Crypter le header "usernametoken"

**Schnuffel** · 24/02/2015, 16h03

Bonjour,

J'essaie de créer un webservice avec authentification usernametoken, timestamp, signature et cryptage du message soap (sans ssl).

Je parviens à envoyer une requête avec tout ces éléments, mais le usernametoken est envoyé en clair, alors que je voudrais qu'il soit envoyé crypté dans le header.

Voici ce que j'envoie actuellement :

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
<?xml version="1.0" encoding="UTF-16"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
    <soap:Header>
        <wsse:Security soap:mustUnderstand="1"
            xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
            <xenc:EncryptedKey Id="EK-A37E9422926799CC7614247759597358" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/>
                <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                    <wsse:SecurityTokenReference>
                        <ds:X509Data>
                            <ds:X509IssuerSerial>
                                <ds:X509IssuerName>CN=SERVER WS,OU=FR,O=TOTO,L=LABA,ST=PARIS,C=FR</ds:X509IssuerName>
                                <ds:X509SerialNumber>1961569094</ds:X509SerialNumber>
                            </ds:X509IssuerSerial>
                        </ds:X509Data>
                    </wsse:SecurityTokenReference>
                </ds:KeyInfo>
                <xenc:CipherData>
                    <xenc:CipherValue>XdjQnx2bhxjisjOUE8HVC4VV7Kcz9TMP3+VDfyYGB0XLMttwNqHRXovM12J6DUDgjtT0Ay4n5TRQ1IvFHvPwnc9csxEI5X4qBJBa+SW5Nd6c+CrCPfHPVw/wvlle9MgmZLm4n40NNYdCmaNvt+p6oQZ0LppJjCjxQ08xM5SzLCu3zTKYxrmYs3Ba2uuNr9ikXVHqw46UmE3KyNaATv49cHTLIwwXiZkAXsShi4ECXq8DfupNmDrarrOdU08jg9q5l0dE7eRtaSrVbXtqyqdvMvco5V9DWi/zJ3Sfl/Vb1HJ7VxMxR8VKsWh4+lczIt7s8SBggPhl1cwXrGdDZY3Jsg==</xenc:CipherValue>
                </xenc:CipherData>
                <xenc:ReferenceList>
                    <xenc:DataReference URI="#ED-A37E9422926799CC7614247759597459"/>
                </xenc:ReferenceList>
            </xenc:EncryptedKey>
            <wsu:Timestamp wsu:Id="TS-A37E9422926799CC7614247759596447">
                <wsu:Created>2015-02-24T11:05:59.643Z</wsu:Created>
                <wsu:Expires>2015-02-24T11:10:59.643Z</wsu:Expires>
            </wsu:Timestamp>
            <ds:Signature Id="SIG-A37E9422926799CC7614247759595896" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                        <ec:InclusiveNamespaces PrefixList="soap" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    </ds:CanonicalizationMethod>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
                    <ds:Reference URI="#id-A37E9422926799CC7614247759595835">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                                <ec:InclusiveNamespaces PrefixList="" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                            </ds:Transform>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                        <ds:DigestValue>rO47hhWfPRRJwsyVJMPuB3J5c7A=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>M46j7UQe+CHmISwfe6hL8Pk9LAOtCwwktCjgJOCHjph2r0B1FMc964NvufuTBt7UjrS5EtMwLbI+7ct7pvUrkLvA9yTMv2OoUy1x3FKycyWGdGJcTjNgwO2W1Um9X/vs+F1LsFCK4nQRCbkAJiYPdCuY9rGQi5pZ+bsehqIP4aXHGnJGWZ6UydJZtLO+p48rxva18XzX+PTTcIVG1vpnBHqT9HKOKxoa5HQQu8scgJgnq60h2LWbbkeok2zLcK2xj8RxibtyGZf80oV1BsleBvRiroV3w8IFzaoUQHQ0EQgK/EU1eo5dzvCbbVTKVzpIFb3jFpQdj+XI6j4bvJASsw==</ds:SignatureValue>
                <ds:KeyInfo Id="KI-A37E9422926799CC7614247759595793">
                    <wsse:SecurityTokenReference wsu:Id="STR-A37E9422926799CC7614247759595804">
                        <ds:X509Data>
                            <ds:X509IssuerSerial>
                                <ds:X509IssuerName>CN=SERVER WS,OU=FR,O=TOTO,L=LABA,ST=PARIS,C=FR</ds:X509IssuerName>
                                <ds:X509SerialNumber>1961569094</ds:X509SerialNumber>
                            </ds:X509IssuerSerial>
                        </ds:X509Data>
                    </wsse:SecurityTokenReference>
                </ds:KeyInfo>
            </ds:Signature>
            <wsse:UsernameToken wsu:Id="UsernameToken-A37E9422926799CC7614247759595671">
                <wsse:Username>username</wsse:Username>
                <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password1</wsse:Password>
            </wsse:UsernameToken>
        </wsse:Security>
    </soap:Header>
    <soap:Body wsu:Id="id-A37E9422926799CC7614247759595835" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
        <xenc:EncryptedData Id="ED-A37E9422926799CC7614247759597459"
            Type="http://www.w3.org/2001/04/xmlenc#Content" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <wsse:SecurityTokenReference
                    wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey"
                    xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd">
                    <wsse:Reference URI="#EK-A37E9422926799CC7614247759597358"/>
                </wsse:SecurityTokenReference>
            </ds:KeyInfo>
            <xenc:CipherData>
                <xenc:CipherValue>9mTmfMITmalPwNs8xjCnx0gVAlYmKIuQQ069VpHx24Ij4Qd31tNimimnr4qNA9z8atJGjvIPC7ktt+2qTy0AdOO5HNn4QaSrkxSt4pcrF1jc1kRE208lSfjgiv4rXhWA0230dPz0icHLkaz0bgCu3lE9X/NPfwilyVKv/umbB+rDQipxGJrmuqBDqkP4Ln66ewWw9/B80awqMRU4CST5THK+uY5dwikMoSYuYtF5+pL3BJxOQEF/EE7Y0sFvsfbiBu/VBhnYIvKoe6UmCBtnGj9cVvILHytlh90RtRWpX4WVN3cuq2wJYdeRu/81F+XhGpDAySaY3DGrWpUQK6NPGu2k2gnN/r3wUlZQnPds5gJTBXyiDDX6onZxRjZ6KU7e</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </soap:Body>
</soap:Envelope>

Et voici ce que je voudrait avoir :

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
<?xml version="1.0" encoding="UTF-16"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
    <SOAP-ENV:Header xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
        <wsse:Security SOAP-ENV:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
            <xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
                    <dsig:DigestMethod
                        Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"/>
                </xenc:EncryptionMethod>
                <dsig:KeyInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
                    <wsse:SecurityTokenReference
                        wsse:TokenType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
                        <wsse:KeyIdentifier
                            EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
                            ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">UYtQQeKkcfdY0tLFUFNcr9TaP290cfbLBOyENlN3VcXOS678YFlpaYsyX7vFmZ9qnO1n+vMfyIKRi+Ulo48JN20E4ciX22kgDL7yQQzQTolw6Nv8hPdsqGnR9AYi35w6fKfeFEGRhijUn9T8yoYimmAAfL0oK7ssobKTf7hPS9DN3mfX2Jp8Jk/kZI/dPI9iWIzl8MfIkcuDOI7gy10mgyvBd3hGN+OoU0Elen3hFn0LLvbtIRWLpCr+Fl3iDc0tZK3vNY2MIB6CVVElwYmyzeA3sRbq26c3mWktTZ5S7TLF40nh3Nf+V/DPpzAncVWM5caoMjYZ6g0S7z0hw5eFPg==</wsse:KeyIdentifier>
                    </wsse:SecurityTokenReference>
                </dsig:KeyInfo>
                <xenc:CipherData>
                    <xenc:CipherValue>BFxd3zU3xrJEupCYO5mEL5OMl4uP2wRBsA1h9k+28DJfbFXQa+8gjgT7HdckJQvKsxAqJTZ0u7gJOfbKzh6ENVhjVnoN1CbFkRaIJi8bsMrfcSSlyOgOZBnI3/3Pm6VVJayyNcHM0MOOQiKy6oy3GKrPTjCLjjMd2KxhlHu0jj2zqAPc9dnJUQcPRYMW1S99cCFn/JcZ2qSSGW2XMvCJ4VDBnMx9qHfaonHi5HVF4ugZZ+lUPDN5/u0zy5e+ujopxMBmgG31SB+7a5ahDoq7VzdqtIldRaC+5VkfyoAlmrYVq5HybJ+P6pM/cOK6B+N8TcW/LYFvKQrA5mtqHR45OA==</xenc:CipherValue>
                </xenc:CipherData>
                <xenc:ReferenceList>
                    <xenc:DataReference URI="#_rVha2g3V1KAqZNAlHSmLaQ22"/>
                    <xenc:DataReference URI="#_1KWX1sY79LRZB6ZJfuQIug22"/>
                </xenc:ReferenceList>
            </xenc:EncryptedKey>
            <dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
                <dsig:SignedInfo>
                    <dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"/>
                    <dsig:Reference URI="#Body-JvP8MGBXkKOSHPcW0uHfgQ22">
                        <dsig:Transforms>
                            <dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </dsig:Transforms>
                        <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                        <dsig:DigestValue>M3N/7wk8fiwTOgyizA6ebuia3L0=</dsig:DigestValue>
                    </dsig:Reference>
                    <dsig:Reference URI="#Timestamp-h21aj72HHeOxuusWqZoSpg22">
                        <dsig:Transforms>
                            <dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </dsig:Transforms>
                        <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                        <dsig:DigestValue>rIYH3ZpL7mD0R3qk2S9rMjJBDDI=</dsig:DigestValue>
                    </dsig:Reference>
                    <dsig:Reference URI="#DOUsE014rF7BQ5dGJTX0Tg22">
                        <dsig:Transforms>
                            <dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </dsig:Transforms>
                        <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                        <dsig:DigestValue>9dmZoveM9+zY38W/SHFa+riXCtE=</dsig:DigestValue>
                    </dsig:Reference>
                </dsig:SignedInfo>
                <dsig:SignatureValue>kDH8XYNTxzJaf3cJxnPVuL34Ej4=</dsig:SignatureValue>
                <dsig:KeyInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
                    <wsse:SecurityTokenReference
                        wsse:TokenType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
                        <wsse:KeyIdentifier
                            EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
                            ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">UYtQQeKkcfdY0tLFUFNcr9TaP290cfbLBOyENlN3VcXOS678YFlpaYsyX7vFmZ9qnO1n+vMfyIKRi+Ulo48JN20E4ciX22kgDL7yQQzQTolw6Nv8hPdsqGnR9AYi35w6fKfeFEGRhijUn9T8yoYimmAAfL0oK7ssobKTf7hPS9DN3mfX2Jp8Jk/kZI/dPI9iWIzl8MfIkcuDOI7gy10mgyvBd3hGN+OoU0Elen3hFn0LLvbtIRWLpCr+Fl3iDc0tZK3vNY2MIB6CVVElwYmyzeA3sRbq26c3mWktTZ5S7TLF40nh3Nf+V/DPpzAncVWM5caoMjYZ6g0S7z0hw5eFPg==</wsse:KeyIdentifier>
                    </wsse:SecurityTokenReference>
                </dsig:KeyInfo>
            </dsig:Signature>
            <wsu:Timestamp wsu:Id="Timestamp-h21aj72HHeOxuusWqZoSpg22" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
                <wsu:Created ValueType="http://www.w3.org/2001/XMLSchema/dateTime">2015-02-24T11:10:19Z</wsu:Created>
                <wsu:Expires ValueType="http://www.w3.org/2001/XMLSchema/dateTime">2015-02-24T11:40:19Z</wsu:Expires>
            </wsu:Timestamp>
            <xenc:EncryptedData Id="_1KWX1sY79LRZB6ZJfuQIug22"
                Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
                <xenc:CipherData>
                    <xenc:CipherValue>NP7DetgN+T0kqIa3y7WNMchIcZUdkhKZ06N9qTC33bcrpMwg6i9APls9OPlRWDoLD739l8HDsNUlbKi6L4vrKvwv0EKlzLIfjMXckB4gOOuC9TdPrssooxuzhbzqUnTf1vWbpCPbnsoPiAn9cIOeHtrpDLF0+cEpa9wdyBiHVaAH73ChUCcJfUMD0Vigu3e8jL8BpWnQM7I0zhW1HEWrkK9b53Q1OPApqcdrIQh7PYFsVTblODfRA0U7v9MrzNwVuQkNMxNlRVXOUgYbnzKLhH1MqoYYedWcScezIu1+xChNtir+Px61pNDRg1uVWV6AxQyyUOlIds2xez4pnWwCtH60i+hRbmf4iIRvW7aaQaF2DSKc+4krzuwASKTl8djkwU4bUvKTKSp2ST9hW4NkN3iCuMN6VZH/NaOBj/E2JJmbqTGsc9cD5wyU09Yc2B9k0xh77HOiOtdAULsd24YwX9qNWMRLDpbyiwyISKXE7kQpQwMFhHhGhm4IFrzUxcnwfFwFJ/MKTzA78N7TH6d5VZ1f2ETd8M0Z37DNC56QW/IY/ryWzwKqQCwCStdpGl70KyIaOmpimCZWha3ePDNbZHGY8Fli5suMPVf/wfnNEuoTXze4WxzNJsFiZoqcD3RudgKvIwede1G2irntOkCzq4ApVN1b7BOgi5Es0IbUcoYyKKcwSnysMXsz36KtNx7ibR0BLhp3YTg+UlpnwPJcf26a9AFJN1Ibp/1xpZ+9TJNq+QcE0cZpL8SRmmscpR8JZT7gGZtTzIQI7UH5Axmlv0JE6cZ9qJ8wNhFv23SeqS55j90fxsX7Ju2zPgRnVkoeDlzRoft6kr3SGHHURLYNKuKnjNNTrD8u5EfXgAMGIFa397FG/EnV5TCM6KOEnvLDhJJm2MnsugY2AkFh5lx3KJsdwjMYF/YL7CaOsECwZXuU43nbnvjA4Oc7prCR+swX2CXqXC2Te1jy4CxfjgfWPg==</xenc:CipherValue>
                </xenc:CipherData>
            </xenc:EncryptedData>
        </wsse:Security>
    </SOAP-ENV:Header>
    <soap:Body wsu:Id="Body-JvP8MGBXkKOSHPcW0uHfgQ22" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
        <xenc:EncryptedData Id="_rVha2g3V1KAqZNAlHSmLaQ22"
            Type="http://www.w3.org/2001/04/xmlenc#Content" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
            <xenc:CipherData>
                <xenc:CipherValue>7yFQZoetU3789CGjgbc/vpIvipQpb6mTYsLsOFM14tYUsrt7uvYWTtGMxD0U8I3z7yMTHdwFiVvI/R6gVbH16s4Jd9zxhvuzrwz8Ir6nZ9DM7WBDhBLXl9aIPSpIGC3qlrTvK78P/U7d79NSD47iX5B9hKa/MRngLVGMp5F0xTlkmZzVsBcz1OehcWP3jSBj6kIB9x6CeI6mLPfp2E2S7JFW0iOihuhOAkPkjX7/DRJX8eRtL+hCu1YlVGB8rs7vaSHqMYTXKlU4XgKRaJwlchC51rG4Je1C/u4pw8HMpHAzxVWl1ge+JrqqZRwPv+QVJaoZXBKTspDi2nlUA+xTobUXFRYOFpeLuFL64gHe7b9oXoMGvJqluiNtORAxDTn7w6Bc8Islfgmqz/zn06V8CqJP9CiUFVWf6KFiNMwAmlsqItHDssEG79E//e/e1p+cl/JWEg7dSjAbLjreJTit6cl14/GY94JZG2lvUheLpnqhPCJXT06CFxTB78Ty8YRnW/HsSJ0SR+TSUJAlbCbsIQ==</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </soap:Body>
</soap:Envelope>

On peut voir que dans la seconde requête, il n'y pas de usernametoken dans le header, mais il a été remplacé par encryptedData. (D'où ma question du début)

Et voici le code de configuration spring avec apache CXF :

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:jaxws="http://cxf.apache.org/jaxws"
	xmlns:util="http://www.springframework.org/schema/util" xmlns:context="http://www.springframework.org/schema/context"
	xsi:schemaLocation=" http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://cxf.apache.org/jaxws 
http://cxf.apache.org/schemas/jaxws.xsd
http://www.springframework.org/schema/context 
    http://www.springframework.org/schema/context/spring-context.xsd
    http://www.springframework.org/schema/util 
http://www.springframework.org/schema/util/spring-util-3.0.xsd">
 
	<!-- prendre en compte les parametres systemes de la jvm -->
	<context:property-placeholder location="classpath:test.properties" />
 
	<bean id="ProjectServices" class="primavera.ws.ProjectPortType"
		factory-bean="clientFactory" factory-method="create" />
	<bean id="clientFactory" class="org.apache.cxf.jaxws.JaxWsProxyFactoryBean">
		<property name="serviceClass" value="test.ws.ProjectPortType" />
		<property name="address"
			value="http://port-128:8206/ws/services/ProjectService" />
		<property name="inInterceptors">
			<list>
				<ref bean="logIn" />
				<ref bean="signResponse" />
			</list>
		</property>
		<property name="outInterceptors">
			<list>
				<ref bean="logOut" />
				<ref bean="saajOut" />
				<ref bean="signRequest" />
			</list>
		</property>
	</bean>
	<bean id="logIn" class="org.apache.cxf.interceptor.LoggingInInterceptor" />
	<bean id="logOut" class="org.apache.cxf.interceptor.LoggingOutInterceptor" />
	<bean id="saajOut" class="org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor" />
 
	<bean id="signRequest" class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
		<constructor-arg>
			<map>
				<entry key="action" value="UsernameToken Timestamp Signature Encrypt" />
				<entry key="user" value="username" />
				<entry key="passwordType" value="PasswordText" />
				<entry key="signatureUser" value="serverwsalias" />
				<entry key="encryptionUser" value="serverwsalias" />
				<entry key="passwordCallbackClass" value="main.ClientPasswordCallback" />
				<entry key="signaturePropFile" value="/crypt.properties"></entry>
				<entry key="encryptionPropFile" value="/crypt.properties"></entry>
			</map>
		</constructor-arg>
	</bean>
	<bean id="signResponse" class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
		<constructor-arg>
			<map>
				<entry key="action" value="Encrypt" />
				<entry key="encryptionUser" value="serverwsalias" />
				<entry key="decryptionPropFile" value="/crypt.properties"></entry>
			</map>
		</constructor-arg>
	</bean>
</beans>

Personnellement, je ne vois pas trop quel option pourrait m'aider (la liste est ici).

Merci d'avance !

**Schnuffel** · 02/03/2015, 16h30

J'ai trouvé comment résoudre ce problème en particulier, ce n'était pas du tout évident donc j'espère que cela pourra aider d'autres personnes.

En fait, on peut spécifier les différentes parties que l'on veut voir crypter (et/ou signer) (par défaut, seul la partie Body est crypter) :

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
<entry key="signatureParts"
					value="{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;Body" />
				<entry key="encryptionParts"
					value="{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}UsernameToken;Body" />

Les éléments "signatureParts" et "encryptionParts" prennent une liste de valeurs séparées par des point-virgules. Si l'on spécifie cette liste, le comportement par défaut n'est plus réalisé, c'est-à-dire que si on crypte la partie UsernameToken, le Body ne sera plus crypter, donc il faut le spécifier à nouveau.

Un élément de la requête est indiqué par {Element}{adresse de la définition de l'attribut XML}Id_de_l'attribut .

Maintenant, j'ai un autre soucis : il me faut définir le KeyIdentifier en EncryptedKeySHA1, mais si je rajoute le paramètre :

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

<entry key="encryptionKeyIdentifier" value="EncryptedKeySHA1"></entry>

Il me donne ça :

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
 <wsse:KeyIdentifier
                            EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" 
							alueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1">QgB9VjsaVwwYNx/MowOS058pegY=</wsse:KeyIdentifier>

Comme si j'avais mis Thrumprint au lieu de EncryptedKeySHA1. Serait-ce un bug ?

Merci d'avance !

Crypter le header "usernametoken"

Services Web Java

Partager

Partager