You are using cxf 3.0? For 2.7.x you can use:
outProps.put(WSHandlerConstants.ADD_UT_ELEMENTS, WSConstants.NONCE_LN + " " + WSConstants.CREATED_LN); Not sure what the equivalent is for 3.0 Some examples of what works for 2.7 https://github.com/pellcorp/cxf/blob/master/JavaFirst/src/test/java/com/pellcorp/server/TestUtils.java On Fri, Oct 10, 2014 at 10:22 PM, Chris <[email protected]> wrote: > Not sure if first message got through! > > We need to access a service with username/password protection and message > protection, against an Oracle server. After some tests we realised that it > did not protect against replay attacks. Configuring the server to require > timestamp and nonce resulted in an error. > > To simplify tings I then configured the service without message protection. > I can call the service succesfully by setting: > > Map<String, Object> props = client.getRequestContext(); > > props.put(SecurityConstants.CALLBACK_HANDLER, > new > Invoker_CXFNameCallbackHandler("password"); > props.put(SecurityConstants.USERNAME, "user"); > > This adds: > <wsse:Security > xmlns:wsse=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd > " > soap:mustUnderstand="true"> > <wsse:UsernameToken > xmlns:wsu=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd > " > wsu:Id="UsernameToken-bcfd47d6-33cd-477f-8847-0cf21f2b0006"> > <wsse:Username>user</wsse:Username> > <wsse:Password > Type=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText > ">password</wsse:Password> > </wsse:UsernameToken> > </wsse:Security> > > However I tried adding the nonce and timestamp: > > props.put(ConfigurationConstants.ADD_USERNAMETOKEN_NONCE, > "true"); > props.put(ConfigurationConstants.ADD_USERNAMETOKEN_CREATED, > "true"); > > > This made no difference - the nonce and timestamp are still not set. I also > tried Boolean values instead of the String "true" and "false" > > I have also tried removing the above code and setting: > > Map<String, Object> iprops = new HashMap<String,Object>(); > iprops.put(WSHandlerConstants.ACTION, > WSHandlerConstants.USERNAME_TOKEN); > iprops.put(WSHandlerConstants.USER , "user"); > iprops.put(WSHandlerConstants.PW_CALLBACK_REF, > new > Invoker_CXFNameCallbackHandler("password"); > iprops.put(WSHandlerConstants.ADD_USERNAMETOKEN_CREATED, > "true"); > iprops.put(WSHandlerConstants.ADD_USERNAMETOKEN_NONCE, "true"); > iprops.put(WSHandlerConstants.PASSWORD_TYPE, > WSConstants.PW_TEXT); > > > //client.getEndpoint().getInInterceptors().clear(); > client.getEndpoint().getInInterceptors().add(new > WSS4JInInterceptor(iprops)); > //client.getEndpoint().getOutInterceptors().clear(); > client.getEndpoint().getOutInterceptors().add(new > WSS4JOutInterceptor()); > > This gives an error: > > Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: No > username > available > at > org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:159) > at com.sun.proxy.$Proxy33.whoAmI(Unknown Source) > at uk.co.ybs.ep10test.Invoker.main(Invoker.java:132) > Caused by: org.apache.cxf.ws.policy.PolicyException: No username available > at > > org.apache.cxf.ws.security.wss4j.AbstractTokenInterceptor.policyNotAsserted(AbstractTokenInterceptor.java:277) > at > > org.apache.cxf.ws.security.wss4j.UsernameTokenInterceptor.addUsernameToken(UsernameTokenInterceptor.java:395) > at > > org.apache.cxf.ws.security.wss4j.UsernameTokenInterceptor.addToken(UsernameTokenInterceptor.java:340) > > > I think I need to find how to pass the ADD_USERNAMETOKEN_NONCE and > ADD_USERNAMETOKEN_CREATED to the underlying wss4j. How do I do this? > > Thanks > Chris > > > > -- > View this message in context: > http://cxf.547215.n5.nabble.com/CXF-client-send-nonce-and-timestamp-tp5749743p5749747.html > Sent from the cxf-user mailing list archive at Nabble.com. >
