cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mayank Mishra <mayank...@gmail.com>
Subject Re: Security header wsse:Security is missing in Response
Date Wed, 08 Jul 2009 17:51:36 GMT
rahul.soa wrote:
> Hello CXF Devs,
>
> I am trying to access the secured (usernameToken) webservice deployed on
> tomcat by the java client. I intercepted the exchanged messages via tcpmon,
> which are following:
>
> Request:
> ----------
>
> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Header><wsse:Security
> xmlns:wsse="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
> soap:mustUnderstand="1"><wsse:UsernameToken xmlns:wsse="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
> xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
> wsu:Id="UsernameToken-1"><wsse:Username>ws-client</wsse:Username><wsse:Password
> Type="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password</wsse:Password></wsse:UsernameToken></wsse:Security></soap:Header><soap:Body><ns2:processOrder
> xmlns:ns2="http://order.demo/"><arg0
> /></ns2:processOrder></soap:Body></soap:Envelope>
>
>
> Response:
> -------------
>
> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><ns2:processOrderResponse
> xmlns:ns2="http://order.demo/
> "><return>ORD1234</return></ns2:processOrderResponse></soap:Body></soap:Envelope>
>
>
> Unlike the Request, response does not have the security header. I want to
> know why **security header** (wsse:Security) is missing in the response. Am
> I missing something in the configurations?
>
> Can you please suggest what should I do to solve this problem?
>
> Here are the client and service side configurations:
>
> client-beans.xml
> ---------------------
>
> <beans xmlns="http://www.springframework.org/schema/beans"
>     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>     xmlns:jaxws="http://cxf.apache.org/jaxws"
>     xsi:schemaLocation="
> http://www.springframework.org/schema/beans
> http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
> http://cxf.apache.org/jaxws http://cxf.apache.org/schema/jaxws.xsd">
>
>     <bean id="client" class="demo.order.OrderProcess"
>       factory-bean="clientFactory" factory-method="create"/>
>
>    <bean id="logIn" class="org.apache.cxf.interceptor.LoggingInInterceptor"
> />
>   <bean id="logOut" class="org.apache.cxf.interceptor.LoggingOutInterceptor"
> />
>   <bean id="saajOut"
> class="org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor" />
>   <bean id="wss4jOut"
> class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
>     <constructor-arg>
>       <map>
>         <entry key="action" value="UsernameToken" />
>         <entry key="user" value="ws-client" />
>         <entry key="passwordType" value="PasswordText" />
>         <entry key="passwordCallbackClass"
> value="demo.order.client.ClientPasswordCallback" />
>       </map>
>     </constructor-arg>
>   </bean>
>
>     <bean id="clientFactory"
> class="org.apache.cxf.jaxws.JaxWsProxyFactoryBean">
>       <property name="serviceClass" value="demo.order.OrderProcess"/>
>       <property name="address" value="
> http://localhost:8080/neworderapp/OrderProcess"/>
>       <property name="inInterceptors">
>       <list>
>         <ref bean="logIn" />
>       </list>
>     </property>
>     <property name="outInterceptors">
>       <list>
>         <ref bean="logOut" />
>         <ref bean="saajOut" />
>         <ref bean="wss4jOut" />
>       </list>
>     </property>
>     </bean>
>
> </beans>
>
>
>
> beans.xml
> -------------
>
> <beans xmlns="http://www.springframework.org/schema/beans"
>     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>     xmlns:jaxws="http://cxf.apache.org/jaxws"
>     xsi:schemaLocation="
> http://www.springframework.org/schema/beans
> http://www.springframework.org/schema/beans/spring-beans.xsd
> http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd">
>
>     <import resource="classpath:META-INF/cxf/cxf.xml" />
>     <import resource="classpath:META-INF/cxf/cxf-extension-soap.xml" />
>     <import resource="classpath:META-INF/cxf/cxf-servlet.xml" />
>
>     <jaxws:endpoint
>       id="orderProcess"
>       implementor="demo.order.OrderProcessImpl"
>       address="/OrderProcess">
>       <jaxws:inInterceptors>
>       <bean class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor" />
>       <bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
>         <constructor-arg>
>           <map>
>             <entry key="action" value="UsernameToken" />
>             <entry key="passwordType" value="PasswordText" />
>             <entry key="passwordCallbackClass"
> value="demo.order.ServerPasswordCallback" />
>           </map>
>         </constructor-arg>
>       </bean>
>     </jaxws:inInterceptors>
>    </jaxws:endpoint>
> </beans>
>
>   

I am unable to see ServerOut-ClientIn WSS4J Interceptor configuration. 
For each way you require to configure.

With Regards,
Mayank
> Many Thanks in advance.
>
> Best Regards,
> Rahul
>
>   


Mime
View raw message