Hello CXF Devs, I am trying to access the secured (usernameToken) webservice deployed on tomcat by the java client. I intercepted the exchanged messages via tcpmon, which are following:
Request: ---------- <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";><soap:Header><wsse:Security xmlns:wsse=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; soap:mustUnderstand="1"><wsse:UsernameToken xmlns:wsse=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; xmlns:wsu=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="UsernameToken-1"><wsse:Username>ws-client</wsse:Username><wsse:Password Type=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText";>password</wsse:Password></wsse:UsernameToken></wsse:Security></soap:Header><soap:Body><ns2:processOrder xmlns:ns2="http://order.demo/";><arg0 /></ns2:processOrder></soap:Body></soap:Envelope> Response: ------------- <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";><soap:Body><ns2:processOrderResponse xmlns:ns2="http://order.demo/ "><return>ORD1234</return></ns2:processOrderResponse></soap:Body></soap:Envelope> Unlike the Request, response does not have the security header. I want to know why **security header** (wsse:Security) is missing in the response. Am I missing something in the configurations? Can you please suggest what should I do to solve this problem? Here are the client and service side configurations: client-beans.xml --------------------- <beans xmlns="http://www.springframework.org/schema/beans"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns:jaxws="http://cxf.apache.org/jaxws"; xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd http://cxf.apache.org/jaxws http://cxf.apache.org/schema/jaxws.xsd";> <bean id="client" class="demo.order.OrderProcess" factory-bean="clientFactory" factory-method="create"/> <bean id="logIn" class="org.apache.cxf.interceptor.LoggingInInterceptor" /> <bean id="logOut" class="org.apache.cxf.interceptor.LoggingOutInterceptor" /> <bean id="saajOut" class="org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor" /> <bean id="wss4jOut" class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor"> <constructor-arg> <map> <entry key="action" value="UsernameToken" /> <entry key="user" value="ws-client" /> <entry key="passwordType" value="PasswordText" /> <entry key="passwordCallbackClass" value="demo.order.client.ClientPasswordCallback" /> </map> </constructor-arg> </bean> <bean id="clientFactory" class="org.apache.cxf.jaxws.JaxWsProxyFactoryBean"> <property name="serviceClass" value="demo.order.OrderProcess"/> <property name="address" value=" http://localhost:8080/neworderapp/OrderProcess"/> <property name="inInterceptors"> <list> <ref bean="logIn" /> </list> </property> <property name="outInterceptors"> <list> <ref bean="logOut" /> <ref bean="saajOut" /> <ref bean="wss4jOut" /> </list> </property> </bean> </beans> beans.xml ------------- <beans xmlns="http://www.springframework.org/schema/beans"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns:jaxws="http://cxf.apache.org/jaxws"; xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd";> <import resource="classpath:META-INF/cxf/cxf.xml" /> <import resource="classpath:META-INF/cxf/cxf-extension-soap.xml" /> <import resource="classpath:META-INF/cxf/cxf-servlet.xml" /> <jaxws:endpoint id="orderProcess" implementor="demo.order.OrderProcessImpl" address="/OrderProcess"> <jaxws:inInterceptors> <bean class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor" /> <bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor"> <constructor-arg> <map> <entry key="action" value="UsernameToken" /> <entry key="passwordType" value="PasswordText" /> <entry key="passwordCallbackClass" value="demo.order.ServerPasswordCallback" /> </map> </constructor-arg> </bean> </jaxws:inInterceptors> </jaxws:endpoint> </beans> Many Thanks in advance. Best Regards, Rahul
