Well I'm making progress but am not quite ther. How do I make CXF generate a username token like this (taken from SoapUI):
<soap:Envelope xmlns:ser="http://service.ws.websso.db.com"; xmlns:soap="http://www.w3.org/2003/05/soap-envelope";> <soap:Header> <wsse:Security soap:mustUnderstand="true" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";> <wsse:UsernameToken wsu:Id="UsernameToken-24706746" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";> <wsse:Username>myemail</wsse:Username> <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText";>mypassword</wsse:Password> </wsse:UsernameToken> </wsse:Security> </soap:Header> CXF is generating a password digest and I've fiddled with the code but to no aval: map.put("action", "UsernameToken"); map.put("user", user); map.put("passwordType", "Plain"); // is Plain a valid option? I can't find the list of options? map.put("passwordCallbackRef", new MyPasswordCallbackHandler(user, password)); return new WSS4JOutInterceptor(map); Any thoughts? John Baker -- Web SSO IT Infrastructure Deutsche Bank London URL: http://websso.cto.gt.intranet.db.com "O hEigeartaigh, Colm" <[EMAIL PROTECTED]> 06/03/2008 14:10 Please respond to cxf-user@incubator.apache.org To <cxf-user@incubator.apache.org> cc Subject RE: WS-Security failing > cxfClient.getInInterceptors().add(new SAAJOutInterceptor()); > cxfClient.getInInterceptors().add(createWSS4JOutInterceptor("jmb", ^^ You're adding "out" interceptors to the "in" interceptor list. Colm. -----Original Message----- From: John-M Baker [mailto:[EMAIL PROTECTED] Sent: 06 March 2008 12:23 To: cxf-user@incubator.apache.org Subject: WS-Security failing Hello, I've setup a client with WS-Security but it would appear that the tokens are not being sent with the request. The stack trace looks like this: Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: WSDoAllReceiver: Incoming message does not contain required Security header at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:176) at $Proxy32.echo(Unknown Source) When I make the same request (without the WS-Security header) through SoapUI, the server generates the following response: <soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope";> <soapenv:Body> <soapenv:Fault> <soapenv:Code> <soapenv:Value>soapenv:Receiver</soapenv:Value> </soapenv:Code> <soapenv:Reason> <soapenv:Text xml:lang="en-US">WSDoAllReceiver: Incoming message does not contain required Security header</soapenv:Text> </soapenv:Reason> <soapenv:Detail/> </soapenv:Fault> </soapenv:Body> </soapenv:Envelope> So I'm fairly sure the request is being made, without the WS-Security header. Here's my code: public TestQuery(URL url) { Query q = new Query(url); // q.getQueryHttpport generates the exception: // org.apache.cxf.BusException: No binding factory for namespace http://schemas.xmlsoap.org/wsdl/http/ registered. qPort = q.getQuerySOAP11PortHttps(); Client cxfClient = ClientProxy.getClient(qPort); cxfClient.getInInterceptors().add(new SAAJOutInterceptor()); cxfClient.getInInterceptors().add(createWSS4JOutInterceptor("jmb", "moo")); } protected WSS4JOutInterceptor createWSS4JOutInterceptor(String user, String password) { Map<String, Object> map = new HashMap<String, Object>(); map.put("action", "UsernameToken Timestamp"); map.put("user", user); map.put("passwordType", "PasswordDigest"); map.put("passwordCallbackRef", new MyPasswordCallbackHandler(user, password)); return new WSS4JOutInterceptor(map); } Any thoughts? Thanks, John Baker -- Web SSO IT Infrastructure Deutsche Bank London URL: http://websso.cto.gt.intranet.db.com --- This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and delete this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden. Please refer to http://www.db.com/en/content/eu_disclosures.htm for additional EU corporate and regulatory disclosures. ---------------------------- IONA Technologies PLC (registered in Ireland) Registered Number: 171387 Registered Address: The IONA Building, Shelbourne Road, Dublin 4, Ireland --- This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and delete this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden. Please refer to http://www.db.com/en/content/eu_disclosures.htm for additional EU corporate and regulatory disclosures.
