Community

WS-Security on JBoss 4.2.2.GA with jbossws-native-client 3.2.0.GA error

reply from Sidney Zurch in JBoss Web Services - View the full discussion

SoapUI 3.5 can apparently not be used to test encryption with JBossWS 4.2.3/3.1.1.

JBoss WS clients generate a wsu:ID attribute in the <env:Body> element, which SoapUI omits. This is the cause of your fault.

<env:Body xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd' 
  wsu:Id='element-1-1272320911598-1522000'>
  <xenc:EncryptedData Id='encrypted-2-1272320911598-11779585' Type='http://www.w3.org/2001/04/xmlenc#Content'
   xmlns:xenc='http://www.w3.org/2001/04/xmlenc#'>

SoapUI:

<soapenv:Body>
     <xenc:EncryptedData Id="EncDataId-5" Type="http://www.w3.org/2001/04/xmlenc#Content">

JBoss also generates wsu:ID attributes in the <wsse:SecurityTokenReference> element, which again, SoapUI omits.

And as for testing WS-security, you might think about breaking up your operations and testing in stages: first test encryption using a single keystore, then test encryption requiring signatures, then multiple keystores, etc.

Reply to this message by going to Community

Start a new discussion in JBoss Web Services at Community