I used WSS4J 1.5.1 on both client and service side to do simple plain text user name token. I can send client to server but I always got the following exception:
WSDoAllReceiver: cannot get SOAP header after security processing; nested exception is: org.xml.sax.SAXParseException: <Line 2, Column 1151>: XML-20100: (Fatal Error) Expected 'EOF'. Anyone has idea what went wong? Here is my soap client WSDD <deployment xmlns="http://xml.apache.org/axis/wsdd/" xmlns:java="http://xml.apache.org/axis/wsdd/providers/java"> <transport name="http" pivot="java:org.apache.axis.transport.http.HTTPSender "/> <globalConfiguration> <requestFlow> <handler type="java:org.apache.ws.axis.security.WSDoAllSender"> <parameter name="action" value="Timestamp UsernameToken"/> <parameter name="passwordType" value="PasswordText" /> <parameter name="user" value="xxx"/> <parameter name="passwordCallbackClass" value="test.PWCallback"/> <parameter name="mustUnderstand" value="true" /> </handler> </requestFlow> </globalConfiguration> </deployment> This is SOAP request: <?xml version="1.0" encoding="UTF-8"?> <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"xmlns:xsd ="http://www.w3.org/2001/XMLSchema" xmlns:xsi=" http://www.w3.org/2001/XMLSchema-instance"> <soapenv:Header> <wsse:Security xmlns:wsse=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd " soapenv:mustUnderstand="1"> <wsse:UsernameToken xmlns:wsu=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd " wsu:Id="UsernameToken-28142411"> <wsse:Username>ppsuser</wsse:Username> <wsse:Password Type=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText ">ppspass</wsse:Password> </wsse:UsernameToken> <wsu:Timestamp xmlns:wsu=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd " wsu:Id="Timestamp-20357537"> <wsu:Created>2007-03-20T20:07:27.389Z</wsu:Created> <wsu:Expires>2007-03-20T20:12:27.389Z</wsu:Expires> </wsu:Timestamp> </wsse:Security> </soapenv:Header> This is Server-Config.wsdd: <requestFlow> <handler type="java:org.apache.ws.axis.security.WSDoAllReceiver"> <parameter name="action"value="Timestamp UsernameToken" /> <parameter name="passwordCallbackClass" value="test.ServerPWCallback" /> </handler> </requestFlow>