Skip to content

Latest commit

 

History

History

camel-cxf-jaxws-secure

README.md

Camel Secure CXF JAX-WS

This example demonstrates using the camel-cxf component with Red Hat Fuse on EAP to produce and consume JAX-WS web services secured by an Elytron Security Domain. Elytron is a new security framework available since Red Hat JBoss EAP 7.1.

In this example, a Camel route takes a message payload from a direct endpoint and passes it on to a CXF producer endpoint. The producer uses the payload to pass arguments to a CXF JAX-WS web service that is secured by BASIC HTTP authentication.

Moreover, all the exchanged SOAP messages are signed and encrypted according to the X509 signature and encryption WS-security policy:

  • The directToCxfBeanRoute route signs and encrypts the SOAP request payload using its private key when calling the SOAP service exposed by the cxfConsumerToProcessorRoute route
  • On reception of the SOAP request, the cxfConsumerToProcessorRoute route verifies and decrypts the SOAP request payload using the directToCxfBeanRoute public key
  • At the end, the cxfConsumerToProcessorRoute route signs and encrypts the SOAP response using its own private key, and sends it back to the directToCxfBeanRoute route. In the same way, the latter verifies and decrypts the SOAP response using the cxfConsumerToProcessorRoute route public key.

The full Camel route can be seen in cxfws-security-camel-context.xml.

Prerequisites

  • Apache Maven 3.5+
  • Red Hat JBoss EAP 7.1 server with Red Hat Fuse 7.2 installed
  • JKS keystores used to enforce the X509 signature and encryption WS-security policy on both the SOAP client and server:
    • src/main/resources/certs/client-ws-x509signature.ks: keystore for the CXF Producer (Web service client. See cxfws-security-camel-context.xml). It contains the client private key.
    • src/main/resources/certs/client-ws-x509signature.ts: truststore for the CXF Producer (Web service client. See cxfws-security-camel-context.xml). It contains the service public key.
    • src/main/resources/certs/service-ws-x509signature.ks: keystore for the CXF Consumer (Web service server. See cxfws-security-camel-context.xml). It contains the service private key.
    • src/main/resources/certs/service-ws-x509signature.ts: truststore for the CXF Consumer (Web service server. See cxfws-security-camel-context.xml). It contains the client public key.
    • This is how the above JKS keystores were generated):
    # Generate an auto-signed key pair and a JKS keystore for the client 
keytool -genkeypair -keyalg RSA -keysize 4096 -validity 1825 -dname "CN=client-ws-x509signature" -alias client-privatekey -keystore client-ws-x509signature.ks
# Export the client public key
keytool -export -alias client-privatekey -file client-pubkey.crt -keystore client-ws-x509signature.ks
# Generate an auto-signed key pair and a JKS keystore for the service
keytool -genkeypair -keyalg RSA -keysize 4096 -validity 1825 -dname "CN=service-ws-x509signature" -alias service-privatekey -keystore service-ws-x509signature.ks
# Export the service public key
keytool -export -alias service-privatekey -file service-pubkey.crt -keystore service-ws-x509signature.ks
# Import the client public key in the service truststore (JKS keystore)
keytool -import -trustcacerts -file client-pubkey.crt -alias client-pubkey -keystore service-ws-x509signature.ts
# Import the service public key in the client truststore (JKS keystore)
keytool -import -trustcacerts -file service-pubkey.crt -alias service-pubkey -keystore client-ws-x509signature.ts
    • the overall password used is : changeit

Running the example

To run the example.

  1. Use the add-user script to create a new server application user and group

    For Linux:

    ${JBOSS_HOME}/bin/add-user.sh -a -u testUser -p testPassword1+ -g testRole

    For Windows:

    %JBOSS_HOME%\bin\add-user.bat -a -u testUser -p testPassword1+ -g testRole

  2. Start the application server in standalone mode:

    For Linux:

    ${JBOSS_HOME}/bin/standalone.sh -c standalone-full.xml

    For Windows:

    %JBOSS_HOME%\bin\standalone.bat -c standalone-full.xml

  3. Set the Security Domain using a JBoss CLI script.

    For Linux:

    ${JBOSS_HOME}/bin/jboss-cli.sh --connect --file=configure-basic-security.cli

    For Windows:

    %JBOSS_HOME%\bin\jboss-cli.bat --connect --file=configure-basic-security.cli

  4. Study jboss-web-xml and web.xml files in webapp/WEB-INF directory of this project. They set the application security domain, security roles and constraints.

  5. Build and deploy the project mvn install -Pdeploy

  6. Browse to http://<jboss_eap_host>:8080/example-camel-cxf-jaxws-secure/

You should see a page titled 'Send A Greeting'. This UI enables us to interact with the test 'greeting' web service which will have also been started.

Testing Camel Secure CXF JAX-WS

Web UI

Browse to http://<jboss_eap_host>:8080/example-camel-cxf-jaxws-secure/.

From the 'Send A Greeting' web form, enter a 'message' and 'name' into the text fields and press the 'send' button. You'll then see the information you entered combined to display a greeting on the UI.

CamelCxfWsServlet handles the POST request from the web UI. It retrieves the message and name form parameter values and constructs an object array. This object array will be the message payload that is sent to the direct:start endpoint. A ProducerTemplate sends the message payload to Camel. The direct:start endpoint passes the object array to a cxf:bean web service producer. The web service response is used by CamelCxfWsServlet to display the greeting on the web UI.

The full Camel route can be seen in cxfws-security-camel-context.xml.

  • WebUI screenshot: webUI_camel-cxf-jaxws-secure

  • Red Hat JBoss EAP 7.1.5 log extracts to show the X509 signed and encrypted SOAP envelopes:

2018-12-20 23:06:53,980 INFO  [directToCxfBeanRoute] (default task-8) Received direct message: [Ljava.lang.Object;@3f72f74e
2018-12-20 23:06:54,102 INFO  [org.apache.cxf.services.GreetingServiceService.greetingPort.greeting] (default task-8) Outbound Message
---------------------------
ID: 27
Address: http://fuse-eap-01.lab.com:8080/webservices/greeting-security-basic
Encoding: UTF-8
Http-Method: POST
Content-Type: text/xml
Headers: {Accept=[*/*], Authorization=[Basic dGVzdFVzZXI6dGVzdFBhc3N3b3JkMSs=], breadcrumbId=[ID-amq-standalone-lab-com-1545323307183-21-1], SOAPAction=["urn:greet"]}
Payload: <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Header><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" soap:mustUnderstand="1"><xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="EK-c8ded17e-6f55-4ed1-8786-5b11fed7b124"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><wsse:SecurityTokenReference><ds:X509Data><ds:X509IssuerSerial><ds:X509IssuerName>CN=service-ws-x509signature</ds:X509IssuerName><ds:X509SerialNumber>212833955</ds:X509SerialNumber></ds:X509IssuerSerial></ds:X509Data></wsse:SecurityTokenReference></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>fDrOJqqlOc+E1Rfr+FNcjXaNPJN0EXIfCECzS8qDqZ4F5PfTatf0JGYWtYWGHdYoDXaZECxMcOac0AkLUG7y9m9UhHPRWoqUESztK6rtgxOLNV3THh9x2wlT8kV5nvtHFOZ3ojs1ALOA7DJ4LTGvSFxrC9O+R5xQ82TSO1i8EAp4A3RlDX9/cYXhDRRHa+xmXNvb+rDyElvjURv4RgcRRVr1p40Pu9wgMmzSSHlIMUQr91WFFOJzX42Tg4QClpX5GPoKwThyETz7pGC7OHdyGahvGQdEfinQkoNDeCmmw7Xm6Oa2sr/lXw4b4aZBFKEmrY6petVnnwCLusDmGZEc+/ptTEvfAoi2gS8fBs5rF9usL99dc6LSIRm+WLDkColPfInlaQtx//723tA0zl2W2VY67Z0ZGy7wvHMZJIgGu5CdTuo1ShSiWiH4mBOB5KEIi3nj1oq9qE1jTx06V2XWCthHiTDR9Aqvw6vWLfiMJaog+EfT55OkQcpiIPZlchYytF1jiHMKSm/QNDttDLF0qNdt62qyd8n76fb4ybQGTN7gIZHVuQgLmVBGRGp4lvnR00dr0L9Ewq3ybN+x8gTL5F9qQKjhJyO5Ec6wheUDHRwsaIiNulhZeJZOafwZ+OPECeTEpvDsF3pzv1SXq5p4KMP8USu5mw8r0XecgfbngdQ=</xenc:CipherValue></xenc:CipherData><xenc:ReferenceList><xenc:DataReference URI="#ED-fcc7dbb8-3a2c-4823-bf3f-7166290f3092"/><xenc:DataReference URI="#ED-fd9d7f5c-fdb0-4e73-afc7-ef28ff22f337"/></xenc:ReferenceList></xenc:EncryptedKey><xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="ED-fcc7dbb8-3a2c-4823-bf3f-7166290f3092" Type="http://www.w3.org/2001/04/xmlenc#Element"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd" wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey"><wsse:Reference URI="#EK-c8ded17e-6f55-4ed1-8786-5b11fed7b124"/></wsse:SecurityTokenReference></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>rhfkWI3QzfaAR+vXnvflpvsXFtdFp1YJ7qtR7XE+H+lrY3GuR/r3yMTQ9k/ll1UmHTq3+0KVSTwKlFa7kPW5qAP4H8NuWcvfPETdhp48s5sci1jzKUtTJHq12W1X1hoxz3DCDn4wff1X+si6910sdUqz9mEPKEtn8AQVFf0985F2VJVX7A3ZvAI6Y7c2v+i850Es9/G43ELA63K3OMrd7ZwoymEXoOz958c1vp8pZXTuzgbOV73z/NbzTSCFGn88mnUp6xGdwGUi7ghAkB75zyd/rpq4C1lIYhknPedbUz1OIMC6DYw1dLKgNQ8kmknbWfsFPVJrYdjZXnTGrh4L5ZiXKlWiXCUkqAcj6zdSsX0EGVax63xX3fuv2mAcafTbWlOeChh7a46d0HSk1H+7tdvlHU/pOEJ4wZWzOj57hnUbqOrH/4CpRGPAZIwF5AH6pffySOCh9SARC0DimGODR1HV8HnR0fCZit1p4PPnhHPx5GwMj6Qx9NEbt83BfbS89+KVdQsMTmBH/Y1r6x/LLOZLe5JM8EeYcMInupaSfKak1PlN+7SfKCGK796HLfIuwBbgqhLF8PyE16twBNBpk6ndqmuhPsSBz4/HJ3Qb358qiMRhfpcyrTVkH0HQ3o+ldUjCgaEJMgzrtPTI0dOlTJNNGD9oWGbDAdsaGOTIH+siN44U+NCrbrYlHr6JpRre69tnTh3AeIWnT2Z+2YIYXUB5qQR1yRpv1Sw79Bkx8DmsuKH2AG6f0T3G89DzcGEnI23Zx9xbAX/YNFNJGBgCtJp/kjdWvTH9KwNmaalbSs2QeB+D84lnvRDslfyK/fEXbXj9FVr9ggDyPRN7YRmKP8ogne3oVZqf7j22Wc70T4G+qlE+OfW/iAkleA0nmqu0ZZ2RKrpoRa3n0qiXDuufxqeEU7DOSf/IUpiLL7v6quktng0WG/M7Dwlg2LGmj0/HdNP0KcgTQXUKD3nvRKX4adUxt5cw0qpx69/u1CdxK7P/BOo3Zl/wox6aiVKhh5MXZ67sZNsHULEr/gIYXxs8oZIO/dnq/aDZR+1TKAsbWupUt4p4dVA2nKNBYezrmWdQlgsGf3vRG3MS35Nwe7fc3mgrRkD3rirpIq3WoHKhWjy6AziLkgJo2xc0czIvUazyTN87QQ26tOocDD2NqHyYWlZR4udd6OIQwSXNYNMM0C9EW/jB6oLSSmCc60TvgJL7ViTgCWb3HZx6CP4GbLR/RZeFxWwdtgv+Na/d8IHSkGE8D+N0/0cLobI47rQJP9Vj9qfa14LmQmIeeJGVgcaMdozuupngMSLw6qGzsHVnDkMjPqcKiA8qtHpobs/i3fc8cm6+oOYANrFaHDjvtQYCCPpdAYtWNSq/lzd6YiqRns3FCx1DUBQTgUxUy8UFy5Rl+tE+7GNmM0g4FNTLHXqhVcVdkdB7hndc+KnUVr82fXgxQQRVCihCbA04KN0Nk7qdPwP4VPBXZ0hxlf3aeeXeMbOrPMbAjKDUkpPsJoEOHObZ25r6GhpJFE/YA8RrtCx2H4WzD6rFeuDNmReLOGqYyqUDsoW0Mu/9AZdZOtT6tm10seHI5HQgvTqH55KnMlJAyskc8wp9ii61X9oPW7OaJJiVB3OXNsXe+kMpX9wo6StO2pj0W/BBa++kTJ9ZPW2wLMeEAvaUsi09ApTBYPodJlhLzRETHM2ZBC8ycpV20TJHf2iAvCNt8LetxGJSVKc2tZewK3XQfqHXNIHZUjdd84p5qcDV7+TCJbyDgmwtrvX02goJfOTW1/GqqQ02GxcL1v3Vz0bUzYOJignKkBdu86WYhbvW3FkL5+ME6nPXzyTyxtgBqHffxCuCClsgESPkcTb9iLVtzGjai3Y9G13W30pJ8Obtjc78ZKiGEXRzQ0/zAa3NsDV/xqgxPSBfM8OmWu6yGCo9btqQV16EIxUj1LmStv1QrJimXSnSqVMqAn2wnBNU5OzQJe6NGqsWD8dqT97MHSuZ+ZIGTQfFgtDXGHz9kr5wWXVs1Pf7AgU3YC3ys87/gUOClf6ZDwj3PLW9uXWxPoFfnZ803bwj/1X1aj/jQCnRaE812AAaiLlMsOyg4wpH+1FavV8kEHoSzam/ZpPxJcAvT5CvYlbUm0/aEPN3AGTq6o77Fju0oEexd/jZ1hwj2k1oY7XkUFWOpvTSSYF/YqeOhl2jbjE4ULA6hdPqxD+0SudS9+XPVtfdzI5znvJW5M3EiRI7hYhRQz7Uq2byENU3PMhvru7tSJaJPwgJfyLeup17iDRITNDOsUA5KAcYJhMYzXgtLSHzdVNvuzPTN73QPLyfiYTY87OpqtXOoZDSrmaEPEDdMUQhSYUq5ppkZVBb7ysssa6YJYVNormjwkIsJmOibhaWQBkpTIo+HIkHzXdcG2jV7M+EprGmFJwRabOCY8mxUVFTndyCPBs3zTDqym9jfGig/j6falvcYLyVRmdh6raicCfa5ynglb/Be+OtY1AObyo2l/dkFElEYMQ6h/NurNl8u9prMQEIIYTflmmL+3EpxeUJB64J+4KVZa6d1hNouIxplU20HFS/jgYYOnwMZEPMyrSx07IxMdNmyGL+OBYEIKQauHRteHoC/szN9jEVeZKBGNjtY/yLSq5uRW712yozOo+h0RePx4nfKETd0mG7Oop2/o7FaIopUJc5nr2q7XmwK7hwjYx8B/B0BFd/dZK26BkPBelMuLiuXqFClvDP0rqe5enzN2qgS2jjtA1ACmyQOKKQpWYTexrIJhmPhRqxvL9l45ayH7xHzcONDNoVtRpVN9w=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></wsse:Security></soap:Header><soap:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-12c1fe83-1545-4b45-b928-6aeb2920e04f"><xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="ED-fd9d7f5c-fdb0-4e73-afc7-ef28ff22f337" Type="http://www.w3.org/2001/04/xmlenc#Content"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd" wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey"><wsse:Reference URI="#EK-c8ded17e-6f55-4ed1-8786-5b11fed7b124"/></wsse:SecurityTokenReference></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>S/SkozokySBORzHAvAQlOZwN+5HEmSrNXbU7Hke4p0lMZ5+kGbHgQTgV4wvWwZ6W1vSL0kUrNjGQDmkumdzSXH7/f6wuTFDuwzZYPfogGX8RjZ/qpL5YpuHQNdVhxpbaSSQBJX4A+w8DgIwitpiYiK20j5XbS7QGx68YSdzaxrxWwKW12fwBd3jD2fZXfuymnxMnfhM1qoTKJjvU44H1nFn7Nk270sVsglupYfJy4c9qlp0SV1sE46Ci5+TKf6/VbY3YO2B/wdCAffMVokF9V+m/wd3mgZRBdRft9uEfdDU=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></soap:Body></soap:Envelope>
--------------------------------------
2018-12-20 23:06:54,140 WARNING [javax.faces] (default task-9) Multiple JSF Applications found on same ClassLoader.  Unable to safely determine which FactoryManager instance to use. Defaulting to first match.
2018-12-20 23:06:54,140 WARNING [javax.faces] (default task-9) Multiple JSF Applications found on same ClassLoader.  Unable to safely determine which FactoryManager instance to use. Defaulting to first match.
2018-12-20 23:06:54,147 INFO  [org.apache.cxf.services.GreetingServiceService.greetingPort.greeting] (default task-9) Inbound Message
----------------------------
ID: 28
Address: http://fuse-eap-01.lab.com:8080/webservices/greeting-security-basic
Encoding: UTF-8
Http-Method: POST
Content-Type: text/xml; charset=UTF-8
Headers: {Accept=[*/*], Authorization=[Basic dGVzdFVzZXI6dGVzdFBhc3N3b3JkMSs=], breadcrumbId=[ID-amq-standalone-lab-com-1545323307183-21-1], connection=[Keep-Alive], content-type=[text/xml; charset=UTF-8], Host=[fuse-eap-01.lab.com:8080], SOAPAction=["urn:greet"], transfer-encoding=[chunked], User-Agent=[Apache CXF 3.1.16.redhat-1]}
Payload: <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Header><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" soap:mustUnderstand="1"><xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="EK-c8ded17e-6f55-4ed1-8786-5b11fed7b124"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><wsse:SecurityTokenReference><ds:X509Data><ds:X509IssuerSerial><ds:X509IssuerName>CN=service-ws-x509signature</ds:X509IssuerName><ds:X509SerialNumber>212833955</ds:X509SerialNumber></ds:X509IssuerSerial></ds:X509Data></wsse:SecurityTokenReference></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>fDrOJqqlOc+E1Rfr+FNcjXaNPJN0EXIfCECzS8qDqZ4F5PfTatf0JGYWtYWGHdYoDXaZECxMcOac0AkLUG7y9m9UhHPRWoqUESztK6rtgxOLNV3THh9x2wlT8kV5nvtHFOZ3ojs1ALOA7DJ4LTGvSFxrC9O+R5xQ82TSO1i8EAp4A3RlDX9/cYXhDRRHa+xmXNvb+rDyElvjURv4RgcRRVr1p40Pu9wgMmzSSHlIMUQr91WFFOJzX42Tg4QClpX5GPoKwThyETz7pGC7OHdyGahvGQdEfinQkoNDeCmmw7Xm6Oa2sr/lXw4b4aZBFKEmrY6petVnnwCLusDmGZEc+/ptTEvfAoi2gS8fBs5rF9usL99dc6LSIRm+WLDkColPfInlaQtx//723tA0zl2W2VY67Z0ZGy7wvHMZJIgGu5CdTuo1ShSiWiH4mBOB5KEIi3nj1oq9qE1jTx06V2XWCthHiTDR9Aqvw6vWLfiMJaog+EfT55OkQcpiIPZlchYytF1jiHMKSm/QNDttDLF0qNdt62qyd8n76fb4ybQGTN7gIZHVuQgLmVBGRGp4lvnR00dr0L9Ewq3ybN+x8gTL5F9qQKjhJyO5Ec6wheUDHRwsaIiNulhZeJZOafwZ+OPECeTEpvDsF3pzv1SXq5p4KMP8USu5mw8r0XecgfbngdQ=</xenc:CipherValue></xenc:CipherData><xenc:ReferenceList><xenc:DataReference URI="#ED-fcc7dbb8-3a2c-4823-bf3f-7166290f3092"/><xenc:DataReference URI="#ED-fd9d7f5c-fdb0-4e73-afc7-ef28ff22f337"/></xenc:ReferenceList></xenc:EncryptedKey><xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="ED-fcc7dbb8-3a2c-4823-bf3f-7166290f3092" Type="http://www.w3.org/2001/04/xmlenc#Element"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd" wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey"><wsse:Reference URI="#EK-c8ded17e-6f55-4ed1-8786-5b11fed7b124"/></wsse:SecurityTokenReference></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>rhfkWI3QzfaAR+vXnvflpvsXFtdFp1YJ7qtR7XE+H+lrY3GuR/r3yMTQ9k/ll1UmHTq3+0KVSTwKlFa7kPW5qAP4H8NuWcvfPETdhp48s5sci1jzKUtTJHq12W1X1hoxz3DCDn4wff1X+si6910sdUqz9mEPKEtn8AQVFf0985F2VJVX7A3ZvAI6Y7c2v+i850Es9/G43ELA63K3OMrd7ZwoymEXoOz958c1vp8pZXTuzgbOV73z/NbzTSCFGn88mnUp6xGdwGUi7ghAkB75zyd/rpq4C1lIYhknPedbUz1OIMC6DYw1dLKgNQ8kmknbWfsFPVJrYdjZXnTGrh4L5ZiXKlWiXCUkqAcj6zdSsX0EGVax63xX3fuv2mAcafTbWlOeChh7a46d0HSk1H+7tdvlHU/pOEJ4wZWzOj57hnUbqOrH/4CpRGPAZIwF5AH6pffySOCh9SARC0DimGODR1HV8HnR0fCZit1p4PPnhHPx5GwMj6Qx9NEbt83BfbS89+KVdQsMTmBH/Y1r6x/LLOZLe5JM8EeYcMInupaSfKak1PlN+7SfKCGK796HLfIuwBbgqhLF8PyE16twBNBpk6ndqmuhPsSBz4/HJ3Qb358qiMRhfpcyrTVkH0HQ3o+ldUjCgaEJMgzrtPTI0dOlTJNNGD9oWGbDAdsaGOTIH+siN44U+NCrbrYlHr6JpRre69tnTh3AeIWnT2Z+2YIYXUB5qQR1yRpv1Sw79Bkx8DmsuKH2AG6f0T3G89DzcGEnI23Zx9xbAX/YNFNJGBgCtJp/kjdWvTH9KwNmaalbSs2QeB+D84lnvRDslfyK/fEXbXj9FVr9ggDyPRN7YRmKP8ogne3oVZqf7j22Wc70T4G+qlE+OfW/iAkleA0nmqu0ZZ2RKrpoRa3n0qiXDuufxqeEU7DOSf/IUpiLL7v6quktng0WG/M7Dwlg2LGmj0/HdNP0KcgTQXUKD3nvRKX4adUxt5cw0qpx69/u1CdxK7P/BOo3Zl/wox6aiVKhh5MXZ67sZNsHULEr/gIYXxs8oZIO/dnq/aDZR+1TKAsbWupUt4p4dVA2nKNBYezrmWdQlgsGf3vRG3MS35Nwe7fc3mgrRkD3rirpIq3WoHKhWjy6AziLkgJo2xc0czIvUazyTN87QQ26tOocDD2NqHyYWlZR4udd6OIQwSXNYNMM0C9EW/jB6oLSSmCc60TvgJL7ViTgCWb3HZx6CP4GbLR/RZeFxWwdtgv+Na/d8IHSkGE8D+N0/0cLobI47rQJP9Vj9qfa14LmQmIeeJGVgcaMdozuupngMSLw6qGzsHVnDkMjPqcKiA8qtHpobs/i3fc8cm6+oOYANrFaHDjvtQYCCPpdAYtWNSq/lzd6YiqRns3FCx1DUBQTgUxUy8UFy5Rl+tE+7GNmM0g4FNTLHXqhVcVdkdB7hndc+KnUVr82fXgxQQRVCihCbA04KN0Nk7qdPwP4VPBXZ0hxlf3aeeXeMbOrPMbAjKDUkpPsJoEOHObZ25r6GhpJFE/YA8RrtCx2H4WzD6rFeuDNmReLOGqYyqUDsoW0Mu/9AZdZOtT6tm10seHI5HQgvTqH55KnMlJAyskc8wp9ii61X9oPW7OaJJiVB3OXNsXe+kMpX9wo6StO2pj0W/BBa++kTJ9ZPW2wLMeEAvaUsi09ApTBYPodJlhLzRETHM2ZBC8ycpV20TJHf2iAvCNt8LetxGJSVKc2tZewK3XQfqHXNIHZUjdd84p5qcDV7+TCJbyDgmwtrvX02goJfOTW1/GqqQ02GxcL1v3Vz0bUzYOJignKkBdu86WYhbvW3FkL5+ME6nPXzyTyxtgBqHffxCuCClsgESPkcTb9iLVtzGjai3Y9G13W30pJ8Obtjc78ZKiGEXRzQ0/zAa3NsDV/xqgxPSBfM8OmWu6yGCo9btqQV16EIxUj1LmStv1QrJimXSnSqVMqAn2wnBNU5OzQJe6NGqsWD8dqT97MHSuZ+ZIGTQfFgtDXGHz9kr5wWXVs1Pf7AgU3YC3ys87/gUOClf6ZDwj3PLW9uXWxPoFfnZ803bwj/1X1aj/jQCnRaE812AAaiLlMsOyg4wpH+1FavV8kEHoSzam/ZpPxJcAvT5CvYlbUm0/aEPN3AGTq6o77Fju0oEexd/jZ1hwj2k1oY7XkUFWOpvTSSYF/YqeOhl2jbjE4ULA6hdPqxD+0SudS9+XPVtfdzI5znvJW5M3EiRI7hYhRQz7Uq2byENU3PMhvru7tSJaJPwgJfyLeup17iDRITNDOsUA5KAcYJhMYzXgtLSHzdVNvuzPTN73QPLyfiYTY87OpqtXOoZDSrmaEPEDdMUQhSYUq5ppkZVBb7ysssa6YJYVNormjwkIsJmOibhaWQBkpTIo+HIkHzXdcG2jV7M+EprGmFJwRabOCY8mxUVFTndyCPBs3zTDqym9jfGig/j6falvcYLyVRmdh6raicCfa5ynglb/Be+OtY1AObyo2l/dkFElEYMQ6h/NurNl8u9prMQEIIYTflmmL+3EpxeUJB64J+4KVZa6d1hNouIxplU20HFS/jgYYOnwMZEPMyrSx07IxMdNmyGL+OBYEIKQauHRteHoC/szN9jEVeZKBGNjtY/yLSq5uRW712yozOo+h0RePx4nfKETd0mG7Oop2/o7FaIopUJc5nr2q7XmwK7hwjYx8B/B0BFd/dZK26BkPBelMuLiuXqFClvDP0rqe5enzN2qgS2jjtA1ACmyQOKKQpWYTexrIJhmPhRqxvL9l45ayH7xHzcONDNoVtRpVN9w=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></wsse:Security></soap:Header><soap:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-12c1fe83-1545-4b45-b928-6aeb2920e04f"><xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="ED-fd9d7f5c-fdb0-4e73-afc7-ef28ff22f337" Type="http://www.w3.org/2001/04/xmlenc#Content"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd" wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey"><wsse:Reference URI="#EK-c8ded17e-6f55-4ed1-8786-5b11fed7b124"/></wsse:SecurityTokenReference></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>S/SkozokySBORzHAvAQlOZwN+5HEmSrNXbU7Hke4p0lMZ5+kGbHgQTgV4wvWwZ6W1vSL0kUrNjGQDmkumdzSXH7/f6wuTFDuwzZYPfogGX8RjZ/qpL5YpuHQNdVhxpbaSSQBJX4A+w8DgIwitpiYiK20j5XbS7QGx68YSdzaxrxWwKW12fwBd3jD2fZXfuymnxMnfhM1qoTKJjvU44H1nFn7Nk270sVsglupYfJy4c9qlp0SV1sE46Ci5+TKf6/VbY3YO2B/wdCAffMVokF9V+m/wd3mgZRBdRft9uEfdDU=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></soap:Body></soap:Envelope>
--------------------------------------
2018-12-20 23:06:54,471 INFO  [cxfConsumerToProcessorRoute] (default task-9) Received CXF Bean message: This is a simple request with Basic Auth and X509 signature+encrypt WS-Security policy activated!
2018-12-20 23:06:54,563 INFO  [org.apache.cxf.services.GreetingServiceService.greetingPort.greeting] (default task-9) Outbound Message
---------------------------
ID: 28
Response-Code: 200
Encoding: UTF-8
Content-Type: text/xml
Headers: {}
Payload: <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Header><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" soap:mustUnderstand="1"><xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="EK-acb1c918-24c7-4569-bbe8-67c4d77c0db1"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><wsse:SecurityTokenReference><ds:X509Data><ds:X509IssuerSerial><ds:X509IssuerName>CN=client-ws-x509signature</ds:X509IssuerName><ds:X509SerialNumber>335263260</ds:X509SerialNumber></ds:X509IssuerSerial></ds:X509Data></wsse:SecurityTokenReference></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>eulb/+vB0YFpejRhegVKnI5sp28rbEPaKWNH0KbKKoeRh/fE63aObZ6Wy1FBznQhC/n+9tTWwJFqzsjrEG7CEGuOsSeM1FrzlYw7C0CKu3S2oKs1MhY1CL+7UZkJ8vGAvO38i9cLQdZkfOUj81MFCZBqw1g+MgYFFlSirz6XzdlUZlzIl7bML3aKqfIkxR9U6MkB6XAatpVK5LiRr/sXtz6FAsb/8yyBVCp4hzapl6iu9ylDaA5Wi72AT4/yX3D6Q4317C+CMdvfDKY0q4X4kyYIzwsWciXadYok1YbY9ll1VZk2/rIeA7zXSCwuUxc4p0uACylThbb67/Nahwire1ija69XtzxZGU3BBu7qlCdQxnfNeQh1gmyItzwYOVPejFhacwX6/+4ZHLz1jc1tM3yOz41PeJBq4P5SxlcgvBx0gdEMFg1JmbuNKy0Rv6ABdNOJ+j8DJZQp3XWvKQxP+H7KKiK6wCsGiyjP/eUSZA95aoj8thlWyQuCIIR1Pe2sW2Yn4ruB5HTzDo4NFe3Oe6zvfMEb6rR7mPWZeQJcMWe1Z8Zkgs2bqNyXHqQD3KuXsMrfoaFTxbQS8DFrNIhT2VT1Z+X5u0dMaKOBOaQbOQsilaFNsnxCbV/ZlfRjuqSWrA7vytIyUcS8YfxiiL5fGN4+d2AGdQAidSe8BZgm8eE=</xenc:CipherValue></xenc:CipherData><xenc:ReferenceList><xenc:DataReference URI="#ED-f4770e27-bc56-4b91-ac26-749a649bbc26"/><xenc:DataReference URI="#ED-31c24d1e-3293-4025-9c11-31f3ba964c87"/></xenc:ReferenceList></xenc:EncryptedKey><xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="ED-f4770e27-bc56-4b91-ac26-749a649bbc26" Type="http://www.w3.org/2001/04/xmlenc#Element"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd" wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey"><wsse:Reference URI="#EK-acb1c918-24c7-4569-bbe8-67c4d77c0db1"/></wsse:SecurityTokenReference></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>chZB8QW2KF2tvdQObRJPdo+PSIVMSxVnsCp7NihjosjZgkG3ahAaVJwkrXezijCQ1kxmm6dRfOwI9ZaL54GjeXHha51+8yv6ODgXj/Zu+09noPgWEz4hh1AKgwb63wBjlsvqbqdnPAcA1DjJghdVmzH7FY6gkpAR/L/4oXlkGXOfFs2OKq/EYe6d7k+vOIkW7c5zEvCGCpkkj37IKn9mR/sX/beX26P7aTHQ4RkdWRzv1oTnQ/ZxddIhk0c2cIEruJyluEmdwnmOIRXbwQHnmUGsrEarz++a8jIggDGtDI1teg/8y1y6qpTbNppV1ilEhiQK/qgilkrOdsooa6MmipEr2wW0BcSWcSvvc17JdLFZ+b/hnMYupgy8iRA6hhbwgVnJC7O5BuDNbOheyGxjm6Jmva9FRBydghkozJyvOi54V/rCUYEtoHbglRHPvWNaj4S2lvCt9pHbRuozQpwJhrLCqPxY2l2fzEgNyUUH3xPwTWYKcTqtfasXUwiGcgNaoIeMR24UAB6hUnkdmXU0PqO+/o5QDtfUQWXUFCK6+ATk22srTBeMfNGAKluCbFVNltilNHVDhdZxQx4h7XAEWttQQUiyhdAnsuljkkCFweehKjh+qCSThUSi92stEYlyGrOXSwyeZhqaL+P4poe/UPEi4Sv6smQnyeQ6eUC2GGf5wNaLGABCVEjQ7BPxJ//2kk1ti4Q3hf8OhLlSoG030VlsWObg4z5G8xA5PO5pqiUd6FeeCT1Y+iuop6wxRwk/nSGoijAVhQz07LYzTrnwQ/zfHPwt9Xrgp7q1S+9mIUopNFtASm+U6pGPKBW+yPtx1i7oU6z9jidBS7PL7uo1a284sPHiLXdOfkUtacYf13SYbRAXbiH2rDZ9UuUCl/k8aQir8X71kkHNLkitBsCBO5C9KLXyr16Kg6CNUMXJJCyqk7YtvS6NgzcD5J2w7p88uIfNkjdQjaq0jJ9vmgUZmWsZtsJikXgEHmMJwa5msSfF5xOb/qRXbHM9gbrpFNiA/sqGBG/RanImHLn30TcwnZxnCL2UD2V9ELx2NTsgahPstSSohM9sDRNijxeXyg5CYJtYpgfvKDp+6pXKzuxPPQdEOefxeZON9z/ymDIY88BlQadERX5w4uFgq5qRT+07vdyP5ZWIv+bRBCe7aAj9Jc15Y6TDwhgP/Bof+njpoehJu57xXIRvLf+0sDCaDxgp2nSlNTQMyJ4J7xIPELha/h8BeIDnmB0YijBsNLDalMMGhRaDWQFTanK4rnr5rQdCXuAXKScwq1Ss48XabQwaieui+MjglVBUFNDebIT4/aXlAu/r5l9tDIX22fpFMZ+FdWl3XZCcG+/f3pTHRYa0YDrEuEnl5K1Oj68D6I8zjy3Xn9fh78qMmMcRJ4YtnSTMU8K5Acug8sKXqGfhiVbcrkdB+EwJNrSnY81Nrdt1mHKpzdO1NdZOfCE/Y+iM9M39rZpneGKD73n8usK13EE3RwjjymPr4ZfeYXH1DcSiJ+NVwWlCr5Nh7006v2P+E/72cfyFfOkzrl+wjugqKUaio3XS0wlpJuymoBxlsvWNGi6pqo6tFLOi1a2vTqGmAkEhGzXUJmGwSebcY8vft8/eBEmUWeZVlvKjVnYt7PxqnZlOeq4GnkbDp1MB33bsEWn43FxLEu0LryDiRryUxYKq4wyUP16i+NBT/Mq0kW8fWUP/9/W86SrDHR2xOwx91dmnfpr221ipcZlBaj2TqCcbT6IzerobjOqHWqsv88siN+S40kAE46tuWQD4fbgnaiA915tPH+pDDOydNniJO3dO3jRf64KWoJh0vwIUs9Cf0v7m7/oQHVxfQcgj0V+SrX17CgawHoaX/mSssHiw2zPtGx05AM1XgN9U+GqblnqOQgLeIBcU3gtaJ9IhyKIZNcpaPb4XiSFaTqPUnNrwI9sb81skMSomC6Ir91fUKpjJZGbfoktLGezhBU6TVcu96zLgGOfBkhUBWhUSPQb984piQBcyZMEzHXr8VpkRMyVTRtJimgN/pLFYhjAkckWI2kiC9qsAqA5a0LJN6pS4JIlVy3rv/taDo/UL6ejtwI07+jAsDNlVa3otZ3v9YsMdvrW7px5UfgfzM3NBmGFWE1IFv5LFopzWKwtVD3rKNo+DIx8DDpE3IVDASApK9nIDl0tgfAEEQKVVmgPpsLjEhVEeGBdZPCbmeQmtH7CzO7P0iFhQs+CT9QqjGicEtnQjkKQXB7PCzWXvO9I3BMe+9K3iROq21XyUwH7UtWdODp2SvnhsL/hbvCH398Gliu+zhY1x1eB73cxsKD65BtY80W/fqVOzoO4XKg4QXhBoPqmHv3XZ0NpcxD48WKUfyWwhb0VF6Hv0zs5ag/YJo8JeYjrOCirTmHOAbMFjtXivCFUz6ulb8x2DOmc9ypbh6dQ23a+wsdSlEupHs8S4bprAxGHsLNG1pduR3b5UhgzH0YwnUfAyxmltWkPY2FOlf3FHZNkzFEXuy9NBuCHiiYPrCGZTEl3nNjYL419pWiGFgdD1QvnPPCoOfYlkKx2fh6dtF11RE+iaFBYYWcrusHl9HoxK5ZnGCzMBYq+76FAZmrovp1StE5Ix6geaE8DseqQFlJFxvr8dwOMjjJSrVM/yovRSlohfibtxwVkITskbg9DwUkjP1CqgP2Q8eKwULn6vKrpj1vWoLVBPhjFjgxdoR8Q+KBshzBngSB0ttm9uVbtIat6MHys65V/Z4O5DNXRifGv+2d9QaAsCzCpeUsneZXm3/RepcWCn9xyowB0f/2sNrli/ijWhbsB+tQ==</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></wsse:Security></soap:Header><soap:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-6d1d12e3-dbb2-420d-a2d1-09de442925a1"><xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="ED-31c24d1e-3293-4025-9c11-31f3ba964c87" Type="http://www.w3.org/2001/04/xmlenc#Content"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd" wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey"><wsse:Reference URI="#EK-acb1c918-24c7-4569-bbe8-67c4d77c0db1"/></wsse:SecurityTokenReference></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>cZ1FEg+UEfhpxmbup1DZcv162+JtVCd4/ueLwtKPnJQdRIAdr+J6KiPukPSARdzazzVrz8WwhHL+Jp958YC7aDa/ZMiA/XXNg5DoM8qw3jQ9M3EPEcVc6As2TFuf5i96SlMXjwihAAaoBcxTksOORupMcROfssDC6LRcsByAmVyrF+f6Bbq1WNwm3r5LfJesz1CnwwxC4KmFGnlCkjvXSaeJ6ipyTDD5uKJMzrRiSuZvQjPiidckwGvZunz0w5Nizi6mNVynENxlti0WRq5ivfG713akbHZvFrkOCiA3BBw=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></soap:Body></soap:Envelope>
--------------------------------------
2018-12-20 23:06:54,573 INFO  [org.apache.cxf.services.GreetingServiceService.greetingPort.greeting] (default-workqueue-1) Inbound Message
----------------------------
ID: 27
Response-Code: 200
Encoding: UTF-8
Content-Type: text/xml;charset=UTF-8
Headers: {Cache-Control=[no-cache, no-store, must-revalidate], Connection=[keep-alive], Content-Type=[text/xml;charset=UTF-8], Date=[Thu, 20 Dec 2018 22:06:54 GMT], Expires=[0], Pragma=[no-cache], Server=[JBoss-EAP/7], Transfer-Encoding=[chunked], X-Powered-By=[Undertow/1]}
Payload: <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Header><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" soap:mustUnderstand="1"><xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="EK-acb1c918-24c7-4569-bbe8-67c4d77c0db1"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><wsse:SecurityTokenReference><ds:X509Data><ds:X509IssuerSerial><ds:X509IssuerName>CN=client-ws-x509signature</ds:X509IssuerName><ds:X509SerialNumber>335263260</ds:X509SerialNumber></ds:X509IssuerSerial></ds:X509Data></wsse:SecurityTokenReference></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>eulb/+vB0YFpejRhegVKnI5sp28rbEPaKWNH0KbKKoeRh/fE63aObZ6Wy1FBznQhC/n+9tTWwJFqzsjrEG7CEGuOsSeM1FrzlYw7C0CKu3S2oKs1MhY1CL+7UZkJ8vGAvO38i9cLQdZkfOUj81MFCZBqw1g+MgYFFlSirz6XzdlUZlzIl7bML3aKqfIkxR9U6MkB6XAatpVK5LiRr/sXtz6FAsb/8yyBVCp4hzapl6iu9ylDaA5Wi72AT4/yX3D6Q4317C+CMdvfDKY0q4X4kyYIzwsWciXadYok1YbY9ll1VZk2/rIeA7zXSCwuUxc4p0uACylThbb67/Nahwire1ija69XtzxZGU3BBu7qlCdQxnfNeQh1gmyItzwYOVPejFhacwX6/+4ZHLz1jc1tM3yOz41PeJBq4P5SxlcgvBx0gdEMFg1JmbuNKy0Rv6ABdNOJ+j8DJZQp3XWvKQxP+H7KKiK6wCsGiyjP/eUSZA95aoj8thlWyQuCIIR1Pe2sW2Yn4ruB5HTzDo4NFe3Oe6zvfMEb6rR7mPWZeQJcMWe1Z8Zkgs2bqNyXHqQD3KuXsMrfoaFTxbQS8DFrNIhT2VT1Z+X5u0dMaKOBOaQbOQsilaFNsnxCbV/ZlfRjuqSWrA7vytIyUcS8YfxiiL5fGN4+d2AGdQAidSe8BZgm8eE=</xenc:CipherValue></xenc:CipherData><xenc:ReferenceList><xenc:DataReference URI="#ED-f4770e27-bc56-4b91-ac26-749a649bbc26"/><xenc:DataReference URI="#ED-31c24d1e-3293-4025-9c11-31f3ba964c87"/></xenc:ReferenceList></xenc:EncryptedKey><xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="ED-f4770e27-bc56-4b91-ac26-749a649bbc26" Type="http://www.w3.org/2001/04/xmlenc#Element"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd" wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey"><wsse:Reference URI="#EK-acb1c918-24c7-4569-bbe8-67c4d77c0db1"/></wsse:SecurityTokenReference></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>chZB8QW2KF2tvdQObRJPdo+PSIVMSxVnsCp7NihjosjZgkG3ahAaVJwkrXezijCQ1kxmm6dRfOwI9ZaL54GjeXHha51+8yv6ODgXj/Zu+09noPgWEz4hh1AKgwb63wBjlsvqbqdnPAcA1DjJghdVmzH7FY6gkpAR/L/4oXlkGXOfFs2OKq/EYe6d7k+vOIkW7c5zEvCGCpkkj37IKn9mR/sX/beX26P7aTHQ4RkdWRzv1oTnQ/ZxddIhk0c2cIEruJyluEmdwnmOIRXbwQHnmUGsrEarz++a8jIggDGtDI1teg/8y1y6qpTbNppV1ilEhiQK/qgilkrOdsooa6MmipEr2wW0BcSWcSvvc17JdLFZ+b/hnMYupgy8iRA6hhbwgVnJC7O5BuDNbOheyGxjm6Jmva9FRBydghkozJyvOi54V/rCUYEtoHbglRHPvWNaj4S2lvCt9pHbRuozQpwJhrLCqPxY2l2fzEgNyUUH3xPwTWYKcTqtfasXUwiGcgNaoIeMR24UAB6hUnkdmXU0PqO+/o5QDtfUQWXUFCK6+ATk22srTBeMfNGAKluCbFVNltilNHVDhdZxQx4h7XAEWttQQUiyhdAnsuljkkCFweehKjh+qCSThUSi92stEYlyGrOXSwyeZhqaL+P4poe/UPEi4Sv6smQnyeQ6eUC2GGf5wNaLGABCVEjQ7BPxJ//2kk1ti4Q3hf8OhLlSoG030VlsWObg4z5G8xA5PO5pqiUd6FeeCT1Y+iuop6wxRwk/nSGoijAVhQz07LYzTrnwQ/zfHPwt9Xrgp7q1S+9mIUopNFtASm+U6pGPKBW+yPtx1i7oU6z9jidBS7PL7uo1a284sPHiLXdOfkUtacYf13SYbRAXbiH2rDZ9UuUCl/k8aQir8X71kkHNLkitBsCBO5C9KLXyr16Kg6CNUMXJJCyqk7YtvS6NgzcD5J2w7p88uIfNkjdQjaq0jJ9vmgUZmWsZtsJikXgEHmMJwa5msSfF5xOb/qRXbHM9gbrpFNiA/sqGBG/RanImHLn30TcwnZxnCL2UD2V9ELx2NTsgahPstSSohM9sDRNijxeXyg5CYJtYpgfvKDp+6pXKzuxPPQdEOefxeZON9z/ymDIY88BlQadERX5w4uFgq5qRT+07vdyP5ZWIv+bRBCe7aAj9Jc15Y6TDwhgP/Bof+njpoehJu57xXIRvLf+0sDCaDxgp2nSlNTQMyJ4J7xIPELha/h8BeIDnmB0YijBsNLDalMMGhRaDWQFTanK4rnr5rQdCXuAXKScwq1Ss48XabQwaieui+MjglVBUFNDebIT4/aXlAu/r5l9tDIX22fpFMZ+FdWl3XZCcG+/f3pTHRYa0YDrEuEnl5K1Oj68D6I8zjy3Xn9fh78qMmMcRJ4YtnSTMU8K5Acug8sKXqGfhiVbcrkdB+EwJNrSnY81Nrdt1mHKpzdO1NdZOfCE/Y+iM9M39rZpneGKD73n8usK13EE3RwjjymPr4ZfeYXH1DcSiJ+NVwWlCr5Nh7006v2P+E/72cfyFfOkzrl+wjugqKUaio3XS0wlpJuymoBxlsvWNGi6pqo6tFLOi1a2vTqGmAkEhGzXUJmGwSebcY8vft8/eBEmUWeZVlvKjVnYt7PxqnZlOeq4GnkbDp1MB33bsEWn43FxLEu0LryDiRryUxYKq4wyUP16i+NBT/Mq0kW8fWUP/9/W86SrDHR2xOwx91dmnfpr221ipcZlBaj2TqCcbT6IzerobjOqHWqsv88siN+S40kAE46tuWQD4fbgnaiA915tPH+pDDOydNniJO3dO3jRf64KWoJh0vwIUs9Cf0v7m7/oQHVxfQcgj0V+SrX17CgawHoaX/mSssHiw2zPtGx05AM1XgN9U+GqblnqOQgLeIBcU3gtaJ9IhyKIZNcpaPb4XiSFaTqPUnNrwI9sb81skMSomC6Ir91fUKpjJZGbfoktLGezhBU6TVcu96zLgGOfBkhUBWhUSPQb984piQBcyZMEzHXr8VpkRMyVTRtJimgN/pLFYhjAkckWI2kiC9qsAqA5a0LJN6pS4JIlVy3rv/taDo/UL6ejtwI07+jAsDNlVa3otZ3v9YsMdvrW7px5UfgfzM3NBmGFWE1IFv5LFopzWKwtVD3rKNo+DIx8DDpE3IVDASApK9nIDl0tgfAEEQKVVmgPpsLjEhVEeGBdZPCbmeQmtH7CzO7P0iFhQs+CT9QqjGicEtnQjkKQXB7PCzWXvO9I3BMe+9K3iROq21XyUwH7UtWdODp2SvnhsL/hbvCH398Gliu+zhY1x1eB73cxsKD65BtY80W/fqVOzoO4XKg4QXhBoPqmHv3XZ0NpcxD48WKUfyWwhb0VF6Hv0zs5ag/YJo8JeYjrOCirTmHOAbMFjtXivCFUz6ulb8x2DOmc9ypbh6dQ23a+wsdSlEupHs8S4bprAxGHsLNG1pduR3b5UhgzH0YwnUfAyxmltWkPY2FOlf3FHZNkzFEXuy9NBuCHiiYPrCGZTEl3nNjYL419pWiGFgdD1QvnPPCoOfYlkKx2fh6dtF11RE+iaFBYYWcrusHl9HoxK5ZnGCzMBYq+76FAZmrovp1StE5Ix6geaE8DseqQFlJFxvr8dwOMjjJSrVM/yovRSlohfibtxwVkITskbg9DwUkjP1CqgP2Q8eKwULn6vKrpj1vWoLVBPhjFjgxdoR8Q+KBshzBngSB0ttm9uVbtIat6MHys65V/Z4O5DNXRifGv+2d9QaAsCzCpeUsneZXm3/RepcWCn9xyowB0f/2sNrli/ijWhbsB+tQ==</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></wsse:Security></soap:Header><soap:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-6d1d12e3-dbb2-420d-a2d1-09de442925a1"><xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="ED-31c24d1e-3293-4025-9c11-31f3ba964c87" Type="http://www.w3.org/2001/04/xmlenc#Content"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd" wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey"><wsse:Reference URI="#EK-acb1c918-24c7-4569-bbe8-67c4d77c0db1"/></wsse:SecurityTokenReference></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>cZ1FEg+UEfhpxmbup1DZcv162+JtVCd4/ueLwtKPnJQdRIAdr+J6KiPukPSARdzazzVrz8WwhHL+Jp958YC7aDa/ZMiA/XXNg5DoM8qw3jQ9M3EPEcVc6As2TFuf5i96SlMXjwihAAaoBcxTksOORupMcROfssDC6LRcsByAmVyrF+f6Bbq1WNwm3r5LfJesz1CnwwxC4KmFGnlCkjvXSaeJ6ipyTDD5uKJMzrRiSuZvQjPiidckwGvZunz0w5Nizi6mNVynENxlti0WRq5ivfG713akbHZvFrkOCiA3BBw=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></soap:Body></soap:Envelope>
--------------------------------------
2018-12-20 23:06:54,787 INFO  [directToCxfBeanRoute] (default-workqueue-1) Received SOAP response message: This is a simple request with Basic Auth and X509 signature+encrypt WS-Security policy activated! jEAN

SOAP-UI

The service WSDL is available at http://<jboss_eap_host>:8080/webservices/greeting-security-basic?wsdl.

There is a single service operation named greet which takes 2 String parameters named message and name. Invoking the web service will return a response where these values have been concatenated together.

Make sure the following outgoing and incoming WS-Security configurations are enforced:

  • Outgoing WS-Security configuration: SOAP-UI 3.5.4 Outgoing WS-Security Configuration
    • Encryption Symmetric Encoding Algorithm: http://www.w3.org/2001/04/xmlenc#tripledes-cbc
    • Encryption Key Encryption Algorithm: http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p
    • Signature Algorithm: http://www.w3.org/2000/09/xmldsig#rsa-sha1
  • Incoming WS-Security configuration: SOAP-UI 3.5.4 Incoming WS-Security Configuration

Below are some sample tests screenshots:

  • Rejected request without any basic authentication: Rejected request without basic auth
  • Rejected request with basic authentication but without any WS-Security policy enforced: Rejected request with basic auth but no X509 signature/encryption
  • Accepted request with basic authentication and x509 signature + encryption WS-Security policy enforced: Accepted request with basic auth and X509 signature&encryption

Red Hat JBoss EAP 7.1.5 log extracts to show the X509 signed and encrypted SOAP envelopes:

2019-01-07 16:33:12,757 INFO  [org.apache.cxf.services.GreetingServiceService.greetingPort.greeting] (default task-1) Inbound Message
----------------------------
ID: 7
Address: http://fuse-eap-01.lab.com:8080/webservices/greeting-security-basic
Encoding: UTF-8
Http-Method: POST
Content-Type: text/xml;charset=UTF-8
Headers: {accept-encoding=[gzip,deflate], Authorization=[Basic dGVzdFVzZXI6dGVzdFBhc3N3b3JkMSs=], connection=[Keep-Alive], Content-Length=[8720], content-type=[text/xml;charset=UTF-8], Host=[fuse-eap-01.lab.com:8080], SOAPAction=["urn:greet"], User-Agent=[Apache-HttpClient/4.1.1 (java 1.5)]}
Payload: <soapenv:Envelope xmlns:jax="http://jaxws.cxf.examples.camel.wildfly.org/" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
   <soapenv:Header><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><ds:Signature Id="SIG-561F8FBDE5AACAF5AB154687519220321" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces PrefixList="jax soapenv" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:CanonicalizationMethod><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><ds:Reference URI="#id-561F8FBDE5AACAF5AB154687519220220"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces PrefixList="jax" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>0Tr1TUnducdijmACRMbpImocqkI=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>ZoOl/8xXuMSe+g2Ee5lV0CmbFq+G8dGRqgPD9DhL/4ABtyN4z2+Xn+zUAo1b1+1qpI9iaeZzcwqF
R6XWM99NzaxT10iG+wIbK/db05DCkGgtWaQorleS2rz+ZrUvSYVyZ+HXwEnEIXkPuAfkMdQ6ZE47
SobOOs5eZAINwAIUpGkIETL4AamSkkaU3HrjWBo5XnX+rDSacWRJLXv0OYfA8y2Zt3/be+pyKV1f
AHTfOTg/1YsqA4tBb2u7Ya4cKpp2fNv3mtFMOm0c66uq/HdGQ479akthpMBmJC1PaD88OD4duTtV
019LcYTLBpB851D8Zh/3cuRiYLn3SQIUWMzFFG19S0d7AIqQQjNselLIsCT/XaTuB8jBj/I+WocS
8AsBvj114yg6HVPrrUQjyYeeVJu/y3ndYklZ453NMpGBAF9ewt6C0nOs1JqLLICboql7oFmDfwJQ
icYiw3D1ZhUUAY6OjiAr6YGESWnj14j+wM9+grYy1h/zArSD/p6wSaXppyXf6F+WlS4r1vYhWC6I
DyCO6VBCqiipjil1yuYgZNRhdV/g/30c6etTttIsE6qxi1tsQKGnrpE5WLB5win+JYF+7Z2fmgos
R3g7IYq1YsZuvvI0ZvWKnAhrITrKls7inmjdZ8JTlb8ptrWzXStbH34GipYX9ysxYUr1f/kwe+M=</ds:SignatureValue><ds:KeyInfo Id="KI-561F8FBDE5AACAF5AB154687519220118"><wsse:SecurityTokenReference wsu:Id="STR-561F8FBDE5AACAF5AB154687519220119"><wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3">MIIE5TCCAs2gAwIBAgIEBKDxkjANBgkqhkiG9w0BAQsFADAjMSEwHwYDVQQDExhzZXJ2aWNlLXdzLXg1MDlzaWduYXR1cmUwHhcNMTkwMTA3MDExNTQ0WhcNMjQwMTA2MDExNTQ0WjAjMSEwHwYDVQQDExhzZXJ2aWNlLXdzLXg1MDlzaWduYXR1cmUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCjMrITZcEGWP3PuzvozxN1peTeJscqvhUpagk0rnqKvi6s9CYlNZH40zz2x52rXrKwFV9Nc4HKnNXhV8+Uva3t7rvPWa975snj+A7jtkS08cwGs06pirCfE/PgflrO4yQ8I8rRxL6Yq+vsQk1V7wE3sGq6chfAslAUwv1tilTn9PMBmZEqJOxcllAVdsOfaGQN6AZvZWUf4PCqd1xOvdhjrp+p7Z+KI17h9tfbTsywFh1MF5pWXnYrb6wuE3wUwOcqR/NUmyp/KazO5/mwwMwNZhiic79n81xGBPVjoUNgqVjDVCLPvNsxbMXc0IAQ6wTsGspT+97HVbvo4fPkOBe5dpKJxMNRqB9lqYCS0bMqGVNQtuuogsgGAxYz/Ih/PzCXCDaqtN1z+zkPV8BDpIkdt2MFsZ/Or8NXlzjGh4dc7lvtYb0HCVSa5cNQJksYSCvkMMjxZqOsuEQZTo91OsNVo6rxN1e77rUKADBDfUvsr5gMxtWBhjCCl9IuvYWMjE7AF7ixMoYKjzR+nSJZp3YGhPszlVFypy0EA8Ef9hsjji91zG8icHLwOkF8Xy3bPaKIUwj1GsQUmQBgjJIBQU5z5bq28ftxc0RMvObhyM+w6vIWAMf5qZQf80skY6E/bOgJEMnklljjXHZfU3uGe1kXQd5Hjj4oYCJfk2P1hOxKxQIDAQABoyEwHzAdBgNVHQ4EFgQUgfVwS+7ucaVhWBcu2WWgrCWIB3AwDQYJKoZIhvcNAQELBQADggIBAJit5uXb9r6ATam96hSD8jdj+Xj/DsmHUomh8MgQ78YX8gkB0SnLmICrA8wk0kuRl6DdHf/a2WbZd/97utSMm6Lu1e2b7GmHQUlz7UQb0StwIaRKUM6pf4bUSI45578QOLwVfQty6+94BsEV2kRZHhUbyy0VaS3mgfkZ4queTDfNXRXnWqWppofByw95KhrZ/1CdJ5ofJKvVeY3VlG1HRvom3CTkJXK9tXDphduHCWYd8trLkEaD8RwfC0aUmNt+ilUNXQNPjubasM5rjMf8hiBH6HfZmX0QQTQ/TDx7YKL6cTkAeUHPKNnKKr6S3ahkw/ot+2DoJgW+isJhLsdD4v0vqFYNJJWkcn3ti14GYPpQPyaJOxRlCkcBu8aqto4mSazKl5vzVxtNz6x4PDhvHypA0n/DtMouxUQyUxa44sB5PhkZmjYTFpxVWogT60gzTxtDCe4GI8dHAuYQq+URsGbSnEK0bjYWc01lqTTx+ONhxazoSOEQfhjVgVckuBmI7gx9KgmkESJjoRiU0BM5xsYR9M3b/a4YuKVHVzx24vpi7ol03X6/g1+O/dnSIhSspDYojdtpIMo3PxciikSz6Kj3aKDV/Wfwit6dDeG7xDJ/lDl+IxgfnM+o9ekzUs86i9uAUJuL9ehpdlxbYTShLPAoYVSGyFofMMMRCXCzyxWv</wsse:KeyIdentifier></wsse:SecurityTokenReference></ds:KeyInfo></ds:Signature><xenc:EncryptedKey Id="EK-561F8FBDE5AACAF5AB154687519219015" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><wsse:SecurityTokenReference><wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3">MIIE5TCCAs2gAwIBAgIEBKDxkjANBgkqhkiG9w0BAQsFADAjMSEwHwYDVQQDExhzZXJ2aWNlLXdzLXg1MDlzaWduYXR1cmUwHhcNMTkwMTA3MDExNTQ0WhcNMjQwMTA2MDExNTQ0WjAjMSEwHwYDVQQDExhzZXJ2aWNlLXdzLXg1MDlzaWduYXR1cmUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCjMrITZcEGWP3PuzvozxN1peTeJscqvhUpagk0rnqKvi6s9CYlNZH40zz2x52rXrKwFV9Nc4HKnNXhV8+Uva3t7rvPWa975snj+A7jtkS08cwGs06pirCfE/PgflrO4yQ8I8rRxL6Yq+vsQk1V7wE3sGq6chfAslAUwv1tilTn9PMBmZEqJOxcllAVdsOfaGQN6AZvZWUf4PCqd1xOvdhjrp+p7Z+KI17h9tfbTsywFh1MF5pWXnYrb6wuE3wUwOcqR/NUmyp/KazO5/mwwMwNZhiic79n81xGBPVjoUNgqVjDVCLPvNsxbMXc0IAQ6wTsGspT+97HVbvo4fPkOBe5dpKJxMNRqB9lqYCS0bMqGVNQtuuogsgGAxYz/Ih/PzCXCDaqtN1z+zkPV8BDpIkdt2MFsZ/Or8NXlzjGh4dc7lvtYb0HCVSa5cNQJksYSCvkMMjxZqOsuEQZTo91OsNVo6rxN1e77rUKADBDfUvsr5gMxtWBhjCCl9IuvYWMjE7AF7ixMoYKjzR+nSJZp3YGhPszlVFypy0EA8Ef9hsjji91zG8icHLwOkF8Xy3bPaKIUwj1GsQUmQBgjJIBQU5z5bq28ftxc0RMvObhyM+w6vIWAMf5qZQf80skY6E/bOgJEMnklljjXHZfU3uGe1kXQd5Hjj4oYCJfk2P1hOxKxQIDAQABoyEwHzAdBgNVHQ4EFgQUgfVwS+7ucaVhWBcu2WWgrCWIB3AwDQYJKoZIhvcNAQELBQADggIBAJit5uXb9r6ATam96hSD8jdj+Xj/DsmHUomh8MgQ78YX8gkB0SnLmICrA8wk0kuRl6DdHf/a2WbZd/97utSMm6Lu1e2b7GmHQUlz7UQb0StwIaRKUM6pf4bUSI45578QOLwVfQty6+94BsEV2kRZHhUbyy0VaS3mgfkZ4queTDfNXRXnWqWppofByw95KhrZ/1CdJ5ofJKvVeY3VlG1HRvom3CTkJXK9tXDphduHCWYd8trLkEaD8RwfC0aUmNt+ilUNXQNPjubasM5rjMf8hiBH6HfZmX0QQTQ/TDx7YKL6cTkAeUHPKNnKKr6S3ahkw/ot+2DoJgW+isJhLsdD4v0vqFYNJJWkcn3ti14GYPpQPyaJOxRlCkcBu8aqto4mSazKl5vzVxtNz6x4PDhvHypA0n/DtMouxUQyUxa44sB5PhkZmjYTFpxVWogT60gzTxtDCe4GI8dHAuYQq+URsGbSnEK0bjYWc01lqTTx+ONhxazoSOEQfhjVgVckuBmI7gx9KgmkESJjoRiU0BM5xsYR9M3b/a4YuKVHVzx24vpi7ol03X6/g1+O/dnSIhSspDYojdtpIMo3PxciikSz6Kj3aKDV/Wfwit6dDeG7xDJ/lDl+IxgfnM+o9ekzUs86i9uAUJuL9ehpdlxbYTShLPAoYVSGyFofMMMRCXCzyxWv</wsse:KeyIdentifier></wsse:SecurityTokenReference></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>SZvw5NAfv07GxmQv7AvlhVw0k7lWvqE3Rg6AOuRggOU7NGtW+Ops24/D2+WW0i6gS5lBDhGZlICc/kbV5OxO1nJa37DAXGtrtm8V+fgsH5YW9PI28HsT+dOOrYx27O/yxzFChDjli4fRvvoDUmHvMCkyOu5jYcrwwbP3pYGfbwoyco9SEw6l8M24LHDtv/Y14PQ+PuOUhpAHFAA9jZb13CiyCundNRJ9Y8S4uCf1hs4t+dRdxpCUcwYahdw5Kr8xRx8xKDvhjwBYL4q0M5QIls1/CcUmANk9vu6WJZo7in+DBifwoTUaLQdTGkvYc53/b4sHSb2ZYJW9jLG9ZHKRpl0+/rRSBsX4vvtj1xbOqKsIqKuTDBPQN66xbmyEhyCbqqkaSS9D0BkmuenzN4htEed+wlsrsHZO7uFNDUyoOhxWOmxyttp4lff2b8bB45GfZMwQt2HPP/pYNdTs891MdVp/Hea/2Bf5lLYf++/D09oiFvrc0uQ5hD4hXz7jayL2LxTmgUxVCCeOVBZ4XDoPuOR/va2EySSrgU0v3NTWoF8QaLLXP2p+6qYdqyyNiH5QgZfCrwRun1h8/rhVYfTvd0TWykQq+UMXLvVOGwqhmF3LIY1DhWp3eEC66dPi6657MDdQSgdFtV82TDcMNfnptvXo5T0h1J8wGZ3d0FxQuYQ=</xenc:CipherValue></xenc:CipherData><xenc:ReferenceList><xenc:DataReference URI="#ED-561F8FBDE5AACAF5AB154687519219016"/></xenc:ReferenceList></xenc:EncryptedKey></wsse:Security></soapenv:Header>
   <soapenv:Body wsu:Id="id-561F8FBDE5AACAF5AB154687519220220" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><xenc:EncryptedData Id="ED-561F8FBDE5AACAF5AB154687519219016" Type="http://www.w3.org/2001/04/xmlenc#Content" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><wsse:SecurityTokenReference wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"><wsse:Reference URI="#EK-561F8FBDE5AACAF5AB154687519219015"/></wsse:SecurityTokenReference></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>etLCdoaNP8N4YkbmH/6lCHuOrRdwxvCjlM389lfHVM3LiwV836mAbulZMFfnaMXMJmFEg9z/bZ4plwbV+7Vsr6A7Dm9q3AWVTaSf/hjao00rd3jyRfSyqpgPOgcNPLtLADpcScPR18EmwehyxHx/HAbbt9WqJqgTIPdJQJm49H6Ld/v4ezaH1YQ5dwQhcFA5B0f6/qy75/9+tTnF7LyR/Rfa4P9Bugz4XvzezK2y62UrF6Xzh+epzOOg3JYJF06D6pBhXItoNqLJb8hehALJuCwgt0yp1e4jX5Z9bkHOdkqCoSe0zvKWZ17SxEO54N6XVaYgi7lRSC7uHENPHR+BjescOMAEg6/APBKDVh8lFPuYGdlJXXjLmQReik4maNd4iieZ86DOslh6Fy09iVbJqBhzkXT1htJYhqlUPjbyp6Spd9i9mtIucDY6bFRNoTqOGhzIGOR8ZP/Sq4c/lTS9ejpNruP9TXA812X9u7EGCehaL2i9JAzHh2xuKrc5oIgnqIraYci69GxhWe/cQVuPYw==</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></soapenv:Body>
</soapenv:Envelope>
--------------------------------------
2019-01-07 16:33:12,949 INFO  [cxfConsumerToProcessorRoute] (default task-1) Received CXF Bean message: This is a simple request with
         basic authentication, x509 signature and
         encryption WS-security policy!
[...]
2019-01-07 16:33:13,025 INFO  [org.apache.cxf.services.GreetingServiceService.greetingPort.greeting] (default task-1) Outbound Message
---------------------------
ID: 7
Response-Code: 200
Encoding: UTF-8
Content-Type: text/xml
Headers: {}
Payload: <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Header><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" soap:mustUnderstand="1"><xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="EK-059250de-ecf9-426b-adbe-4dd8fe1da4b4"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><wsse:SecurityTokenReference><ds:X509Data><ds:X509IssuerSerial><ds:X509IssuerName>CN=service-ws-x509signature</ds:X509IssuerName><ds:X509SerialNumber>77656466</ds:X509SerialNumber></ds:X509IssuerSerial></ds:X509Data></wsse:SecurityTokenReference></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>ON0feRrFjG49tnOy16k0zvqJ24cWah0/XP5zKMtk86wuv47L93GkNiwk62vqiDzHqvFz26ZhfALcrjyLCQI+n9WN32tDOgx3BimhG+mwd+99KDV7Y6o+0VNKoGYTSbX0FOMx6XJaxcDEgJZ1aPn+Op4nHL2zXOVuLYxcmBqQlXozOsx+BKWnUoLMlBzkCbiaNlsY0fEGx1Z0OyB4ZdUFG2ocFiMC3NpRmn4Ru6IKKYGxGUP0Nq9nisptcm90awyAyVuSrHn7Kp5lsaoMdJ9rxqJTIe9fpSJUR378RTlaONXcyYYDIBlc+hxRUdskxWwf+yUEQ6tDacgDmbxo+zcd0fi+OZTiM3O0Eb/hZDvrRkuHYCFgC34X1N4jXEPxWBgoLdCl76SKJZ3zM8Htw6Ry5dK4VOq0+o7ieiN9v/6bfzdslTs0KM7/LMXKBq7jSH4/TIe5KORlW3ktSlOQVvi7Tp4gha4Dgkfb7ba3h0HOkxCWr+fSY3/ewdgJX6XfS4ZTjLsecO8xOQNW6dN6gacffPFO4AsSvFLwiRZMG7UOpMneWorz+d3X7amlpIztKdENcfKiFZz6zbIJa1GCNDbmJyp3nVWnhjRgFdCFQ5tUqBoj+0U4oLiH5R1w3P2XMl/IY9BWQiipfGtrlWU6SSTl+FrjZxXr+BruNnsYFYo8Ma4=</xenc:CipherValue></xenc:CipherData><xenc:ReferenceList><xenc:DataReference URI="#ED-5dde9236-aca5-439c-842c-8208003a2fc4"/><xenc:DataReference URI="#ED-08ff5824-9c0e-4274-8591-91461b0a41d3"/></xenc:ReferenceList></xenc:EncryptedKey><xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="ED-5dde9236-aca5-439c-842c-8208003a2fc4" Type="http://www.w3.org/2001/04/xmlenc#Element"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd" wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey"><wsse:Reference URI="#EK-059250de-ecf9-426b-adbe-4dd8fe1da4b4"/></wsse:SecurityTokenReference></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>IV6gHduZLFJB+OFl8IcLFDkY+XCyf/9ocFFkwyAtfic0ehCfp9W9GX5Q/UXGuHWy9pxShavCzJt0ZKqMjflFvEwdzPn4EkO4L07PITsGzNIeSixctwSwKypLxBe5+uw3oLf91w/3DmryWdN/vgq7lsaGuBHu0hyTmYRJwAdLJcJPO3VSs6UKMSY9f0rrSy3CKXkMSsqzMUew/IxQ/YIPW6k5KQy5dRAD13OxXFXXHbDg+59Z/vVFvGL/Vn5kvhG3VofkBRjK8vTyLp2RiBQOO6RzyKcTuSlHfijodUa18w5j5ZUOFR2VAfw/sAW8S0WJC/c45N+A9k1o2PaD7+du4pdHULxfMANpRzaISLzGvUgTqerybQwsPrC+pK3GIRLZnuDFdrS2UKC50k3esY18qsgPDnqZrSKCNfWC6cUVoql6P/P/gooGm3KdftucIQXXbSL9EG1fmciwRH8Eb0NjaPDj9IJnp7/4YJbcVbTUERsN6gn46G6ywAr6PMmUqMCIYgTMKuJxRW3qjZjehKAU5nzXa3n5xfdiuw4qShrEfZNnloksU/57BBA1AxBo+9nFaaqLfJJvQiWmurnkiIzeUA8CFar82wmvQoxOn3hm54GuaWkgDYNYWKyW9B2ZLxfSsCVP52Vlb6n+gUQq9roVSUK90rK2zKfteqbs/S8Pkj321IrmvEi3UCZ71u+jvC0v5N8uZtVkcX39Mf4CY4YMaeLAffw5K+iaqRWnH8wehjdfK9S/iz7VtRFqSlGXegboXL7fp/82yEsr96k1VsW61mN1Z6Q1sCVKP5s1G++Lu/2zeIhB7PBlA6lqyt1Ixedwy9Uqkf9iad/DkN/RzN250zYut7T7bn+qiRoiORNpP0TaLCBnymcgXbZEJmMIKJTeyElGf6wt6/Dk8RIcMdRisdg6Fru9kNiEOFVPVzz1Ig/JY4QMBnZ7vncgWco96wxr/Fv+4Zf6K3q+DKXf819IAFb/vi36a+7SVGBdYdHTMit4fz3J5HIzKpwkwHJ3CATm2T6Hb+rtzlpsS9Pja5fmOk0lVPJWMnyszp8nceFx//z0ZtIwIaTyXL7RnDs9TKxVMykWpxFtsVlX2WkO+Kk8LPmAD0hGhGcNX79/gRIz/x2uddj/HUbGRxLUJUNMT6NJ5g88MKJvqq6Idy0ymWR7vCWYE4AWa5/L2DhsKADgQ2vW6ND913P7h3ThILtDXgDlzQs+ECaBQm3tPF84pbhDn4uOp+cEiFDo4zob6/wcwzXgCOJXpouGXMD3fdsL3BHmygoMeURr3UABmx77mG/nbEX1e9G6bp44NgaPkocqLqz8m2M0bk6u8t5mbGLVqYMQ9hCeN6TP9GDXzVwxTzm2T9dmLeRnsMgROaPLpRDejVMEh4KmNKIn3zEDvnAVDD7CpLI9/lEAbh3/0HNnYSpv2T28tFismB3lcU7dL9y4XyvYelakDHhQIncgswjetR+mB+YQaiERKVYaEAxyKyIuQnk8hygcWVnmwp+owteLP77HxBxGaHnZZyNy7J3JdtG3rkjVWGznoYIgRjBwCs8hmtvffIbCGlhEFVtjXq1smOtg4lpVvBggoKclLXYTrsee093w6cnNEbL4pjyBukRLfleY9A1ZVy3hJmRYPRaQZ6HEAi5BYejejWAFCp0S5fb3VPNEr0+cd+pHpDDbxucFVFRRzeWqcD8BlChd3BS72y/Vg7tw5zqEA9WtcKBtJR1i1OYUHwC63m8+zUNPI2dE5DB1UuGlUwfazFeXXkO6SLcFvjMtIwdHLTulXmViWs43+9U4dmtjIcb9LiWIr4iB1gXLZSf3Ji9LdPjfz7amE6KABZ5SQO3m6wcfsLX4oubhROOAba6S3Pc6rlZ+UXXrHq+RZp7CzE2uprAGPyIaOkgUdNvjzgeCOjawd12GReThWkQgJ19pu7RXT7rxTDHVVNQiGKJpMW8dOqGDpdlLzyOpEqKG0FuWbk7eI83qNB8NQWFNbZbZ4xtDbUvEb/YOHuf3FWHUxymALFhVRj8qGv4TepUnQIpNT1LAF1MxzsNCCrTYh3AKkQT35dYlgjrZolDISlW/cvs6bpbAnide7U/YiN4IYXItIlHVvcDA6Pla5Ni4wWwQXFw3A643xRoV48InE2jzRCmThwF8GpJgmW/LYvNCRdPDO0mGGaAs20kdTU/Ma9QQTL7iBB896KsHJKHxhG0iPxUd9N4TDLQ1cM1vqJjB85SzLTx3Bl2jQt/mv6b4O7SI+N0im+Dre15sHdnIOGtGjTV/mWHpYEjL4HKoTH8Xm2w8JaUsu+i6D100HD5ChKHcoyoU+zC564M4H+HYkuhcVr86G/akylWmImeVt/0+68m8Yrn2agJ82Geoc0ISVeZ0DsKVdIsGMsihLK5WuqnGreJI3BmkpgANd4tZ+sQkeoD8SiBMFpIucXQJE23tyMZCkuzlGUZOSQ/aPZWQUF8paU7P72E2hom2G2MfPhDYRHHk9QayNlN4AzUIUTy1dPhLlwwT/GcUzFXunbNdo0IDKQ43QAKkcDF82Psh7BywVTJZqC1zrIP3obtUUONEzPXmVw6Vm/X4K3hqu0mgTXK47mp55QxwtmHucCWWETvEGU2Fs2S51ae1+rpKDvtzaHoelc2Mg1Awql1MYyKI4tWISsLwlEB0HvEPmJbgt0LD7Kvp7b+/qGMTh+WWqoxlRO0GMxXGv5KK0/IXvhJfxcezMqYt7m8CLUdxx9ewOkeZBkgIjPm8jGGboJdHVsBslLu9jt/l3olzGrhMbHwPyGPl+hleZDZC+FCPjpU=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></wsse:Security></soap:Header><soap:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-3b612436-4705-407e-b403-dc3afee30a1f"><xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="ED-08ff5824-9c0e-4274-8591-91461b0a41d3" Type="http://www.w3.org/2001/04/xmlenc#Content"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd" wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey"><wsse:Reference URI="#EK-059250de-ecf9-426b-adbe-4dd8fe1da4b4"/></wsse:SecurityTokenReference></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>MDin8yY/o94NIRJHHda7T9o+7SIPoIZscC5l/tnIao9ClkEETVosP/hZN1BCW20nnetGLHi7Y+1ezlrf5Pj+Yp5YOLcWeIx4ehmoFlzxzjSvRowbpis2S/o/+vJ4LyAonEAERN40Wr2juulOsaVY/700xJJ3UQYx7xGJZI6ok1lqS5LYByiVrA1aMF84wQYh++3Z1ZGbfLSiDsOWjWLF3fJhnHqsCbXyEer14GCbhIIc2JtlLPiPjouVupJPQB140gOAwLSSTXqvqWpnECzSuNGIDmA9ZT1P+55YvgMbGLHxXMcDmikavRzcAsGGnpGwV/lLHY0yYno=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></soap:Body></soap:Envelope>
--------------------------------------

Undeploy

  1. To undeploy the example run mvn clean -Pdeploy.

  2. Unconfigure the example tls security configuration:

    For Linux:

    ${JBOSS_HOME}/bin/jboss-cli.sh --connect --file=remove-basic-security.cli

    For Windows:

    %JBOSS_HOME%\bin\jboss-cli.bat --connect --file=remove-basic-security.cli