using UsernameToken in Security header within Java API

Thu, 31 Dec 2009 09:08:24 -0800 

Hello.

I am struggling mightily because the WS I am using requires security
authentication through the UsernameToken tag with username and password. 
That, however, is not specked out in the WSDL so when I generated my classes
using the utility withing the API, it did not provide for it.  But the
authentication  mechanism does require it, in other words, there is a
disparity between the WSDL and the actual service.

Before I started coding Java, I tried to use the service with the soapUI
client and it also did not create the security header adequately from the
WSDL but the correspondent from the other side gave me the properly
formatted one, so I inserted it into my request and it worked.  All inside
soapUI.

The problem now, as you may guess, is how to translate that insertion into a
modification of the generated Stub so that it works.  Currently, the Java
request is failing authentication.  I tried to do

_call.setUsername("user");
_call.setPassword("passwd");

but that did not change anything.

Here is the functioning request template:

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";
xmlns:ven="http://www.xyz.org/schema/services/vendor-id-check-1.0";>
   <soapenv:Header>
      <wsse:Security soapenv:mustUnderstand="1"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";>
         <wsse:UsernameToken wsu:Id="UsernameToken-7475052"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";>
            <wsse:Username>user</wsse:Username>
            <wsse:Password
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText";>passwd</wsse:Password>
         </wsse:UsernameToken>
      </wsse:Security>
   </soapenv:Header>
   <soapenv:Body>
      <ven:ValidateIdRequest>
         <ven:MemberId>123</ven:MemberId>
         <ven:MemberLastName>Foampile</ven:MemberLastName>
      </ven:ValidateIdRequest>
   </soapenv:Body>
</soapenv:Envelope>

The bolded part is what I had to insert to the request that was otherwise
generated fine by soapUI and in Java code is probably the same.

BONUS QUESTION:  is there any way to print out the request XML that the AXIS
API generates without using HTTP tracing or something, i.e. to do it within
the realm of Java?  Because, if I can do it, I can see whether my Java code
is going in the right direction producing the expected XML. 
-- 
View this message in context: 
http://old.nabble.com/using-UsernameToken-in-Security-header-within-Java-API-tp26980316p26980316.html
Sent from the Axis - Dev mailing list archive at Nabble.com.

Reply via email to