Return-Path: Delivered-To: apmail-cxf-dev-archive@www.apache.org Received: (qmail 38027 invoked from network); 8 Jul 2009 17:52:20 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 8 Jul 2009 17:52:20 -0000 Received: (qmail 73846 invoked by uid 500); 8 Jul 2009 17:52:30 -0000 Delivered-To: apmail-cxf-dev-archive@cxf.apache.org Received: (qmail 73792 invoked by uid 500); 8 Jul 2009 17:52:29 -0000 Mailing-List: contact dev-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cxf.apache.org Delivered-To: mailing list dev@cxf.apache.org Received: (qmail 73782 invoked by uid 99); 8 Jul 2009 17:52:29 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 08 Jul 2009 17:52:29 +0000 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of mayankm01@gmail.com designates 209.85.222.199 as permitted sender) Received: from [209.85.222.199] (HELO mail-pz0-f199.google.com) (209.85.222.199) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 08 Jul 2009 17:52:16 +0000 Received: by pzk37 with SMTP id 37so4892064pzk.24 for ; Wed, 08 Jul 2009 10:51:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :user-agent:mime-version:to:subject:references:in-reply-to :content-type:content-transfer-encoding; bh=XPCwOHduPANYaCzpDDJ8nvZvmT33BlaeU6foVlw5f6I=; b=wSJLlpONu+VyRcSDagN8lofHA7L57VlYuBG/NEXNuAUrCFVUN6bLptVZed7z9Dz3Rd Z7VJo630BtRKBcMFZn3L+xKUz0pP/w9oVHJjV2H21aVLAG29q7XxOg1Sd0ET8ydL5NVe cq0T7SWBJuUZAyKJvEaINenMt2anpUJd/tk3U= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; b=rd/uT7CCFAWRqjEyUb+S6mCFP4h05jdHmLHvri7FMPDGwFXJc6DuAr39Ob7tJJ2ktF 5rnW0YEXRrg/vvwyNdghC8V1s1c9pUW/A/FMbvxaWjRJDYJfCrfVXFJ2FfgRYwSgizmx 0mrLfdqWZVUt7sbkWqJLji9L7rBAmiLr6NpOw= Received: by 10.114.58.20 with SMTP id g20mr11682397waa.130.1247075514907; Wed, 08 Jul 2009 10:51:54 -0700 (PDT) Received: from ?192.168.1.2? ([122.169.174.55]) by mx.google.com with ESMTPS id l38sm15678287waf.61.2009.07.08.10.51.51 (version=TLSv1/SSLv3 cipher=RC4-MD5); Wed, 08 Jul 2009 10:51:53 -0700 (PDT) Message-ID: <4A54DCA8.50703@gmail.com> Date: Wed, 08 Jul 2009 23:21:36 +0530 From: Mayank Mishra User-Agent: Thunderbird 2.0.0.22 (Windows/20090605) MIME-Version: 1.0 To: dev@cxf.apache.org Subject: Re: Security header wsse:Security is missing in Response References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org rahul.soa wrote: > Hello CXF Devs, > > I am trying to access the secured (usernameToken) webservice deployed on > tomcat by the java client. I intercepted the exchanged messages via tcpmon, > which are following: > > Request: > ---------- > > xmlns:wsse=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" > soap:mustUnderstand="1"> xmlns:wsu=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" > wsu:Id="UsernameToken-1">ws-client Type=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password xmlns:ns2="http://order.demo/"> /> > > > Response: > ------------- > > xmlns:ns2="http://order.demo/ > ">ORD1234 > > > Unlike the Request, response does not have the security header. I want to > know why **security header** (wsse:Security) is missing in the response. Am > I missing something in the configurations? > > Can you please suggest what should I do to solve this problem? > > Here are the client and service side configurations: > > client-beans.xml > --------------------- > > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" > xmlns:jaxws="http://cxf.apache.org/jaxws" > xsi:schemaLocation=" > http://www.springframework.org/schema/beans > http://www.springframework.org/schema/beans/spring-beans-2.0.xsd > http://cxf.apache.org/jaxws http://cxf.apache.org/schema/jaxws.xsd"> > > factory-bean="clientFactory" factory-method="create"/> > > /> > /> > class="org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor" /> > class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor"> > > > > > > value="demo.order.client.ClientPasswordCallback" /> > > > > > class="org.apache.cxf.jaxws.JaxWsProxyFactoryBean"> > > > > > > > > > > > > > > > > > > > > > beans.xml > ------------- > > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" > xmlns:jaxws="http://cxf.apache.org/jaxws" > xsi:schemaLocation=" > http://www.springframework.org/schema/beans > http://www.springframework.org/schema/beans/spring-beans.xsd > http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd"> > > > > > > id="orderProcess" > implementor="demo.order.OrderProcessImpl" > address="/OrderProcess"> > > > > > > > > value="demo.order.ServerPasswordCallback" /> > > > > > > > > I am unable to see ServerOut-ClientIn WSS4J Interceptor configuration. For each way you require to configure. With Regards, Mayank > Many Thanks in advance. > > Best Regards, > Rahul > >