Hi, What is the reason to compose UsernameToken SOAP header request manually instead using WSS4JOutInterceptor or WS-Policy on the client side? You can find details in ws_security/ut sample of CXF distribution or in Glen Mazza's blog: http://www.jroller.com/gmazza/entry/cxf_usernametoken_profile.
Regards, Andrei. > -----Original Message----- > From: Nidhi Sharma [mailto:[email protected]] > Sent: Donnerstag, 25. April 2013 20:21 > To: [email protected] > Subject: Problem with UsernameToken > > Hi, > > I am trying to apply UsernameToken Security to my cxf webservice using > WSS4jInIterceptor.Here is my endpoint declaration: > <jaxws:endpoint id="ibis-webservice" > mplementor="org.ets.skm.oasys.webservice.event.EventNotificationBean" > > address="/eventNotification"> > <jaxws:inInterceptors> > <bean id="saajIn" > class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor"/> > <bean id="wss4jIn" > class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor"> > <constructor-arg> > <map> > <entry key="action" > value="UsernameToken"/> > <entry > key="passwordType" value="PasswordText"/> > <entry > key="passwordCallbackRef"> > <ref > bean="myPasswordCallback" /> > </entry> > </map> > </constructor-arg> > </bean> > <bean id="saajOut" > class="org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor"/> > </jaxws:inInterceptors> > <jaxws:properties> > <entry key="ws- > security.enable.nonce.cache" value="false" /> > <entry key="ws- > security.enable.timestamp.cache" value="false" /> > <entry key="ws-security.is-bsp-compliant" > value="false"/> > </jaxws:properties> > </jaxws:endpoint> > > I am invoking this webservice fron java client: > EventNotificationService ss = new EventNotificationService(wsdlURL, > SERVICE_NAME); > HeaderHandlerResolver handlerResolver = new > HeaderHandlerResolver(); > > **ss.setHandlerResolver(handlerResolver);*ss.setHandlerResolver(handlerR > esolver);* > EventNotificationEndPoint port = > ss.getEventNotificationEndPointPort(); > > final Client proxy = ClientProxy.getClient(port); > final HTTPConduit conduit = (HTTPConduit) > proxy.getConduit(); > HTTPClientPolicy httpClientPolicy = new > HTTPClientPolicy(); > httpClientPolicy.setConnectionTimeout(1800000); > httpClientPolicy.setReceiveTimeout(1800000); > TLSClientParameters param = new > TLSClientParameters(); > param.setDisableCNCheck(true); > conduit.setTlsClientParameters(param); > conduit.setClient(httpClientPolicy); > org.ets.skm.oasys.webservice.event.Status _sendNotification__return = > port.sendNotification(info); > > Using handlerResolver to create my SOAP message: > private static final String AUTH_NS = > "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity- > secext-1.0.xsd"; > > private static final String AUTH_PREFIX="wsse"; > > SOAPEnvelope envelope = smc.getMessage().getSOAPPart().getEnvelope(); > SOAPHeader header = envelope.getHeader(); QName security = > new QName(AUTH_NS, "Security", AUTH_PREFIX); > SOAPHeaderElement securitynHeader = > header.addHeaderElement(security); > securitynHeader.setMustUnderstand(true); > SOAPFactory soapFactory = > SOAPFactory.newInstance(); SOAPElement userNameTokenElm = > soapFactory.createElement("UsernameToken", > AUTH_PREFIX, > AUTH_NS); > SOAPElement userNameElm = > soapFactory.createElement("Username", > AUTH_PREFIX, > AUTH_NS); > userNameElm.addTextNode("TestUser"); > SOAPElement passwdElm = > soapFactory.createElement("Password", > AUTH_PREFIX, > AUTH_NS); > passwdElm.addTextNode("TestPassword"); > > userNameTokenElm.addChildElement(passwdElm); > > userNameTokenElm.addChildElement(userNameElm); > > securitynHeader.addChildElement(userNameTokenElm); > > > BUT my call come to WSS4jInInterceptor at server side and internally when it > is calling WSSecurityEngine.processSecurityHeader() it didn't find any > UsernameToken and related nodes so while calling Node node = > securityHeader.getFirstChild(); in this method it is returning null. > > As I am adding UsernameToken in my request why at server side it cannot > find it and its throwing ActionMismatch WebService Exception. > > Please help me as I am not able to understand the problem. > > Nidhi > > > > > -- > View this message in context: http://cxf.547215.n5.nabble.com/Problem- > with-UsernameToken-tp5726788.html > Sent from the cxf-user mailing list archive at Nabble.com.
