On Wed July 8 2009 5:29:16 pm rahul.soa wrote: > Thanks Mayank for the response. So that means Client should have > WSS4JOutInterceptor configured to send the secured SOAP Request and should > also be configured with WSS4JInInterceptor to receive the secured Response > from Server. And contrary applies to Server.
That's right. This is partially why using the WS-SecurityPolicy stuff makes it a bit easier. You don't need to mess with interceptors as the Policy framework handles that. You just need to add a little configuration to the endpoint or client (via standard JAX-WS context property mechanisms) and the policy framework does the rest. Dan > Best Regards, > Rahul > > > So that means > > On Wed, Jul 8, 2009 at 7:51 PM, Mayank Mishra <[email protected]> wrote: > > rahul.soa wrote: > >> Hello CXF Devs, > >> > >> I am trying to access the secured (usernameToken) webservice deployed on > >> tomcat by the java client. I intercepted the exchanged messages via > >> tcpmon, > >> which are following: > >> > >> Request: > >> ---------- > >> > >> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/ > >> "><soap:Header><wsse:Security > >> xmlns:wsse=" > >> > >> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secex > >>t-1.0.xsd " > >> soap:mustUnderstand="1"><wsse:UsernameToken xmlns:wsse=" > >> > >> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secex > >>t-1.0.xsd " > >> xmlns:wsu=" > >> > >> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utili > >>ty-1.0.xsd " > >> > >> wsu:Id="UsernameToken-1"><wsse:Username>ws-client</wsse:Username><wsse:P > >>assword Type=" > >> > >> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-p > >>rofile-1.0#PasswordText > >> ">password</wsse:Password></wsse:UsernameToken></wsse:Security></soap:He > >>ader><soap:Body><ns2:processOrder xmlns:ns2="http://order.demo/";><arg0 > >> /></ns2:processOrder></soap:Body></soap:Envelope> > >> > >> > >> Response: > >> ------------- > >> > >> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/ > >> "><soap:Body><ns2:processOrderResponse > >> xmlns:ns2="http://order.demo/ > >> > >> "><return>ORD1234</return></ns2:processOrderResponse></soap:Body></soap: > >>Envelope> > >> > >> > >> Unlike the Request, response does not have the security header. I want > >> to know why **security header** (wsse:Security) is missing in the > >> response. Am > >> I missing something in the configurations? > >> > >> Can you please suggest what should I do to solve this problem? > >> > >> Here are the client and service side configurations: > >> > >> client-beans.xml > >> --------------------- > >> > >> <beans xmlns="http://www.springframework.org/schema/beans"; > >> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; > >> xmlns:jaxws="http://cxf.apache.org/jaxws"; > >> xsi:schemaLocation=" > >> http://www.springframework.org/schema/beans > >> http://www.springframework.org/schema/beans/spring-beans-2.0.xsd > >> http://cxf.apache.org/jaxws http://cxf.apache.org/schema/jaxws.xsd";> > >> > >> <bean id="client" class="demo.order.OrderProcess" > >> factory-bean="clientFactory" factory-method="create"/> > >> > >> <bean id="logIn" > >> class="org.apache.cxf.interceptor.LoggingInInterceptor" /> > >> <bean id="logOut" > >> class="org.apache.cxf.interceptor.LoggingOutInterceptor" > >> /> > >> <bean id="saajOut" > >> class="org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor" /> > >> <bean id="wss4jOut" > >> class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor"> > >> <constructor-arg> > >> <map> > >> <entry key="action" value="UsernameToken" /> > >> <entry key="user" value="ws-client" /> > >> <entry key="passwordType" value="PasswordText" /> > >> <entry key="passwordCallbackClass" > >> value="demo.order.client.ClientPasswordCallback" /> > >> </map> > >> </constructor-arg> > >> </bean> > >> > >> <bean id="clientFactory" > >> class="org.apache.cxf.jaxws.JaxWsProxyFactoryBean"> > >> <property name="serviceClass" value="demo.order.OrderProcess"/> > >> <property name="address" value=" > >> http://localhost:8080/neworderapp/OrderProcess"/> > >> <property name="inInterceptors"> > >> <list> > >> <ref bean="logIn" /> > >> </list> > >> </property> > >> <property name="outInterceptors"> > >> <list> > >> <ref bean="logOut" /> > >> <ref bean="saajOut" /> > >> <ref bean="wss4jOut" /> > >> </list> > >> </property> > >> </bean> > >> > >> </beans> > >> > >> > >> > >> beans.xml > >> ------------- > >> > >> <beans xmlns="http://www.springframework.org/schema/beans"; > >> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; > >> xmlns:jaxws="http://cxf.apache.org/jaxws"; > >> xsi:schemaLocation=" > >> http://www.springframework.org/schema/beans > >> http://www.springframework.org/schema/beans/spring-beans.xsd > >> http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd";> > >> > >> <import resource="classpath:META-INF/cxf/cxf.xml" /> > >> <import resource="classpath:META-INF/cxf/cxf-extension-soap.xml" /> > >> <import resource="classpath:META-INF/cxf/cxf-servlet.xml" /> > >> > >> <jaxws:endpoint > >> id="orderProcess" > >> implementor="demo.order.OrderProcessImpl" > >> address="/OrderProcess"> > >> <jaxws:inInterceptors> > >> <bean class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor" /> > >> <bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor"> > >> <constructor-arg> > >> <map> > >> <entry key="action" value="UsernameToken" /> > >> <entry key="passwordType" value="PasswordText" /> > >> <entry key="passwordCallbackClass" > >> value="demo.order.ServerPasswordCallback" /> > >> </map> > >> </constructor-arg> > >> </bean> > >> </jaxws:inInterceptors> > >> </jaxws:endpoint> > >> </beans> > > > > I am unable to see ServerOut-ClientIn WSS4J Interceptor configuration. > > For each way you require to configure. > > > > With Regards, > > Mayank > > > > Many Thanks in advance. > > > >> Best Regards, > >> Rahul -- Daniel Kulp [email protected] http://www.dankulp.com/blog
