Hello, I've setup a client with WS-Security but it would appear that the tokens are not being sent with the request. The stack trace looks like this:
Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: WSDoAllReceiver: Incoming message does not contain required Security header at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:176) at $Proxy32.echo(Unknown Source) When I make the same request (without the WS-Security header) through SoapUI, the server generates the following response: <soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope"> <soapenv:Body> <soapenv:Fault> <soapenv:Code> <soapenv:Value>soapenv:Receiver</soapenv:Value> </soapenv:Code> <soapenv:Reason> <soapenv:Text xml:lang="en-US">WSDoAllReceiver: Incoming message does not contain required Security header</soapenv:Text> </soapenv:Reason> <soapenv:Detail/> </soapenv:Fault> </soapenv:Body> </soapenv:Envelope> So I'm fairly sure the request is being made, without the WS-Security header. Here's my code: public TestQuery(URL url) { Query q = new Query(url); // q.getQueryHttpport generates the exception: // org.apache.cxf.BusException: No binding factory for namespace http://schemas.xmlsoap.org/wsdl/http/ registered. qPort = q.getQuerySOAP11PortHttps(); Client cxfClient = ClientProxy.getClient(qPort); cxfClient.getInInterceptors().add(new SAAJOutInterceptor()); cxfClient.getInInterceptors().add(createWSS4JOutInterceptor("jmb", "moo")); } protected WSS4JOutInterceptor createWSS4JOutInterceptor(String user, String password) { Map<String, Object> map = new HashMap<String, Object>(); map.put("action", "UsernameToken Timestamp"); map.put("user", user); map.put("passwordType", "PasswordDigest"); map.put("passwordCallbackRef", new MyPasswordCallbackHandler(user, password)); return new WSS4JOutInterceptor(map); } Any thoughts? Thanks, John Baker -- Web SSO IT Infrastructure Deutsche Bank London URL: http://websso.cto.gt.intranet.db.com --- This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and delete this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden. Please refer to http://www.db.com/en/content/eu_disclosures.htm for additional EU corporate and regulatory disclosures.