cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "rahul.soa" <rahul....@googlemail.com>
Subject Re: Security header wsse:Security is missing in Response
Date Wed, 08 Jul 2009 21:29:16 GMT
Thanks Mayank for the response. So that means Client should have
WSS4JOutInterceptor configured to send the secured SOAP Request and should
also be configured with WSS4JInInterceptor to receive the secured Response
from Server. And contrary applies to Server.

Best Regards,
Rahul


So that means

On Wed, Jul 8, 2009 at 7:51 PM, Mayank Mishra <mayankm01@gmail.com> wrote:

> rahul.soa wrote:
>
>> Hello CXF Devs,
>>
>> I am trying to access the secured (usernameToken) webservice deployed on
>> tomcat by the java client. I intercepted the exchanged messages via
>> tcpmon,
>> which are following:
>>
>> Request:
>> ----------
>>
>> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/
>> "><soap:Header><wsse:Security
>> xmlns:wsse="
>>
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
>> "
>> soap:mustUnderstand="1"><wsse:UsernameToken xmlns:wsse="
>>
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
>> "
>> xmlns:wsu="
>>
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
>> "
>>
>> wsu:Id="UsernameToken-1"><wsse:Username>ws-client</wsse:Username><wsse:Password
>> Type="
>>
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText
>> ">password</wsse:Password></wsse:UsernameToken></wsse:Security></soap:Header><soap:Body><ns2:processOrder
>> xmlns:ns2="http://order.demo/"><arg0
>> /></ns2:processOrder></soap:Body></soap:Envelope>
>>
>>
>> Response:
>> -------------
>>
>> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/
>> "><soap:Body><ns2:processOrderResponse
>> xmlns:ns2="http://order.demo/
>>
>> "><return>ORD1234</return></ns2:processOrderResponse></soap:Body></soap:Envelope>
>>
>>
>> Unlike the Request, response does not have the security header. I want to
>> know why **security header** (wsse:Security) is missing in the response.
>> Am
>> I missing something in the configurations?
>>
>> Can you please suggest what should I do to solve this problem?
>>
>> Here are the client and service side configurations:
>>
>> client-beans.xml
>> ---------------------
>>
>> <beans xmlns="http://www.springframework.org/schema/beans"
>>    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>>    xmlns:jaxws="http://cxf.apache.org/jaxws"
>>    xsi:schemaLocation="
>> http://www.springframework.org/schema/beans
>> http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
>> http://cxf.apache.org/jaxws http://cxf.apache.org/schema/jaxws.xsd">
>>
>>    <bean id="client" class="demo.order.OrderProcess"
>>      factory-bean="clientFactory" factory-method="create"/>
>>
>>   <bean id="logIn" class="org.apache.cxf.interceptor.LoggingInInterceptor"
>> />
>>  <bean id="logOut"
>> class="org.apache.cxf.interceptor.LoggingOutInterceptor"
>> />
>>  <bean id="saajOut"
>> class="org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor" />
>>  <bean id="wss4jOut"
>> class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
>>    <constructor-arg>
>>      <map>
>>        <entry key="action" value="UsernameToken" />
>>        <entry key="user" value="ws-client" />
>>        <entry key="passwordType" value="PasswordText" />
>>        <entry key="passwordCallbackClass"
>> value="demo.order.client.ClientPasswordCallback" />
>>      </map>
>>    </constructor-arg>
>>  </bean>
>>
>>    <bean id="clientFactory"
>> class="org.apache.cxf.jaxws.JaxWsProxyFactoryBean">
>>      <property name="serviceClass" value="demo.order.OrderProcess"/>
>>      <property name="address" value="
>> http://localhost:8080/neworderapp/OrderProcess"/>
>>      <property name="inInterceptors">
>>      <list>
>>        <ref bean="logIn" />
>>      </list>
>>    </property>
>>    <property name="outInterceptors">
>>      <list>
>>        <ref bean="logOut" />
>>        <ref bean="saajOut" />
>>        <ref bean="wss4jOut" />
>>      </list>
>>    </property>
>>    </bean>
>>
>> </beans>
>>
>>
>>
>> beans.xml
>> -------------
>>
>> <beans xmlns="http://www.springframework.org/schema/beans"
>>    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>>    xmlns:jaxws="http://cxf.apache.org/jaxws"
>>    xsi:schemaLocation="
>> http://www.springframework.org/schema/beans
>> http://www.springframework.org/schema/beans/spring-beans.xsd
>> http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd">
>>
>>    <import resource="classpath:META-INF/cxf/cxf.xml" />
>>    <import resource="classpath:META-INF/cxf/cxf-extension-soap.xml" />
>>    <import resource="classpath:META-INF/cxf/cxf-servlet.xml" />
>>
>>    <jaxws:endpoint
>>      id="orderProcess"
>>      implementor="demo.order.OrderProcessImpl"
>>      address="/OrderProcess">
>>      <jaxws:inInterceptors>
>>      <bean class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor" />
>>      <bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
>>        <constructor-arg>
>>          <map>
>>            <entry key="action" value="UsernameToken" />
>>            <entry key="passwordType" value="PasswordText" />
>>            <entry key="passwordCallbackClass"
>> value="demo.order.ServerPasswordCallback" />
>>          </map>
>>        </constructor-arg>
>>      </bean>
>>    </jaxws:inInterceptors>
>>   </jaxws:endpoint>
>> </beans>
>>
>>
>>
>
> I am unable to see ServerOut-ClientIn WSS4J Interceptor configuration. For
> each way you require to configure.
>
> With Regards,
> Mayank
>
>  Many Thanks in advance.
>>
>> Best Regards,
>> Rahul
>>
>>
>>
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message