Hi, As I mentioned in my earlier response the namespace of the "Security" header in the sample header in your original post does not match the namespace in the WS-Security 1.0 specification :
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd Thanks, Ruchith Todd Allen wrote: > The error message was caused by the fact that the security headers in > the SOAP request did not contain a timestamp. This is not mentioned > anywhere in the rampart samples included with the distribution. > Can someone explain why the timestamp header is needed when only the > user name token is being used? > > Thanks, > T > > > Todd Allen wrote: >> I am using Axis2-1.1 and am trying to implement the user name token >> authentication. I've followed the samples but keep getting the >> following SOAP fault string: >> >> WSDoAllReceiver: Incoming message does not contain required Security >> header >> >> I'm using SOAPUI version 1.7.5 as the client and have the following >> header: >> >> <soapenv:Header> >> <wsse:Security >> xmlns:wsse="http://docs.oasisopen.org/wss/2004/01/oasis-200401-wss-wssecurity-secext1.0.xsd"; >> soapenv:mustUnderstand="1"> >> <wsse:UsernameToken> >> <wsse:Username>bob</wsse:Username> >> <wsse:Password>pword</wsse:Password> >> </wsse:UsernameToken> >> </wsse:Security> >> </soapenv:Header> >> >> My services.xml file has the following lines to engage rampart: >> >> <module ref="rampart" /> >> <parameter name="InflowSecurity"> >> <action> >> <items>UsernameToken</items> >> >> <passwordCallbackClass>com.mycompany.myservice.producer.handlers.PWCBHandler</passwordCallbackClass> >> >> </action> >> </parameter> >> >> What am I missing? >> >> Thanks, >> T >> >
signature.asc
Description: OpenPGP digital signature
