We're running into problems added authentication to our web services. It works for our simple "hello world" web service, but when we try it with the real web service we get an InvalidSecurity fault. I've stripped the WSDL back so that the hello world and post code service are almost identical, but I still get this error. Any ideas?
*Failing Request* <soapenv:Envelope xmlns:car="http://xyzi.mycomp.co.uk/postcodedata_1"; xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";> <soapenv:Header> <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd "> <wsse:UsernameToken wsu:Id="UsernameToken-1" xmlns:wsu=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd "> <wsse:Username>BILL</wsse:Username> <wsse:Password Type=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText ">SECRET</wsse:Password> </wsse:UsernameToken> </wsse:Security> </soapenv:Header> <soapenv:Body> <car:getValidAddressTypes> <car:category>X</car:category> </car:getValidAddressTypes> </soapenv:Body> </soapenv:Envelope> *Response* <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";> <soapenv:Body> <soapenv:Fault> <faultcode>soapenv:Server</faultcode> <faultstring>InvalidSecurity</faultstring> <detail/> </soapenv:Fault> </soapenv:Body> </soapenv:Envelope> *services.xml* <?xml version="1.0" encoding="UTF-8"?> <!-- This file was auto-generated from WSDL --> <!-- by the Apache Axis2 version: 1.5.2 Built on : Sep 06, 2010 (09:42:01 CEST) --> <serviceGroup> <service name="PostCodeService_1_0"> <messageReceivers> <messageReceiver mep="http://www.w3.org/ns/wsdl/in-out"; class="uk.co.mycomp.foo.PostCodeService_1_0MessageReceiverInOut"/> </messageReceivers> <parameter name="ServiceClass">uk.co.mycomp.foo.PostCodeService_1_0Skeleton</parameter> <parameter name="useOriginalwsdl">true</parameter> <parameter name="modifyUserWSDLPortAddress">true</parameter> <operation name="getValidAddressTypes" mep=" http://www.w3.org/ns/wsdl/in-out"; namespace=" http://xyzi.mycomp.co.uk/postcodeservice_1";> <actionMapping> http://xyzi.mycomp.co.uk/postcodeservice_1/PostCodePortType/getValidAddressTypesRequest </actionMapping> <outputActionMapping> http://xyzi.mycomp.co.uk/postcodeservice_1/PostCodePortType/getValidAddressTypesResponse </outputActionMapping> </operation> <module ref="SmartintegratorModule"/> <module ref="rampart"/> <wsp:Policy wsu:Id="UsernameToken" xmlns:wsu=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";> <wsp:ExactlyOne> <wsp:All> <sp:SupportingTokens xmlns:sp=" http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";> <wsp:Policy> <sp:UsernameToken sp:IncludeToken=" http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient "> </sp:UsernameToken> </wsp:Policy> </sp:SupportingTokens> <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy";> <ramp:passwordCallbackClass>com.mycomp.ext.auth.PasswordCallbackHandler</ramp:passwordCallbackClass> </ramp:RampartConfig> </wsp:All> </wsp:ExactlyOne> </wsp:Policy> </service> <service name="SpringAwareService" class="com.mycomp.ext.spring.SpringInit"> <description>Spring initialiser</description> </service> </serviceGroup> *debug *[ERROR] InvalidSecurity org.apache.axis2.AxisFault: InvalidSecurity at org.apache.rampart.handler.PostDispatchVerificationHandler.invoke(PostDispatchVerificationHandler.java:152) at org.apache.axis2.engine.Phase.invoke(Phase.java:318) at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:251) at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:160) at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:167) at org.apache.axis2.transport.http.HTTPWorker.service(HTTPWorker.java:266) at org.apache.axis2.transport.http.server.AxisHttpService.doService(AxisHttpService.java:281) at org.apache.axis2.transport.http.server.AxisHttpService.handleRequest(AxisHttpService.java:187) at org.apache.axis2.transport.http.server.HttpServiceProcessor.run(HttpServiceProcessor.java:82) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) at java.lang.Thread.run(Thread.java:662)* *
