You're not seeing the UsernameToken as it's encrypted. You should see a "wsse:EncryptedData" structure in the security header of the request instead.
Colm. On Mon, Aug 19, 2013 at 1:54 PM, Sam <[email protected]> wrote: > Hi all, > > I have run the sample code for tutorial from > http://www.jroller.com/gmazza/**entry/usernametoken_** > messagelayer_encryption<http://www.jroller.com/gmazza/entry/usernametoken_messagelayer_encryption>successfully > (i.e. server response returned OK) > To be exact, it's the UsernameToken authentication with X509Token > symmetric binding for message protection, like the one from IBM doc > http://pic.dhe.ibm.com/**infocenter/radhelp/v9/index.** > jsp?topic=%2Fcom.ibm.**websphere.wlp.nd.**multiplatform.doc%2Fae%2Fcwlp_** > wssec_templates_scenario6.html<http://pic.dhe.ibm.com/infocenter/radhelp/v9/index.jsp?topic=%2Fcom.ibm.websphere.wlp.nd.multiplatform.doc%2Fae%2Fcwlp_wssec_templates_scenario6.html> > > WS-Policy in WSDL is > > <wsp:Policy wsu:Id="**DoubleItUTSymmetricX509Policy"**> > <wsp:ExactlyOne> > <wsp:All> > <wsam:Addressing wsp:Optional="false" /> > <sp:SymmetricBinding> > <wsp:Policy> > <sp:ProtectionToken> > <wsp:Policy> > <sp:X509Token > sp:IncludeToken="http://docs.**oasis-open.org/ws-sx/ws-** > securitypolicy/200702/**IncludeToken/Never<http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never> > "> > <wsp:Policy> > <sp:WssX509V3Token10 /> > <sp:**RequireIssuerSerialReference /> > </wsp:Policy> > </sp:X509Token> > </wsp:Policy> > </sp:ProtectionToken> > <sp:Layout> > <wsp:Policy> > <sp:Strict /> > </wsp:Policy> > </sp:Layout> > <sp:IncludeTimestamp /> > <sp:**OnlySignEntireHeadersAndBody /> > <sp:AlgorithmSuite> > <wsp:Policy> > <sp:Basic128 /> > </wsp:Policy> > </sp:AlgorithmSuite> > </wsp:Policy> > </sp:SymmetricBinding> > <sp:Wss11> > <wsp:Policy> > <sp:MustSupportRefIssuerSerial /> > <sp:MustSupportRefThumbprint /> > <sp:MustSupportRefEncryptedKey /> > </wsp:Policy> > </sp:Wss11> > <sp:**SignedEncryptedSupportingToken**s> > <wsp:Policy> > <sp:UsernameToken > sp:IncludeToken="http://docs.**oasis-open.org/ws-sx/ws-** > securitypolicy/200702/**IncludeToken/AlwaysToRecipient<http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient> > **"> > <wsp:Policy> > <sp:WssUsernameToken10 /> > </wsp:Policy> > </sp:UsernameToken> > </wsp:Policy> > </sp:**SignedEncryptedSupportingToken**s> > </wsp:All> > </wsp:ExactlyOne> > </wsp:Policy> > <wsp:Policy wsu:Id="DoubleItBinding_**DoubleIt_Input_Policy"> > <wsp:ExactlyOne> > <wsp:All> > <sp:EncryptedParts> > <sp:Body /> > </sp:EncryptedParts> > <sp:SignedParts> > <sp:Body /> > <sp:Header Name="To" > > Namespace="http://www.w3.org/**2005/08/addressing<http://www.w3.org/2005/08/addressing>" > /> > ... > </sp:SignedParts> > </wsp:All> > </wsp:ExactlyOne> > </wsp:Policy> > <wsp:Policy wsu:Id="DoubleItBinding_**DoubleIt_Output_Policy"> > <wsp:ExactlyOne> > <wsp:All> > <sp:EncryptedParts> > <sp:Body /> > </sp:EncryptedParts> > <sp:SignedParts> > <sp:Body /> > <sp:Header Name="To" > > Namespace="http://www.w3.org/**2005/08/addressing<http://www.w3.org/2005/08/addressing>" > /> > ... > </sp:SignedParts> > </wsp:All> > </wsp:ExactlyOne> > </wsp:Policy> > > > After examing the generated soap request from client code, to my surprose, > there is no <wsse:UsernameToken> at all even though the policy above clearly > states the use of UsernameToken. > > * So my question is, is this the expected behaviour for UsernameToken > authentication with X509Token symmetric binding or am I missing something? > > * Am I right to assume that for UsernameToken authentication with > X509Token asymmetric binding, I should expect to see <wsse:UsernameToken> > in soap request? > > Thanks in advance, > > Sam > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
