wss4j

In response to a security advisory (see http://cxf.apache.org/note-on-cve-2011-1096.html ) regarding the RSA v1.5 key transport algorithm, both CXF and WSS4J projects have disallowed use of all related algorithms by default. They have however supplied a configuration tag "ALLOW_RSA15_KEY_TRANSPORT_ALGORITHM" which should re-allow these algorithms (see https://ws.apache.org/wss4j/config.html ) Our problem is getting these frameworks (JBossWS / CXF / WSS4J) to accept/use this configuration setting. We have tried using: jboss-webservice.xml custom CXF interceptor (setting the param after CXF

I'm trying to create a "java first" webservice that will use plain and simple UsernameToken WS-Security. I've attempted to follow the examples from CXF. When I query my wsdl I see no mention of anything ws-security related. I'm using CXF 2.7.5 and I'm trying to do everything with annotations. The following is my failed attempt: SampleService.java: import java.util.ArrayList; import java.util.Date; import javax.jws.WebParam; import javax.jws.WebMethod; import javax.jws.WebService; import javax.jws.soap.SOAPBinding; import org.apache.cxf.annotations.EndpointProperties; import org.apache.cxf

I have a spring web application with jsp pages that calls different web services and displays the results in a jsp page. The spring web application has username/login spring security attached to it. I am adding a call to a web service that handles security. For the WebServiceGateway, I added a security interceptor. (See below) <bean id="securityInterceptor" class="org.springframework.ws.soap.security.wss4j.Wss4jSecurityInterceptor"> <property name="securementActions" value="UsernameToken Timestamp" /> <property name="securementUsername" value="Bert" /> <property name="securementPassword" value

trying to use the cxf+wss4j using maven. Created both the service and client without any compilation issues. The service runs fine in tomcat. Issue: When I run the client code, I get "java.lang.NoSuchMethodError: org.apache.xml.security.utils.I18n.init(Ljava/util/ResourceBundle;)V". This class is in xmlsec jar which comes along with cxf distribution. pom.xml for service project: <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> <modelVersion

I am trying to send a Soap Request to IRS and facing the same error like others in this group - 'Invalid WS Security Header'. can someone guide me with a sample Soap Request? One more question is - as part of the Enrollment process, we submitted our X509 certificate(public key) to IRS website which will be used to authenticate/decrypt your message digests. Which certificate file did you upload for this process? We are really stuck with this error for days now. Appreciate any help on this. I have seen 2 questions on this topic, but there are no helping answers. I am assuming this is for ACA Air