cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Kulp <dk...@apache.org>
Subject Re: Security header wsse:Security is missing in Response
Date Thu, 09 Jul 2009 01:15:31 GMT
On Wed July 8 2009 5:29:16 pm rahul.soa wrote:
> Thanks Mayank for the response. So that means Client should have
> WSS4JOutInterceptor configured to send the secured SOAP Request and should
> also be configured with WSS4JInInterceptor to receive the secured Response
> from Server. And contrary applies to Server.

That's right.

This is partially why using the WS-SecurityPolicy stuff makes it a bit easier.   
You don't need to mess with interceptors as the Policy framework handles that.   
You just need to add a little configuration to the endpoint or client (via 
standard JAX-WS context property mechanisms) and the policy framework does the 
rest.

Dan


> Best Regards,
> Rahul
>
>
> So that means
>
> On Wed, Jul 8, 2009 at 7:51 PM, Mayank Mishra <mayankm01@gmail.com> wrote:
> > rahul.soa wrote:
> >> Hello CXF Devs,
> >>
> >> I am trying to access the secured (usernameToken) webservice deployed on
> >> tomcat by the java client. I intercepted the exchanged messages via
> >> tcpmon,
> >> which are following:
> >>
> >> Request:
> >> ----------
> >>
> >> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/
> >> "><soap:Header><wsse:Security
> >> xmlns:wsse="
> >>
> >> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secex
> >>t-1.0.xsd "
> >> soap:mustUnderstand="1"><wsse:UsernameToken xmlns:wsse="
> >>
> >> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secex
> >>t-1.0.xsd "
> >> xmlns:wsu="
> >>
> >> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utili
> >>ty-1.0.xsd "
> >>
> >> wsu:Id="UsernameToken-1"><wsse:Username>ws-client</wsse:Username><wsse:P
> >>assword Type="
> >>
> >> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-p
> >>rofile-1.0#PasswordText
> >> ">password</wsse:Password></wsse:UsernameToken></wsse:Security></soap:He
> >>ader><soap:Body><ns2:processOrder xmlns:ns2="http://order.demo/"><arg0
> >> /></ns2:processOrder></soap:Body></soap:Envelope>
> >>
> >>
> >> Response:
> >> -------------
> >>
> >> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/
> >> "><soap:Body><ns2:processOrderResponse
> >> xmlns:ns2="http://order.demo/
> >>
> >> "><return>ORD1234</return></ns2:processOrderResponse></soap:Body></soap:
> >>Envelope>
> >>
> >>
> >> Unlike the Request, response does not have the security header. I want
> >> to know why **security header** (wsse:Security) is missing in the
> >> response. Am
> >> I missing something in the configurations?
> >>
> >> Can you please suggest what should I do to solve this problem?
> >>
> >> Here are the client and service side configurations:
> >>
> >> client-beans.xml
> >> ---------------------
> >>
> >> <beans xmlns="http://www.springframework.org/schema/beans"
> >>    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> >>    xmlns:jaxws="http://cxf.apache.org/jaxws"
> >>    xsi:schemaLocation="
> >> http://www.springframework.org/schema/beans
> >> http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
> >> http://cxf.apache.org/jaxws http://cxf.apache.org/schema/jaxws.xsd">
> >>
> >>    <bean id="client" class="demo.order.OrderProcess"
> >>      factory-bean="clientFactory" factory-method="create"/>
> >>
> >>   <bean id="logIn"
> >> class="org.apache.cxf.interceptor.LoggingInInterceptor" />
> >>  <bean id="logOut"
> >> class="org.apache.cxf.interceptor.LoggingOutInterceptor"
> >> />
> >>  <bean id="saajOut"
> >> class="org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor" />
> >>  <bean id="wss4jOut"
> >> class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
> >>    <constructor-arg>
> >>      <map>
> >>        <entry key="action" value="UsernameToken" />
> >>        <entry key="user" value="ws-client" />
> >>        <entry key="passwordType" value="PasswordText" />
> >>        <entry key="passwordCallbackClass"
> >> value="demo.order.client.ClientPasswordCallback" />
> >>      </map>
> >>    </constructor-arg>
> >>  </bean>
> >>
> >>    <bean id="clientFactory"
> >> class="org.apache.cxf.jaxws.JaxWsProxyFactoryBean">
> >>      <property name="serviceClass" value="demo.order.OrderProcess"/>
> >>      <property name="address" value="
> >> http://localhost:8080/neworderapp/OrderProcess"/>
> >>      <property name="inInterceptors">
> >>      <list>
> >>        <ref bean="logIn" />
> >>      </list>
> >>    </property>
> >>    <property name="outInterceptors">
> >>      <list>
> >>        <ref bean="logOut" />
> >>        <ref bean="saajOut" />
> >>        <ref bean="wss4jOut" />
> >>      </list>
> >>    </property>
> >>    </bean>
> >>
> >> </beans>
> >>
> >>
> >>
> >> beans.xml
> >> -------------
> >>
> >> <beans xmlns="http://www.springframework.org/schema/beans"
> >>    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> >>    xmlns:jaxws="http://cxf.apache.org/jaxws"
> >>    xsi:schemaLocation="
> >> http://www.springframework.org/schema/beans
> >> http://www.springframework.org/schema/beans/spring-beans.xsd
> >> http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd">
> >>
> >>    <import resource="classpath:META-INF/cxf/cxf.xml" />
> >>    <import resource="classpath:META-INF/cxf/cxf-extension-soap.xml" />
> >>    <import resource="classpath:META-INF/cxf/cxf-servlet.xml" />
> >>
> >>    <jaxws:endpoint
> >>      id="orderProcess"
> >>      implementor="demo.order.OrderProcessImpl"
> >>      address="/OrderProcess">
> >>      <jaxws:inInterceptors>
> >>      <bean class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor" />
> >>      <bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
> >>        <constructor-arg>
> >>          <map>
> >>            <entry key="action" value="UsernameToken" />
> >>            <entry key="passwordType" value="PasswordText" />
> >>            <entry key="passwordCallbackClass"
> >> value="demo.order.ServerPasswordCallback" />
> >>          </map>
> >>        </constructor-arg>
> >>      </bean>
> >>    </jaxws:inInterceptors>
> >>   </jaxws:endpoint>
> >> </beans>
> >
> > I am unable to see ServerOut-ClientIn WSS4J Interceptor configuration.
> > For each way you require to configure.
> >
> > With Regards,
> > Mayank
> >
> >  Many Thanks in advance.
> >
> >> Best Regards,
> >> Rahul

-- 
Daniel Kulp
dkulp@apache.org
http://www.dankulp.com/blog

Mime
View raw message