The error message was caused by the fact that the security headers in
the SOAP request did not contain a timestamp. This is not mentioned
anywhere in the rampart samples included with the distribution.
Can someone explain why the timestamp header is needed when only the
user name token is being used?
Thanks,
T
Todd Allen wrote:
I am using Axis2-1.1 and am trying to implement the user name token
authentication. I've followed the samples but keep getting the
following SOAP fault string:
WSDoAllReceiver: Incoming message does not contain required Security
header
I'm using SOAPUI version 1.7.5 as the client and have the following
header:
<soapenv:Header>
<wsse:Security
xmlns:wsse="http://docs.oasisopen.org/wss/2004/01/oasis-200401-wss-wssecurity-secext1.0.xsd";
soapenv:mustUnderstand="1">
<wsse:UsernameToken>
<wsse:Username>bob</wsse:Username>
<wsse:Password>pword</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
My services.xml file has the following lines to engage rampart:
<module ref="rampart" />
<parameter name="InflowSecurity">
<action>
<items>UsernameToken</items>
<passwordCallbackClass>com.mycompany.myservice.producer.handlers.PWCBHandler</passwordCallbackClass>
</action>
</parameter>
What am I missing?
Thanks,
T
