Hi, Sorry I am still not clear what you are trying to do. Can I suggest you take another look at my example. Run the com.pellcorp.server.ServiceInvoker class from eclipse which starts a jetty server with various endpoints exposed.
Remove the <sp:IncludeTimestamp /> from the UsernamePasswordToken.xml before you start the ServiceInvoker. You can then execute the ping() method located at: https://localhost:10000/OperationSimpleService with the following XML Notice the ws-security heading. I guess my point is start with something that works, and then start to morph it to your desired web service rather than start from scratch. That is certainly what I find works best. <soapenv:Envelope xmlns:oper="http://com.pellcorp/service/OperationSimpleService"; xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";> <soapenv:Header> <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";> <wsse:UsernameToken wsu:Id="UsernameToken-1"> <wsse:Username>lucy</wsse:Username> <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText";>password</wsse:Password> </wsse:UsernameToken> </wsse:Security> </soapenv:Header> <soapenv:Body> <oper:ping/> </soapenv:Body> </soapenv:Envelope> On Tue, Feb 19, 2013 at 7:19 PM, lv <[email protected]> wrote: > > I copy following class to the sample project. Now I can see the error: > org.apache.ws.security.WSSecurityException: An error was discovered > processing the <wsse:Security> header > > Client side [mobile users: IOS and Android ] send xml to web services. What's > the contents of incoming data ? > > package com.testws.callback; > > import java.io.IOException; > import java.util.HashMap; > import java.util.Map; > import javax.security.auth.callback.Callback; > import javax.security.auth.callback.CallbackHandler; > import javax.security.auth.callback.UnsupportedCallbackException; > import org.apache.ws.security.WSConstants; > import org.apache.ws.security.WSPasswordCallback; > > public class WSDemoAuthHandler implements CallbackHandler { > private Map<String, String> passwords = new HashMap<String, String>(); > > public WSDemoAuthHandler() { > passwords.put("client", "admin"); > } > > public void handle(Callback[] callbacks) throws IOException, > UnsupportedCallbackException { > for (int i = 0; i < callbacks.length; i++) { > WSPasswordCallback pc = (WSPasswordCallback) callbacks[i]; > String passwordText = WSConstants.PASSWORD_TEXT; > System.out.println("passwordText:" + passwordText); > System.out.println("WSClientAuthHandler client password:" > + pc.getPassword()); > String pass = passwords.get(pc.getIdentifier()); > System.out.println("WSDemoAuthHandler server password:" + pass); > if (pass != null) { > pc.setPassword(pass); > } > } > } > > } > > >> From: [email protected] >> To: [email protected] >> Subject: RE: Simple questions about username token example >> Date: Tue, 19 Feb 2013 06:53:35 +0000 >> >> >> Thank you. I create a sample project and it can publish wsdl with security. >> But after client side [mobile users] send string parameters, the security >> does not show any error. Web servers do not require username and password. >> What code snippet is missing? >> And what the incomming data format should client side sent? Should soap head >> be added? >> >> >> package com.testws.ws; >> >> import java.io.StringReader; >> import java.lang.reflect.Method; >> import java.util.ArrayList; >> import java.util.List; >> import javax.jws.WebMethod; >> import javax.jws.WebService; >> import javax.jws.soap.SOAPBinding; >> import org.jdom.Document; >> import org.jdom.Element; >> import org.jdom.input.SAXBuilder; >> import org.springframework.stereotype.Component; >> import org.xml.sax.InputSource; >> import com.testws.util.WSConvert; >> import com.testws.util.WStype; >> import org.apache.cxf.annotations.Policies; >> import org.apache.cxf.annotations.Policy; >> /* >> * >> http://localhost:8080/testWS/testWebServiceSecurity/TestWebServiceSecurity?WSDL >> * */ >> >> @Component >> @WebService(name="testWebServiceSecurity", >> serviceName="testWebServiceSecurity", >> targetNamespace="http://com.testws"; >> ) >> @SOAPBinding(style = SOAPBinding.Style.DOCUMENT, >> use=SOAPBinding.Use.LITERAL, >> parameterStyle=SOAPBinding.ParameterStyle.WRAPPED >> ) >> //@Policies( >> // @Policy(uri="classpath:/AlternativesPolicy.xml", >> // placement = Policy.Placement.BINDING)) >> >> public class TestWebServiceSecurity{ >> >> public TestWebServiceSecurity(){} >> >> private static ArrayList<Object[]> parseXml2(String paramString) throws >> Exception{ >> StringReader read = new StringReader(paramString); >> InputSource source = new InputSource(read); >> SAXBuilder sb = new SAXBuilder(); >> Document doc = sb.build(source); >> Element root = doc.getRootElement(); >> Element functionElt=root.getChild("function"); >> Element par=root.getChild("params"); >> List<Element> listElt=par.getChildren(); >> String str[]=new String[listElt.size()+1]; >> String rmp [] =new String[listElt.size()]; >> String funcitonName=functionElt.getText(); >> str[0]=funcitonName; >> String [] rmp1={str[0]}; >> for(int i=0;i<listElt.size();i++){ >> Element el=listElt.get(i); >> str[i+1]=el.getText(); >> rmp[i]=el.getText(); >> } >> ArrayList<Object[]>ra=new ArrayList<Object[]>(); >> ra.add(rmp1); >> ra.add(rmp); >> return ra; >> } >> >> @Policies({ >> @Policy(uri = "classpath:/UsernamePasswordPolicy.xml", >> placement = >> Policy.Placement.BINDING_OPERATION_INPUT) >> }) >> // @Policies( >> // @Policy(uri="classpath:/AlternativesPolicy.xml", >> // placement = Policy.Placement.BINDING)) >> @WebMethod(operationName = "TestService") >> public String TestService(String paramString) throws Exception{ >> Object returnValue = null; >> String functionName=""; >> ArrayList<Object []>s = parseXml2(paramString); >> functionName = s.get(0)[0].toString(); >> Class<?>[] mapValue = WStype.map.get(functionName); >> Class cl=Class.forName("com.testws.dao.TestWebServiceSecurityDao"); >> Method m=cl.getDeclaredMethod(functionName, mapValue); >> m.setAccessible(true); >> Object[] newobject=getObject(s.get(1), mapValue); >> m.invoke(cl.newInstance(), newobject); >> return functionName; >> } >> >> private Object[] getObject(Object[] ina, Class<?>[] type){ >> Object [] o = new Object[ina.length]; >> for(int i=0; i<ina.length; i++){ >> o[i]=WSConvert.convert(ina[i].toString(), type[i]); >> >> } >> return o; >> } >> >> } >> >> >> package com.testws.dao; >> >> import org.springframework.stereotype.Repository; >> >> @Repository >> public class TestWebServiceSecurityDao { >> >> public TestWebServiceSecurityDao(){} >> >> @SuppressWarnings("unused") >> private String TestOrder(String userName, String type, String startNo, >> String endNo){ >> StringBuilder sb = new StringBuilder("<?xml version=\"1.0\" >> encoding=\"utf-8\" ?><Root function=\"TestOrder\" result=\"false\"><status >> str=\"error\" /></Root>"); >> System.out.println(sb); >> return sb.toString(); >> } >> >> } >> >> >> Testing code: >> I use wsdl2java to get java code. And following is my testing code: >> >> package testws.test; >> >> import testws.com.Exception_Exception; >> import testws.com.TestWebServiceSecurity; >> import testws.com.TestWebServiceSecurity_Service; >> >> public class Test { >> public static void main(String[] args) throws Exception_Exception { >> TestWebServiceSecurity_Service tss = new >> TestWebServiceSecurity_Service(); >> TestWebServiceSecurity tws = tss.getTestWebServiceSecurityPort(); >> String param = >> "<root><function>TestOrder</function><params><param>1460</param><param>travel</param><param>travel</param><param>2012-11-30 >> 11:59:57 +0000</param></params></root>"; >> System.out.println("18="+tws.testService(param)); >> } >> } >> >> > >
