Return-Path: Delivered-To: apmail-cxf-dev-archive@www.apache.org Received: (qmail 48331 invoked from network); 9 Jul 2009 01:15:56 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 9 Jul 2009 01:15:56 -0000 Received: (qmail 6287 invoked by uid 500); 9 Jul 2009 01:16:06 -0000 Delivered-To: apmail-cxf-dev-archive@cxf.apache.org Received: (qmail 6210 invoked by uid 500); 9 Jul 2009 01:16:06 -0000 Mailing-List: contact dev-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cxf.apache.org Delivered-To: mailing list dev@cxf.apache.org Received: (qmail 6200 invoked by uid 99); 9 Jul 2009 01:16:05 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 09 Jul 2009 01:16:05 +0000 X-ASF-Spam-Status: No, hits=1.2 required=10.0 tests=SPF_NEUTRAL X-Spam-Check-By: apache.org Received-SPF: neutral (athena.apache.org: local policy) Received: from [216.40.44.46] (HELO smtprelay.hostedemail.com) (216.40.44.46) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 09 Jul 2009 01:15:54 +0000 Received: from filter.hostedemail.com (ff-bigip1 [10.5.19.254]) by smtprelay02.hostedemail.com (Postfix) with SMTP id 5CA031F5A0AB for ; Thu, 9 Jul 2009 01:15:33 +0000 (UTC) X-Spam-Summary: 2,-0.5,0,2becf2bad05b08eb,d41d8cd98f00b204,dkulp@apache.org,dev@cxf.apache.org:rahul.soa@googlemail.com,RULES_HIT:2:69:355:379:481:509:599:601:800:901:945:946:960:967:973:980:988:989:996:1021:1252:1256:1260:1277:1311:1312:1313:1314:1345:1358:1359:1431:1437:1515:1516:1518:1519:1535:1593:1594:1595:1596:1605:1608:1696:1712:1730:1747:1766:1792:2194:2198:2199:2200:2393:2525:2553:2568:2682:2685:2731:2828:2857:2859:2894:2900:2901:2910:2933:2937:2939:2942:2945:2947:2951:2954:3022:3027:3421:3865:3867:3868:3869:3870:3871:3872:3873:3874:3934:3936:3938:3941:3944:3947:3950:3953:3956:3959:4049:4119:4605:4774:5007:6119:6261:7514:7679:7903:8599:8828:8957:8985:9010:9025:9108:9388:9392:10009,0,RBL:none,CacheIP:none,Bayesian:0.5,0.5,0.5,Netcheck:none,DomainCache:0,MSF:not bulk,SPF:fu,MSBL:none,DNSBL:none,Custom_rules:0:1:0 X-Session-Marker: 64616E406B756C702E636F6D X-Filterd-Recvd-Size: 8094 Received: from server.dankulp.com (server1.dankulp.com [66.207.172.168]) (Authenticated sender: dan@kulp.com) by omf04.hostedemail.com (Postfix) with ESMTP for ; Thu, 9 Jul 2009 01:15:32 +0000 (UTC) Received: by server.dankulp.com (Postfix, from userid 5000) id 3F3E027E0001; Wed, 8 Jul 2009 21:15:31 -0400 (EDT) X-Spam-Checker-Version: SpamAssassin 3.2.1-gr1 (2007-05-02) on server.dankulp.com X-Spam-Level: X-Msg-File: /tmp/mailfilter.iFaPNuPITx Received: from dilbert.localnet (c-24-91-141-225.hsd1.ma.comcast.net [24.91.141.225]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by server.dankulp.com (Postfix) with ESMTPSA id D7C3B50707AC; Wed, 8 Jul 2009 21:15:28 -0400 (EDT) From: Daniel Kulp To: dev@cxf.apache.org Subject: Re: Security header wsse:Security is missing in Response Date: Wed, 8 Jul 2009 21:15:31 -0400 User-Agent: KMail/1.11.4 (Linux/2.6.30-gentoo-r1; KDE/4.2.4; x86_64; ; ) Cc: "rahul.soa" References: <4A54DCA8.50703@gmail.com> In-Reply-To: MIME-Version: 1.0 Content-Type: Text/Plain; charset="iso-8859-15" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200907082115.32211.dkulp@apache.org> X-Virus-Checked: Checked by ClamAV on apache.org X-Old-Spam-Status: No, score=-3.2 required=3.0 tests=ALL_TRUSTED,AWL,BAYES_00 autolearn=ham version=3.2.1-gr1 On Wed July 8 2009 5:29:16 pm rahul.soa wrote: > Thanks Mayank for the response. So that means Client should have > WSS4JOutInterceptor configured to send the secured SOAP Request and should > also be configured with WSS4JInInterceptor to receive the secured Response > from Server. And contrary applies to Server. That's right. This is partially why using the WS-SecurityPolicy stuff makes it a bit easier. You don't need to mess with interceptors as the Policy framework handles that. You just need to add a little configuration to the endpoint or client (via standard JAX-WS context property mechanisms) and the policy framework does the rest. Dan > Best Regards, > Rahul > > > So that means > > On Wed, Jul 8, 2009 at 7:51 PM, Mayank Mishra wrote: > > rahul.soa wrote: > >> Hello CXF Devs, > >> > >> I am trying to access the secured (usernameToken) webservice deployed on > >> tomcat by the java client. I intercepted the exchanged messages via > >> tcpmon, > >> which are following: > >> > >> Request: > >> ---------- > >> > >> >> xmlns:wsse=" > >> > >> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secex > >>t-1.0.xsd " > >> soap:mustUnderstand="1"> >> xmlns:wsu=" > >> > >> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utili > >>ty-1.0.xsd " > >> > >> wsu:Id="UsernameToken-1">ws-client >>assword Type=" > >> > >> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-p > >>rofile-1.0#PasswordText > >> ">password >>ader> >> /> > >> > >> > >> Response: > >> ------------- > >> > >> >> xmlns:ns2="http://order.demo/ > >> > >> ">ORD1234 >>Envelope> > >> > >> > >> Unlike the Request, response does not have the security header. I want > >> to know why **security header** (wsse:Security) is missing in the > >> response. Am > >> I missing something in the configurations? > >> > >> Can you please suggest what should I do to solve this problem? > >> > >> Here are the client and service side configurations: > >> > >> client-beans.xml > >> --------------------- > >> > >> >> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" > >> xmlns:jaxws="http://cxf.apache.org/jaxws" > >> xsi:schemaLocation=" > >> http://www.springframework.org/schema/beans > >> http://www.springframework.org/schema/beans/spring-beans-2.0.xsd > >> http://cxf.apache.org/jaxws http://cxf.apache.org/schema/jaxws.xsd"> > >> > >> >> factory-bean="clientFactory" factory-method="create"/> > >> > >> >> class="org.apache.cxf.interceptor.LoggingInInterceptor" /> > >> >> class="org.apache.cxf.interceptor.LoggingOutInterceptor" > >> /> > >> >> class="org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor" /> > >> >> class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor"> > >> > >> > >> > >> > >> > >> >> value="demo.order.client.ClientPasswordCallback" /> > >> > >> > >> > >> > >> >> class="org.apache.cxf.jaxws.JaxWsProxyFactoryBean"> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> beans.xml > >> ------------- > >> > >> >> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" > >> xmlns:jaxws="http://cxf.apache.org/jaxws" > >> xsi:schemaLocation=" > >> http://www.springframework.org/schema/beans > >> http://www.springframework.org/schema/beans/spring-beans.xsd > >> http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd"> > >> > >> > >> > >> > >> > >> >> id="orderProcess" > >> implementor="demo.order.OrderProcessImpl" > >> address="/OrderProcess"> > >> > >> > >> > >> > >> > >> > >> > >> >> value="demo.order.ServerPasswordCallback" /> > >> > >> > >> > >> > >> > >> > > > > I am unable to see ServerOut-ClientIn WSS4J Interceptor configuration. > > For each way you require to configure. > > > > With Regards, > > Mayank > > > > Many Thanks in advance. > > > >> Best Regards, > >> Rahul -- Daniel Kulp dkulp@apache.org http://www.dankulp.com/blog