You could try writing an interceptor that runs before the security processing, that extracts the Username and password from the inbound request + removes the header, and then constructs a Security Header and adds it to the request. I don't know if you'll run into problems by adding headers to a received request or not as I've never tried it.
You can use the WSS4J API to construct a security header with a UsernameToken, see for example: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_6_x-fixes/src/test/java/org/apache/ws/security/message/UsernameTokenTest.java?view=markup Colm. On Fri, Aug 16, 2013 at 4:46 PM, hbetts3 <[email protected]> wrote: > I have a service secured using usernameToken that is expecting a message > that > looks like this : > <soapenv:Envelope xmlns:ivr="http://test/schema"; > xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";> > <soapenv:Header> > <wsse:Security > xmlns:wsse=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd > " > xmlns:wsu=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd > "> > <wsse:UsernameToken wsu:Id="UsernameToken-1"> > <wsse:Username>username</wsse:Username> > <wsse:Password > Type=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText > ">password</wsse:Password> > </wsse:UsernameToken> > </wsse:Security> > </soapenv:Header> > <soapenv:Body> > <ivr:Method1> > <parameter1>1234</parameter1> > <parameter2>1234567890123456</parameter2> > </ivr:Method1> > </soapenv:Body> > </soapenv:Envelope> > > We have a 3d party that cannot generate a client message that uses WSSec. > (don't ask why) > > They want to send a message that looks like this: > > > <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/ > " > xmlns:ivr="http://testurl.com/webserviceurl";> > <soapenv:Header> > <ivr:Authentication> > <ivr:userid>username</ivr:userid> > <ivr:password>password:password> > </ivr:Authentication> > </soapenv:Header> > <soapenv:Body> > <ivr:Method1> > <ivr:parameter1>1111111</ivr:parameter1> > <ivr:parameter2>1234</ivr:parameter2r> > </ivr:Method1> > </soapenv:Body> > </soapenv:Envelope> > > I am thinking that an Interceptor would get the information out of the > Authentication header I just don't know how to get the information into the > security header. > > I've also looked at the transformation feature at > http://cxf.apache.org/docs/transformationfeature.html , but without some > sample before and after code I just can't seem to get my head around it. > > Is there some help out there for me? > > Thanks, > Hendry > > > > > -- > View this message in context: > http://cxf.547215.n5.nabble.com/altering-inbound-headers-tp5732579.html > Sent from the cxf-user mailing list archive at Nabble.com. > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
