rahul.soa wrote:
Hello CXF Devs,
I am trying to access the secured (usernameToken) webservice deployed on
tomcat by the java client. I intercepted the exchanged messages via tcpmon,
which are following:
Request:
----------
<soap:Envelope
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";><soap:Header><wsse:Security
xmlns:wsse="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
soap:mustUnderstand="1"><wsse:UsernameToken xmlns:wsse="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
xmlns:wsu="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
wsu:Id="UsernameToken-1"><wsse:Username>ws-client</wsse:Username><wsse:Password
Type="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText";>password</wsse:Password></wsse:UsernameToken></wsse:Security></soap:Header><soap:Body><ns2:processOrder
xmlns:ns2="http://order.demo/";><arg0
/></ns2:processOrder></soap:Body></soap:Envelope>
Response:
-------------
<soap:Envelope
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";><soap:Body><ns2:processOrderResponse
xmlns:ns2="http://order.demo/
"><return>ORD1234</return></ns2:processOrderResponse></soap:Body></soap:Envelope>
Unlike the Request, response does not have the security header. I want to
know why **security header** (wsse:Security) is missing in the response. Am
I missing something in the configurations?
Can you please suggest what should I do to solve this problem?
Here are the client and service side configurations:
client-beans.xml
---------------------
<beans xmlns="http://www.springframework.org/schema/beans";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xmlns:jaxws="http://cxf.apache.org/jaxws";
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://cxf.apache.org/jaxws http://cxf.apache.org/schema/jaxws.xsd";>
<bean id="client" class="demo.order.OrderProcess"
factory-bean="clientFactory" factory-method="create"/>
<bean id="logIn" class="org.apache.cxf.interceptor.LoggingInInterceptor"
/>
<bean id="logOut" class="org.apache.cxf.interceptor.LoggingOutInterceptor"
/>
<bean id="saajOut"
class="org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor" />
<bean id="wss4jOut"
class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
<constructor-arg>
<map>
<entry key="action" value="UsernameToken" />
<entry key="user" value="ws-client" />
<entry key="passwordType" value="PasswordText" />
<entry key="passwordCallbackClass"
value="demo.order.client.ClientPasswordCallback" />
</map>
</constructor-arg>
</bean>
<bean id="clientFactory"
class="org.apache.cxf.jaxws.JaxWsProxyFactoryBean">
<property name="serviceClass" value="demo.order.OrderProcess"/>
<property name="address" value="
http://localhost:8080/neworderapp/OrderProcess"/>
<property name="inInterceptors">
<list>
<ref bean="logIn" />
</list>
</property>
<property name="outInterceptors">
<list>
<ref bean="logOut" />
<ref bean="saajOut" />
<ref bean="wss4jOut" />
</list>
</property>
</bean>
</beans>
beans.xml
-------------
<beans xmlns="http://www.springframework.org/schema/beans";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xmlns:jaxws="http://cxf.apache.org/jaxws";
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd";>
<import resource="classpath:META-INF/cxf/cxf.xml" />
<import resource="classpath:META-INF/cxf/cxf-extension-soap.xml" />
<import resource="classpath:META-INF/cxf/cxf-servlet.xml" />
<jaxws:endpoint
id="orderProcess"
implementor="demo.order.OrderProcessImpl"
address="/OrderProcess">
<jaxws:inInterceptors>
<bean class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor" />
<bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
<constructor-arg>
<map>
<entry key="action" value="UsernameToken" />
<entry key="passwordType" value="PasswordText" />
<entry key="passwordCallbackClass"
value="demo.order.ServerPasswordCallback" />
</map>
</constructor-arg>
</bean>
</jaxws:inInterceptors>
</jaxws:endpoint>
</beans>
I am unable to see ServerOut-ClientIn WSS4J Interceptor configuration.
For each way you require to configure.
With Regards,
Mayank
Many Thanks in advance.
Best Regards,
Rahul
