WebService need a Certificate to authenticate when a Client calls
> it. This WebService uses also OptimizedMimeSerialization to manage big files.
> The wsdl of the WebService is like this: ... When i create the port for this
> WebService with a Metro Client, i used this code: protected void
> createMyWebServicePort(String wsdlLocation, String endpoint) throws Exception
> { MyWeb_Service service = new
> MyWeb_Service(this.getClass().getResource(wsdlLocation), new
> QName("urn:be:my:web:service", "MyWebService")); port =
> service.getMyWebServiceSOAP12(new MTOMFeature(true, 10000000)); Map
> reqContext = ((BindingProvider) port).getRequestContext();
> reqContext.put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, endpoint); } I
> force MTom to put an attached file only if the size of the file is more than
> 10000000. To attach the Certificate to the message, i used this
> CallBackHandler that i attached to the message: public MyCallbackHandler
> implements javax.security.auth.callback.CallbackHandler { public void
> handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException
> { for (Callback callback : callbacks) { if (callback instanceof
> SignatureKeyCallback) { SignatureKeyCallback.DefaultPrivKeyCertRequest
> request = (SignatureKeyCallback.DefaultPrivKeyCertRequest)
> ((SignatureKeyCallback) callback).getRequest(); try { X509Certificate cert =
> (X509Certificate)
> BaseClassTest.store.getCertificate(BaseClassTest.storeAlias);
> validateCertificate(cert, "MyWebService WS-Security (client)");
> request.setPrivateKey((PrivateKey)
> BaseClassTest.store.getKey(BaseClassTest.storeAlias,
> BaseClassTest.storePassword.toCharArray()));
> request.setX509Certificate(cert); } catch (Exception e) { throw new
> RuntimeException(e); } } } } But when i execute the code, the certificate is
> still in attachment of my request. Do you know if there is a specifics way to
> force Metro to not put a certificate in attachment of the request? Thanks
>

katatonias
Offline
Joined: 2012-08-23
Points: 0

The problem is that i try to access to WebService that is using cxf on the server part. And the WebService responses that it cannot retrieve the certificate.

soap:Senderns1:SecurityTokenUnavailableReferenced security token could not be retrieved (Cannot parse/decode the certificate data)

Do you know if it's plan to fix this problem?

Kumar Jayanti Guest
Offline
Joined: 2011-04-02
Points: 0

On Aug 28, 2012, at 8:22 PM, forums@java.net wrote:

> The problem is that i try to access to WebService that is using cxf on the
> server part. And the WebService responses that it cannot retrieve the
> certificate. soap:Senderns1:SecurityTokenUnavailableReferenced security token
> could not be retrieved (Cannot parse/decode the certificate data) Do you know
> if it's plan to fix this problem?
IMO this maynot be a problem because the certificate is sent as attachment. Can you confirm if things work when MTOM is disabled on the same Interaction.

Whether the Cert was sent as an attachment or not is immaterial to the Server if it knows how to process MTOM messages.

regards,
kumar
>