Crypter le header "usernametoken"

Bonjour,

J'essaie de créer un webservice avec authentification usernametoken, timestamp, signature et cryptage du message soap (sans ssl).

Je parviens à envoyer une requête avec tout ces éléments, mais le usernametoken est envoyé en clair, alors que je voudrais qu'il soit envoyé crypté dans le header.

Voici ce que j'envoie actuellement :

Code:

---

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79

<?xml version="1.0" encoding="UTF-16"?> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"> <soap:Header> <wsse:Security soap:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <xenc:EncryptedKey Id="EK-A37E9422926799CC7614247759597358" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"> <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <wsse:SecurityTokenReference> <ds:X509Data> <ds:X509IssuerSerial> <ds:X509IssuerName>CN=SERVER WS,OU=FR,O=TOTO,L=LABA,ST=PARIS,C=FR</ds:X509IssuerName> <ds:X509SerialNumber>1961569094</ds:X509SerialNumber> </ds:X509IssuerSerial> </ds:X509Data> </wsse:SecurityTokenReference> </ds:KeyInfo> <xenc:CipherData> <xenc:CipherValue>XdjQnx2bhxjisjOUE8HVC4VV7Kcz9TMP3+VDfyYGB0XLMttwNqHRXovM12J6DUDgjtT0Ay4n5TRQ1IvFHvPwnc9csxEI5X4qBJBa+SW5Nd6c+CrCPfHPVw/wvlle9MgmZLm4n40NNYdCmaNvt+p6oQZ0LppJjCjxQ08xM5SzLCu3zTKYxrmYs3Ba2uuNr9ikXVHqw46UmE3KyNaATv49cHTLIwwXiZkAXsShi4ECXq8DfupNmDrarrOdU08jg9q5l0dE7eRtaSrVbXtqyqdvMvco5V9DWi/zJ3Sfl/Vb1HJ7VxMxR8VKsWh4+lczIt7s8SBggPhl1cwXrGdDZY3Jsg==</xenc:CipherValue> </xenc:CipherData> <xenc:ReferenceList> <xenc:DataReference URI="#ED-A37E9422926799CC7614247759597459"/> </xenc:ReferenceList> </xenc:EncryptedKey> <wsu:Timestamp wsu:Id="TS-A37E9422926799CC7614247759596447"> <wsu:Created>2015-02-24T11:05:59.643Z</wsu:Created> <wsu:Expires>2015-02-24T11:10:59.643Z</wsu:Expires> </wsu:Timestamp> <ds:Signature Id="SIG-A37E9422926799CC7614247759595896" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"> <ec:InclusiveNamespaces PrefixList="soap" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:CanonicalizationMethod> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> <ds:Reference URI="#id-A37E9422926799CC7614247759595835"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"> <ec:InclusiveNamespaces PrefixList="" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:Transform> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <ds:DigestValue>rO47hhWfPRRJwsyVJMPuB3J5c7A=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue>M46j7UQe+CHmISwfe6hL8Pk9LAOtCwwktCjgJOCHjph2r0B1FMc964NvufuTBt7UjrS5EtMwLbI+7ct7pvUrkLvA9yTMv2OoUy1x3FKycyWGdGJcTjNgwO2W1Um9X/vs+F1LsFCK4nQRCbkAJiYPdCuY9rGQi5pZ+bsehqIP4aXHGnJGWZ6UydJZtLO+p48rxva18XzX+PTTcIVG1vpnBHqT9HKOKxoa5HQQu8scgJgnq60h2LWbbkeok2zLcK2xj8RxibtyGZf80oV1BsleBvRiroV3w8IFzaoUQHQ0EQgK/EU1eo5dzvCbbVTKVzpIFb3jFpQdj+XI6j4bvJASsw==</ds:SignatureValue> <ds:KeyInfo Id="KI-A37E9422926799CC7614247759595793"> <wsse:SecurityTokenReference wsu:Id="STR-A37E9422926799CC7614247759595804"> <ds:X509Data> <ds:X509IssuerSerial> <ds:X509IssuerName>CN=SERVER WS,OU=FR,O=TOTO,L=LABA,ST=PARIS,C=FR</ds:X509IssuerName> <ds:X509SerialNumber>1961569094</ds:X509SerialNumber> </ds:X509IssuerSerial> </ds:X509Data> </wsse:SecurityTokenReference> </ds:KeyInfo> </ds:Signature> <wsse:UsernameToken wsu:Id="UsernameToken-A37E9422926799CC7614247759595671"> <wsse:Username>username</wsse:Username> <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password1</wsse:Password> </wsse:UsernameToken> </wsse:Security> </soap:Header> <soap:Body wsu:Id="id-A37E9422926799CC7614247759595835" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <xenc:EncryptedData Id="ED-A37E9422926799CC7614247759597459" Type="http://www.w3.org/2001/04/xmlenc#Content" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"> <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <wsse:SecurityTokenReference wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"> <wsse:Reference URI="#EK-A37E9422926799CC7614247759597358"/> </wsse:SecurityTokenReference> </ds:KeyInfo> <xenc:CipherData> <xenc:CipherValue>9mTmfMITmalPwNs8xjCnx0gVAlYmKIuQQ069VpHx24Ij4Qd31tNimimnr4qNA9z8atJGjvIPC7ktt+2qTy0AdOO5HNn4QaSrkxSt4pcrF1jc1kRE208lSfjgiv4rXhWA0230dPz0icHLkaz0bgCu3lE9X/NPfwilyVKv/umbB+rDQipxGJrmuqBDqkP4Ln66ewWw9/B80awqMRU4CST5THK+uY5dwikMoSYuYtF5+pL3BJxOQEF/EE7Y0sFvsfbiBu/VBhnYIvKoe6UmCBtnGj9cVvILHytlh90RtRWpX4WVN3cuq2wJYdeRu/81F+XhGpDAySaY3DGrWpUQK6NPGu2k2gnN/r3wUlZQnPds5gJTBXyiDDX6onZxRjZ6KU7e</xenc:CipherValue> </xenc:CipherData> </xenc:EncryptedData> </soap:Body> </soap:Envelope>

---

Et voici ce que je voudrait avoir :

Code:

---

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84

<?xml version="1.0" encoding="UTF-16"?> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"> <SOAP-ENV:Header xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"> <wsse:Security SOAP-ENV:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"> <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"> <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"/> </xenc:EncryptionMethod> <dsig:KeyInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> <wsse:SecurityTokenReference wsse:TokenType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">UYtQQeKkcfdY0tLFUFNcr9TaP290cfbLBOyENlN3VcXOS678YFlpaYsyX7vFmZ9qnO1n+vMfyIKRi+Ulo48JN20E4ciX22kgDL7yQQzQTolw6Nv8hPdsqGnR9AYi35w6fKfeFEGRhijUn9T8yoYimmAAfL0oK7ssobKTf7hPS9DN3mfX2Jp8Jk/kZI/dPI9iWIzl8MfIkcuDOI7gy10mgyvBd3hGN+OoU0Elen3hFn0LLvbtIRWLpCr+Fl3iDc0tZK3vNY2MIB6CVVElwYmyzeA3sRbq26c3mWktTZ5S7TLF40nh3Nf+V/DPpzAncVWM5caoMjYZ6g0S7z0hw5eFPg==</wsse:KeyIdentifier> </wsse:SecurityTokenReference> </dsig:KeyInfo> <xenc:CipherData> <xenc:CipherValue>BFxd3zU3xrJEupCYO5mEL5OMl4uP2wRBsA1h9k+28DJfbFXQa+8gjgT7HdckJQvKsxAqJTZ0u7gJOfbKzh6ENVhjVnoN1CbFkRaIJi8bsMrfcSSlyOgOZBnI3/3Pm6VVJayyNcHM0MOOQiKy6oy3GKrPTjCLjjMd2KxhlHu0jj2zqAPc9dnJUQcPRYMW1S99cCFn/JcZ2qSSGW2XMvCJ4VDBnMx9qHfaonHi5HVF4ugZZ+lUPDN5/u0zy5e+ujopxMBmgG31SB+7a5ahDoq7VzdqtIldRaC+5VkfyoAlmrYVq5HybJ+P6pM/cOK6B+N8TcW/LYFvKQrA5mtqHR45OA==</xenc:CipherValue> </xenc:CipherData> <xenc:ReferenceList> <xenc:DataReference URI="#_rVha2g3V1KAqZNAlHSmLaQ22"/> <xenc:DataReference URI="#_1KWX1sY79LRZB6ZJfuQIug22"/> </xenc:ReferenceList> </xenc:EncryptedKey> <dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> <dsig:SignedInfo> <dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> <dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"/> <dsig:Reference URI="#Body-JvP8MGBXkKOSHPcW0uHfgQ22"> <dsig:Transforms> <dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </dsig:Transforms> <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <dsig:DigestValue>M3N/7wk8fiwTOgyizA6ebuia3L0=</dsig:DigestValue> </dsig:Reference> <dsig:Reference URI="#Timestamp-h21aj72HHeOxuusWqZoSpg22"> <dsig:Transforms> <dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </dsig:Transforms> <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <dsig:DigestValue>rIYH3ZpL7mD0R3qk2S9rMjJBDDI=</dsig:DigestValue> </dsig:Reference> <dsig:Reference URI="#DOUsE014rF7BQ5dGJTX0Tg22"> <dsig:Transforms> <dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </dsig:Transforms> <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <dsig:DigestValue>9dmZoveM9+zY38W/SHFa+riXCtE=</dsig:DigestValue> </dsig:Reference> </dsig:SignedInfo> <dsig:SignatureValue>kDH8XYNTxzJaf3cJxnPVuL34Ej4=</dsig:SignatureValue> <dsig:KeyInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> <wsse:SecurityTokenReference wsse:TokenType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">UYtQQeKkcfdY0tLFUFNcr9TaP290cfbLBOyENlN3VcXOS678YFlpaYsyX7vFmZ9qnO1n+vMfyIKRi+Ulo48JN20E4ciX22kgDL7yQQzQTolw6Nv8hPdsqGnR9AYi35w6fKfeFEGRhijUn9T8yoYimmAAfL0oK7ssobKTf7hPS9DN3mfX2Jp8Jk/kZI/dPI9iWIzl8MfIkcuDOI7gy10mgyvBd3hGN+OoU0Elen3hFn0LLvbtIRWLpCr+Fl3iDc0tZK3vNY2MIB6CVVElwYmyzeA3sRbq26c3mWktTZ5S7TLF40nh3Nf+V/DPpzAncVWM5caoMjYZ6g0S7z0hw5eFPg==</wsse:KeyIdentifier> </wsse:SecurityTokenReference> </dsig:KeyInfo> </dsig:Signature> <wsu:Timestamp wsu:Id="Timestamp-h21aj72HHeOxuusWqZoSpg22" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <wsu:Created ValueType="http://www.w3.org/2001/XMLSchema/dateTime">2015-02-24T11:10:19Z</wsu:Created> <wsu:Expires ValueType="http://www.w3.org/2001/XMLSchema/dateTime">2015-02-24T11:40:19Z</wsu:Expires> </wsu:Timestamp> <xenc:EncryptedData Id="_1KWX1sY79LRZB6ZJfuQIug22" Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"> <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/> <xenc:CipherData> <xenc:CipherValue>NP7DetgN+T0kqIa3y7WNMchIcZUdkhKZ06N9qTC33bcrpMwg6i9APls9OPlRWDoLD739l8HDsNUlbKi6L4vrKvwv0EKlzLIfjMXckB4gOOuC9TdPrssooxuzhbzqUnTf1vWbpCPbnsoPiAn9cIOeHtrpDLF0+cEpa9wdyBiHVaAH73ChUCcJfUMD0Vigu3e8jL8BpWnQM7I0zhW1HEWrkK9b53Q1OPApqcdrIQh7PYFsVTblODfRA0U7v9MrzNwVuQkNMxNlRVXOUgYbnzKLhH1MqoYYedWcScezIu1+xChNtir+Px61pNDRg1uVWV6AxQyyUOlIds2xez4pnWwCtH60i+hRbmf4iIRvW7aaQaF2DSKc+4krzuwASKTl8djkwU4bUvKTKSp2ST9hW4NkN3iCuMN6VZH/NaOBj/E2JJmbqTGsc9cD5wyU09Yc2B9k0xh77HOiOtdAULsd24YwX9qNWMRLDpbyiwyISKXE7kQpQwMFhHhGhm4IFrzUxcnwfFwFJ/MKTzA78N7TH6d5VZ1f2ETd8M0Z37DNC56QW/IY/ryWzwKqQCwCStdpGl70KyIaOmpimCZWha3ePDNbZHGY8Fli5suMPVf/wfnNEuoTXze4WxzNJsFiZoqcD3RudgKvIwede1G2irntOkCzq4ApVN1b7BOgi5Es0IbUcoYyKKcwSnysMXsz36KtNx7ibR0BLhp3YTg+UlpnwPJcf26a9AFJN1Ibp/1xpZ+9TJNq+QcE0cZpL8SRmmscpR8JZT7gGZtTzIQI7UH5Axmlv0JE6cZ9qJ8wNhFv23SeqS55j90fxsX7Ju2zPgRnVkoeDlzRoft6kr3SGHHURLYNKuKnjNNTrD8u5EfXgAMGIFa397FG/EnV5TCM6KOEnvLDhJJm2MnsugY2AkFh5lx3KJsdwjMYF/YL7CaOsECwZXuU43nbnvjA4Oc7prCR+swX2CXqXC2Te1jy4CxfjgfWPg==</xenc:CipherValue> </xenc:CipherData> </xenc:EncryptedData> </wsse:Security> </SOAP-ENV:Header> <soap:Body wsu:Id="Body-JvP8MGBXkKOSHPcW0uHfgQ22" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <xenc:EncryptedData Id="_rVha2g3V1KAqZNAlHSmLaQ22" Type="http://www.w3.org/2001/04/xmlenc#Content" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"> <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/> <xenc:CipherData> <xenc:CipherValue>7yFQZoetU3789CGjgbc/vpIvipQpb6mTYsLsOFM14tYUsrt7uvYWTtGMxD0U8I3z7yMTHdwFiVvI/R6gVbH16s4Jd9zxhvuzrwz8Ir6nZ9DM7WBDhBLXl9aIPSpIGC3qlrTvK78P/U7d79NSD47iX5B9hKa/MRngLVGMp5F0xTlkmZzVsBcz1OehcWP3jSBj6kIB9x6CeI6mLPfp2E2S7JFW0iOihuhOAkPkjX7/DRJX8eRtL+hCu1YlVGB8rs7vaSHqMYTXKlU4XgKRaJwlchC51rG4Je1C/u4pw8HMpHAzxVWl1ge+JrqqZRwPv+QVJaoZXBKTspDi2nlUA+xTobUXFRYOFpeLuFL64gHe7b9oXoMGvJqluiNtORAxDTn7w6Bc8Islfgmqz/zn06V8CqJP9CiUFVWf6KFiNMwAmlsqItHDssEG79E//e/e1p+cl/JWEg7dSjAbLjreJTit6cl14/GY94JZG2lvUheLpnqhPCJXT06CFxTB78Ty8YRnW/HsSJ0SR+TSUJAlbCbsIQ==</xenc:CipherValue> </xenc:CipherData> </xenc:EncryptedData> </soap:Body> </soap:Envelope>

---

On peut voir que dans la seconde requête, il n'y pas de usernametoken dans le header, mais il a été remplacé par encryptedData. (D'où ma question du début)

Et voici le code de configuration spring avec apache CXF :

Code:

---

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64

<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:jaxws="http://cxf.apache.org/jaxws" xmlns:util="http://www.springframework.org/schema/util" xmlns:context="http://www.springframework.org/schema/context" xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.0.xsd">   <!-- prendre en compte les parametres systemes de la jvm --> <context:property-placeholder location="classpath:test.properties" />   <bean id="ProjectServices" class="primavera.ws.ProjectPortType" factory-bean="clientFactory" factory-method="create" /> <bean id="clientFactory" class="org.apache.cxf.jaxws.JaxWsProxyFactoryBean"> <property name="serviceClass" value="test.ws.ProjectPortType" /> <property name="address" value="http://port-128:8206/ws/services/ProjectService" /> <property name="inInterceptors"> <list> <ref bean="logIn" /> <ref bean="signResponse" /> </list> </property> <property name="outInterceptors"> <list> <ref bean="logOut" /> <ref bean="saajOut" /> <ref bean="signRequest" /> </list> </property> </bean> <bean id="logIn" class="org.apache.cxf.interceptor.LoggingInInterceptor" /> <bean id="logOut" class="org.apache.cxf.interceptor.LoggingOutInterceptor" /> <bean id="saajOut" class="org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor" />   <bean id="signRequest" class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor"> <constructor-arg> <map> <entry key="action" value="UsernameToken Timestamp Signature Encrypt" /> <entry key="user" value="username" /> <entry key="passwordType" value="PasswordText" /> <entry key="signatureUser" value="serverwsalias" /> <entry key="encryptionUser" value="serverwsalias" /> <entry key="passwordCallbackClass" value="main.ClientPasswordCallback" /> <entry key="signaturePropFile" value="/crypt.properties"></entry> <entry key="encryptionPropFile" value="/crypt.properties"></entry> </map> </constructor-arg> </bean> <bean id="signResponse" class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor"> <constructor-arg> <map> <entry key="action" value="Encrypt" /> <entry key="encryptionUser" value="serverwsalias" /> <entry key="decryptionPropFile" value="/crypt.properties"></entry> </map> </constructor-arg> </bean> </beans>

---

Personnellement, je ne vois pas trop quel option pourrait m'aider (la liste est ici).

Merci d'avance !

J'ai trouvé comment résoudre ce problème en particulier, ce n'était pas du tout évident donc j'espère que cela pourra aider d'autres personnes.

En fait, on peut spécifier les différentes parties que l'on veut voir crypter (et/ou signer) (par défaut, seul la partie Body est crypter) :

Code:

---

1 2 3 4

<entry key="signatureParts" value="{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;Body" /> <entry key="encryptionParts" value="{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}UsernameToken;Body" />

---

Les éléments "signatureParts" et "encryptionParts" prennent une liste de valeurs séparées par des point-virgules. Si l'on spécifie cette liste, le comportement par défaut n'est plus réalisé, c'est-à-dire que si on crypte la partie UsernameToken, le Body ne sera plus crypter, donc il faut le spécifier à nouveau.

Un élément de la requête est indiqué par {Element}{adresse de la définition de l'attribut XML}Id_de_l'attribut .

Maintenant, j'ai un autre soucis : il me faut définir le KeyIdentifier en EncryptedKeySHA1, mais si je rajoute le paramètre :

Code:

---

<entry key="encryptionKeyIdentifier" value="EncryptedKeySHA1"></entry>

---

Il me donne ça :

Code:

---

1 2 3

<wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" alueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1">QgB9VjsaVwwYNx/MowOS058pegY=</wsse:KeyIdentifier>

---

Comme si j'avais mis Thrumprint au lieu de EncryptedKeySHA1. Serait-ce un bug ?

Merci d'avance !