Webservice client with WS-Security encryption using jaxws-maven-plugin

Question

I'm using only jaxws-maven-plugin (no Spring or any other library) to generate my webservice client classes from a WSDL which works fine except I need to use WS-Security to encrypt a specific sub-element of my request.

Could you please point me to any documentation or give me a hint how to configure it? Is there a configuration file where do I set the following? Or do I need to use another library like Apache CXF?

WS-A Version: 200508

Key Identifier Type: Binary Security Token

Symmetric Encoding Algorithm: AES256-CBC

Key Encryption Algorithm: RSA-OAEP-MGF1P

Algorithm Suite: Basic256Sha256

Encypted elements XPath: //xxx/yyy

Thanks!

Answer 1

What I found out: (note I still don't understand what's going on)

• Wildfly uses built in Apache CXF somehow (Glassfish implementation and configuration is different)
• I had to modify the provided WSDL to add WS-Policy (haven't found a way how to add it to external file or somewhere without modifying the WSDL - which I'm not the author of) - see below
• Had to provide a keystore

• and configure access to it:

  XxxService service = new XxxService();
  BindingProvider bp = (BindingProvider) service.getXxxPort();
  final Map<String, Object> rqc = bp.getRequestContext();
  
  Properties p = new Properties();
  p.setProperty("org.apache.ws.security.crypto.merlin.keystore.file", ...);
  p.setProperty("org.apache.ws.security.crypto.merlin.keystore.password", ...);
  p.setProperty("org.apache.ws.security.crypto.merlin.keystore.type", ...);
  p.setProperty("org.apache.ws.security.crypto.merlin.keystore.alias", ...);
  
  rqc.put("security.signature.properties", p);
  rqc.put("security.encryption.properties", p);
  

WSDL Example

 <?xml version="1.0" encoding="UTF-8"?>
 <wsdl:definitions ... >

...

<wsdl:binding name="..." type="...">
    <wsaw:UsingAddressing wsdl:required="false" xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl" />
    <wsdlsoap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http" />

            <!-- added to wsdl for encryption -->
            <wsp:PolicyReference URI="#general_policy" />

    <wsdl:operation name="xxx">
        <wsdlsoap:operation soapAction="" />
        <wsdl:input name="...">
                            <!-- added to wsdl for encryption -->
                            <wsp:PolicyReference URI="#xxx_policy" />
            <wsdlsoap:body use="literal" />
        </wsdl:input>
        <wsdl:output ... >
    </wsdl:operation>

</wsdl:binding>



    <!-- added to wsdl for encryption -->

    <wsp:Policy wsu:Id="general_policy"
                xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" 
                xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"
                xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
        <wsp:ExactlyOne>
            <wsp:Policy>
                <wsp:All>
                    <sp:AsymmetricBinding>
                        <wsp:Policy>
                            <sp:InitiatorToken>
                                <wsp:Policy>
                                    <sp:X509Token
                                        sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
                                        <wsp:Policy>
                                            <sp:WssX509V3Token10/>
                                        </wsp:Policy>
                                    </sp:X509Token>
                                </wsp:Policy>
                            </sp:InitiatorToken>
                            <sp:RecipientToken>
                                <wsp:Policy>
                                    <sp:X509Token
                                        sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
                                        <wsp:Policy>
                                            <sp:WssX509V3Token10/>
                                        </wsp:Policy>
                                    </sp:X509Token>
                                </wsp:Policy>                               
                            </sp:RecipientToken>
                            <sp:Layout>
                                <wsp:Policy>
                                    <sp:Strict />
                                </wsp:Policy>
                            </sp:Layout>
                            <sp:AlgorithmSuite>
                                <wsp:Policy>
                                    <sp:Basic256/>
                                </wsp:Policy>
                            </sp:AlgorithmSuite>
                        </wsp:Policy>
                    </sp:AsymmetricBinding>
                </wsp:All>
            </wsp:Policy>
        </wsp:ExactlyOne>
    </wsp:Policy>


    <wsp:Policy wsu:Id="xxx_policy">
        <wsp:ExactlyOne>
            <wsp:All>
                <sp:ContentEncryptedElements
                    xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
                    <sp:XPath>/*[namespace-uri()='http://schemas.xmlsoap.org/soap/envelope/' and local-name()='Envelope']/*[namespace-uri()='http://schemas.xmlsoap.org/soap/envelope/' and local-name()='Body']/*[namespace-uri()='xxx' and local-name()='xxxRequest']/yyy</sp:XPath>
                </sp:ContentEncryptedElements>
            </wsp:All>
        </wsp:ExactlyOne>
    </wsp:Policy>
</wsdl:definitions>