views:

30

answers:

0

I'm trying to invoke a SOAP webservice which first checks inputs and then authenticates the message as i understand it.

Basically what i've got here is

a FAKE client and an EJB webservice that forwards the message to the real webservice.

I've read that there are some cross compatibility issues with Metro and the .NET stuff but I've been successful in creating messages that seem to be recieved and handled by the WS.

The problem is that i'm using Secure Service: Security Mechanism: Message Authentication over SSL (this is not required i guess but it's yielded the best results)

the webservice sends me an error message: The signature or decryption was invalid

There's a configuration on for Message Auth over SSL where i can choose either message by username or x509 certification but I need both.

Username WSDL:

<wsp:Policy wsu:Id="StatementsService...">
<wsp:ExactlyOne>
  <wsp:All>
    <wsaw:UsingAddressing xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl" wsp:Optional="false"/>
    <sp:TransportBinding>
      <wsp:Policy>
        <sp:TransportToken>
          <wsp:Policy>
            <sp:HttpsToken RequireClientCertificate="false"/>
          </wsp:Policy>
        </sp:TransportToken>
        <sp:Layout>
          <wsp:Policy>
            <sp:Lax/>
          </wsp:Policy>
        </sp:Layout>
        <sp:IncludeTimestamp/>
        <sp:AlgorithmSuite>
          <wsp:Policy>
            <sp:Basic128/>
          </wsp:Policy>
        </sp:AlgorithmSuite>
      </wsp:Policy>
    </sp:TransportBinding>
    <sp:Wss10/>
    <sc:TrustStore wspp:visibility="private" peeralias="omitted_alias" storepass="omitted_pw" type="JKS" location="C:\GlassFishESBv22\glassfish\domains\domain1\config\cacerts.jks"/>
    <sp:SignedSupportingTokens>
      <wsp:Policy>
        <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"&gt;
          <wsp:Policy>
            <sp:WssUsernameToken10/>
          </wsp:Policy>
        </sp:UsernameToken>
      </wsp:Policy>

X509 WSDL

<wsp:Policy wsu:Id="statementservice....y">
<wsp:ExactlyOne>
  <wsp:All>
    <wsaw:UsingAddressing xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl" wsp:Optional="false"/>
    <sp:TransportBinding>
      <wsp:Policy>
        <sp:TransportToken>
          <wsp:Policy>
            <sp:HttpsToken RequireClientCertificate="false"/>
          </wsp:Policy>
        </sp:TransportToken>
        <sp:Layout>
          <wsp:Policy>
            <sp:Lax/>
          </wsp:Policy>
        </sp:Layout>
        <sp:IncludeTimestamp/>
        <sp:AlgorithmSuite>
          <wsp:Policy>
            <sp:Basic128/>
          </wsp:Policy>
        </sp:AlgorithmSuite>
      </wsp:Policy>
    </sp:TransportBinding>
    <sp:Wss10/>
    <sc:TrustStore wspp:visibility="private" peeralias="omitted_alias" storepass="omitted_pw" type="JKS" location="C:\GlassFishESBv22\glassfish\domains\domain1\config\cacerts.jks"/>
    <sp:EndorsingSupportingTokens>
      <wsp:Policy>
        <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"&gt;
          <wsp:Policy>
            <sp:WssX509V3Token10/>
          </wsp:Policy>
        </sp:X509Token>
      </wsp:Policy>
    </sp:EndorsingSupportingTokens>
  </wsp:All>
</wsp:ExactlyOne>

So basically is there a way to combine the two into one policy?