Sean:
WSS4J it's an implementation of Oasis Web Services Security
Specification which basically describes a placeholder for security
information inside a security header. On of the possible "security
tokens" supported by the spec includes the UsernameToken.
When you are using the methods setUsername and setPassword you are
including authentication information but not inside WS-Security's
security header... Then you need to know what kind of authentication
information your service is waiting for and where it's going to look for
it. If your service is expecting a WS-Security header then wss4j is the
right tool for you.
Hope this helps,
Jos� M. Selman
Sean Shubin wrote:
They implemented it as an https: service with an unsigned certificate,
so I have already had to go through some hoops to just get the
non-authenticated methods working.
I shut off certificate checking with the line:
System.setProperty("axis.socketSecureFactory",
"org.apache.axis.components.net.SunFakeTrustSocketFactory");
Now according to the docs I have to pass "username" and "password" in
the soap header for the other methods. The docs say that "This
information should be passed to the URL".
So I am not 100% certian I need to use wss4j, but as the methods
call.setUsername() and call.setPassword() aren't working, I don't know
what else to do.
Jos� M. Selman wrote:
Yes, I guess so... It might be that the target service is expecting a
UsernameToken inside a security header (this is where wss4j comes to
play)... However it might be expecting just basic HTTP-based
authentication in which case you could just use Axis by itself...
Can't you get more information on what the target service is expecting?
Jos� M. Selman
Sean Shubin wrote:
Ok, thanks. I was trying to make a SOAP call to an https service
like so,
private Object invoke(String operationName, Object... params)
throws ServiceException, MalformedURLException, RemoteException {
String endpoint = WEB_SERVICE_URL;
Service service = new Service();
Call call = (Call) service.createCall();
call.setUsername(USERNAME);
call.setPassword(PASSWORD);
call.setTargetEndpointAddress(new URL(endpoint));
call.setOperationName(operationName);
Object ret = call.invoke(params);
return ret;
}
But I would still get the error "This service method requires user
authentication. Username/password is required.". Do you know if
wss4j has the solution? Or am I looking in the wrong place?
Jos� M. Selman wrote:
As far as I know there are no binaries available for download since
there hasn't been an official release. You need to check out the
source from CVS and build ir using either Ant or Maven.
Cheers,
Jos� M. Selman
Sean Shubin wrote:
I could not find a link anywhere on the home site:
http://ws.apache.org/ws-fx/wss4j/
Sean Shubin
No virus found in this incoming message.
Checked by AVG Anti-Virus.
Version: 7.0.322 / Virus Database: 266.11.17 - Release Date: 5/25/2005
No virus found in this incoming message.
Checked by AVG Anti-Virus.
Version: 7.0.322 / Virus Database: 266.11.17 - Release Date: 5/25/2005
begin:vcard
fn:Jose Miguel Selman
n:Selman;Jose Miguel
org:BEE Consultorias y Sistemas
adr:Las Condes;;Carmencita 25 Of. 62;Santiago;;NA;Chile
email;internet:[EMAIL PROTECTED]
tel;work:+5622317131
tel;fax:+5622317136
tel;cell:+5698737003
x-mozilla-html:TRUE
url:http://www.bee.cl
version:2.1
end:vcard
