cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "rahul.soa" <rahul....@googlemail.com>
Subject Security header wsse:Security is missing in Response
Date Tue, 07 Jul 2009 22:43:06 GMT
Hello CXF Devs,

I am trying to access the secured (usernameToken) webservice deployed on
tomcat by the java client. I intercepted the exchanged messages via tcpmon,
which are following:

Request:
----------

<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Header><wsse:Security
xmlns:wsse="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
soap:mustUnderstand="1"><wsse:UsernameToken xmlns:wsse="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="UsernameToken-1"><wsse:Username>ws-client</wsse:Username><wsse:Password
Type="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password</wsse:Password></wsse:UsernameToken></wsse:Security></soap:Header><soap:Body><ns2:processOrder
xmlns:ns2="http://order.demo/"><arg0
/></ns2:processOrder></soap:Body></soap:Envelope>


Response:
-------------

<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><ns2:processOrderResponse
xmlns:ns2="http://order.demo/
"><return>ORD1234</return></ns2:processOrderResponse></soap:Body></soap:Envelope>


Unlike the Request, response does not have the security header. I want to
know why **security header** (wsse:Security) is missing in the response. Am
I missing something in the configurations?

Can you please suggest what should I do to solve this problem?

Here are the client and service side configurations:

client-beans.xml
---------------------

<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:jaxws="http://cxf.apache.org/jaxws"
    xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://cxf.apache.org/jaxws http://cxf.apache.org/schema/jaxws.xsd">

    <bean id="client" class="demo.order.OrderProcess"
      factory-bean="clientFactory" factory-method="create"/>

   <bean id="logIn" class="org.apache.cxf.interceptor.LoggingInInterceptor"
/>
  <bean id="logOut" class="org.apache.cxf.interceptor.LoggingOutInterceptor"
/>
  <bean id="saajOut"
class="org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor" />
  <bean id="wss4jOut"
class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
    <constructor-arg>
      <map>
        <entry key="action" value="UsernameToken" />
        <entry key="user" value="ws-client" />
        <entry key="passwordType" value="PasswordText" />
        <entry key="passwordCallbackClass"
value="demo.order.client.ClientPasswordCallback" />
      </map>
    </constructor-arg>
  </bean>

    <bean id="clientFactory"
class="org.apache.cxf.jaxws.JaxWsProxyFactoryBean">
      <property name="serviceClass" value="demo.order.OrderProcess"/>
      <property name="address" value="
http://localhost:8080/neworderapp/OrderProcess"/>
      <property name="inInterceptors">
      <list>
        <ref bean="logIn" />
      </list>
    </property>
    <property name="outInterceptors">
      <list>
        <ref bean="logOut" />
        <ref bean="saajOut" />
        <ref bean="wss4jOut" />
      </list>
    </property>
    </bean>

</beans>



beans.xml
-------------

<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:jaxws="http://cxf.apache.org/jaxws"
    xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd">

    <import resource="classpath:META-INF/cxf/cxf.xml" />
    <import resource="classpath:META-INF/cxf/cxf-extension-soap.xml" />
    <import resource="classpath:META-INF/cxf/cxf-servlet.xml" />

    <jaxws:endpoint
      id="orderProcess"
      implementor="demo.order.OrderProcessImpl"
      address="/OrderProcess">
      <jaxws:inInterceptors>
      <bean class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor" />
      <bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
        <constructor-arg>
          <map>
            <entry key="action" value="UsernameToken" />
            <entry key="passwordType" value="PasswordText" />
            <entry key="passwordCallbackClass"
value="demo.order.ServerPasswordCallback" />
          </map>
        </constructor-arg>
      </bean>
    </jaxws:inInterceptors>
   </jaxws:endpoint>
</beans>


Many Thanks in advance.

Best Regards,
Rahul

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message