AW: setting username/password in soap header programmatically
Hi,
to set the username and password for the username token programmatically I used
the following:
sc.getOptions().setProperty(WSHandlerConstants.USER, "username");
OutflowSecurityCallbackHandler cbh = new OutflowSecurityCallbackHandler();
sc.getOptions().setProperty(WSHandlerConstants.PW_CALLBACK_REF, cbh);
Or
sc.getOptions().setProperty(WSHandlerConstants.PW_CALLBACK_CLASS, "classname of
callback handler");
In you callback handler implementation you need to set the matching password
for the username.
In my axis2.xml for the client I have the OutflowSecurity parameter as follows:
UsernameToken
PasswordText
That should do it.
BR,
Leander
> -Ursprüngliche Nachricht-
> Von: brianfm [mailto:bfmur...@gmail.com]
> Gesendet: Montag, 26. Januar 2009 19:30
> An: axis-user@ws.apache.org
> Betreff: Re: setting username/password in soap header programmatically
>
>
> Hi,
>
> thanks for your reply.
> I think I should be more specific about my question.
> I have added the usernametoken to the policy in the services.xml:
>
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
>
>
>
>
>
> This works fine.
> My problem is how to insert the usernametoken into the soap header
> programmatically in the client. Here is my current attempt:
>
> SecureServiceStub stub = new
> SecureServiceStub(ctx,"http://localhost:8079/axis2/services/SecureServi
> ce");
> ServiceClient sc = stub._getServiceClient();
> sc.engageModule("rampart");
> sc.getOptions().setUserName("brian");
> sc.getOptions().setPassword("brianPasswords");
> --- rest of boiler plate code to set up encryption which works fine
>
>
> When i run this client i get the following exception:
> xception in thread "main" org.apache.axis2.AxisFault: UsernameToken
> missing
> in request
> at
> org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.jav
> a:512)
>
> So which api calls do i need to make to insert the token into the
> header?
>
> thanks again,
>
> Brian
>
> brianfm wrote:
> >
> > Hi,
> >
> > My application requires that I programmatically set a username and
> > password into the ws-security standard locations in the soap header.
> Note
> > that I do not want to configure Rampart athentication because
> > authentication logic will be fully proprietery in the server.
> > I intend to just retrieve the usename/password from soap header
> > programmtically from server and then authenticate.
> >
> > thanks,
> >
> > Brian
> >
>
> --
> View this message in context: http://www.nabble.com/setting-username-
> password-in-soap-header-programmatically-tp21641020p21670839.html
> Sent from the Axis - User mailing list archive at Nabble.com.
VVA Networks GmbH
Mario-Leander Reimer
Dipl.-Inf. (FH)
Teamleitung Publishing Solutions
---
VVA Networks GmbH
: medien mit zukunft
Geisenhausenerstraße 15-17
81379 München
Deutschland
---
Fon:+49 89 2000375-610
Fax:+49 89 2000375-699
Mobil: +49 173 5883541
---
leander.rei...@vva-networks.de
www.vva-networks.de
---
HRB 33884 Düsseldorf
Geschäftsführer Rolf Christian Kassel
---
Ein Unternehmen der VVA Kommunikation
http://www.vva.de
---
omnisuite® - integrate. automate. communicate.
http://www.omnisuite.de
---
Diese Nachricht (inklusive aller Anhänge) ist vertraulich. Sie darf
ausschließlich durch den vorgesehenen Empfänger und Adressaten gelesen,
kopiert oder genutzt werden. Sollten Sie diese Nachricht versehentlich
erhalten haben, bitten wir, den Absender (durch Antwort-E-Mail) hiervon
unverzüglich zu informieren und die Nachricht zu löschen. Jede unerlaubte
Nutzung oder Weitergabe des Inhalts dieser Nachricht, sei es vollständig
oder teilweise, ist unzulässig.
This message (including any attachments) is confidential and may be
privileged. It may be read, copied and used only by the intended recipient.
If you have received it in error please contact the sender (by return
E-Mail) immediately and delete this message. Any unauthorised use or
dissemination of this message in whole or in part is strictly prohibited.
AW: setting username/password in soap header programmatically
Hi Brain,
I just realized that you are using Axis1. Sorry for the misunderstanding.
The code you had sent will was for Axis2, I have this working under Axis2 1.4.1
with Rampart 1.4.
Unfortunately I have no experience with Axis1 so I can't help you any further.
Regards,
Leander
> -Ursprüngliche Nachricht-
> Von: brianfm [mailto:bfmur...@gmail.com]
> Gesendet: Dienstag, 27. Januar 2009 18:18
> An: axis-user@ws.apache.org
> Betreff: Re: setting username/password in soap header programmatically
>
>
> Hi,
>
> thanks to everyone again who has replied.
> I would prefer not to add custom headers to the soap message, i want to
> use
> the ws-security usernametoken.
> Thanks Leander for your response, but that approach did not work.
> In the wss4j documentation, is the following code snippit.
> Unfortunately, it is not clear on which object the _setPropery in on -
> its
> is not on any generation code from wsdl2java or in the apit:
>
> PingServiceLocator service = new PingServiceLocator();
> ...
> PingPort port = (PingPort) service.getPing1();
> port._setProperty(UsernameToken.PASSWORD_TYPE,
> WSConstants.PASSWORD_TEXT);
> port._setProperty(WSHandlerConstants.USER, "werner");
>
> This is from the package description of org.apache.ws.axis.security.
>
> I had success with the following approach , but all these classes are
> deprecated, and no alternative is suggested in the api.
>
> OutflowConfiguration outflowConfig = new
> OutflowConfiguration();
>
>
> outflowConfig.setActionItems("UsernameToken");
>
>
> outflowConfig.setUser("bob");
>
>
> outflowConfig.setPasswordCallbackClass("test1.security.PWCBClientHandle
> r");
>
>
> axisstub._getServiceClient().getOptions().setProperty(WSSHandlerConstan
> ts.OUTFLOW_SECURITY,
>
>
> outflowConfig.getProperty());
>
> I am trying to attempt something basic here, unfortunately the api doc
> is
> quite poor.
> Any ideas?
>
> Brian
>
> brianfm wrote:
> >
> > Hi,
> >
> > My application requires that I programmatically set a username and
> > password into the ws-security standard locations in the soap header.
> Note
> > that I do not want to configure Rampart athentication because
> > authentication logic will be fully proprietery in the server.
> > I intend to just retrieve the usename/password from soap header
> > programmtically from server and then authenticate.
> >
> > thanks,
> >
> > Brian
> >
>
> --
> View this message in context: http://www.nabble.com/setting-username-
> password-in-soap-header-programmatically-tp21641020p21689872.html
> Sent from the Axis - User mailing list archive at Nabble.com.
VVA Networks GmbH
Mario-Leander Reimer
Dipl.-Inf. (FH)
Teamleitung Publishing Solutions
---
VVA Networks GmbH
: medien mit zukunft
Geisenhausenerstraße 15-17
81379 München
Deutschland
---
Fon:+49 89 2000375-610
Fax:+49 89 2000375-699
Mobil: +49 173 5883541
---
leander.rei...@vva-networks.de
www.vva-networks.de
---
HRB 33884 Düsseldorf
Geschäftsführer Rolf Christian Kassel
---
Ein Unternehmen der VVA Kommunikation
http://www.vva.de
---
omnisuite® - integrate. automate. communicate.
http://www.omnisuite.de
---
Diese Nachricht (inklusive aller Anhänge) ist vertraulich. Sie darf
ausschließlich durch den vorgesehenen Empfänger und Adressaten gelesen,
kopiert oder genutzt werden. Sollten Sie diese Nachricht versehentlich
erhalten haben, bitten wir, den Absender (durch Antwort-E-Mail) hiervon
unverzüglich zu informieren und die Nachricht zu löschen. Jede unerlaubte
Nutzung oder Weitergabe des Inhalts dieser Nachricht, sei es vollständig
oder teilweise, ist unzulässig.
This message (including any attachments) is confidential and may be
privileged. It may be read, copied and used only by the intended recipient.
If you have received it in error please contact the sender (by return
E-Mail) immediately and delete this message. Any unauthorised use or
dissemination of this message in whole or in part is strictly prohibited.
Re: AW: setting username/password in soap header programmatically
Hi,
thanks agagin for your reply. I am using Axis2 (with Rampart 1.4) and not
Axis 1.
I am generating a stub for my client using wsdl2java. I just noticed from
your reply you say to use axis2.xml for the client, where would I insert
this. I have searched the web extensively, there does not seem to be any way
of the client inserting a handler programmatically,
thanks,
Brian
Mario-Leander Reimer wrote:
>
> Hi Brain,
>
> I just realized that you are using Axis1. Sorry for the misunderstanding.
>
> The code you had sent will was for Axis2, I have this working under Axis2
> 1.4.1 with Rampart 1.4.
>
> Unfortunately I have no experience with Axis1 so I can't help you any
> further.
>
> Regards,
> Leander
>
>
>
>> -Ursprüngliche Nachricht-
>> Von: brianfm [mailto:bfmur...@gmail.com]
>> Gesendet: Dienstag, 27. Januar 2009 18:18
>> An: axis-user@ws.apache.org
>> Betreff: Re: setting username/password in soap header programmatically
>>
>>
>> Hi,
>>
>> thanks to everyone again who has replied.
>> I would prefer not to add custom headers to the soap message, i want to
>> use
>> the ws-security usernametoken.
>> Thanks Leander for your response, but that approach did not work.
>> In the wss4j documentation, is the following code snippit.
>> Unfortunately, it is not clear on which object the _setPropery in on -
>> its
>> is not on any generation code from wsdl2java or in the apit:
>>
>> PingServiceLocator service = new PingServiceLocator();
>> ...
>> PingPort port = (PingPort) service.getPing1();
>> port._setProperty(UsernameToken.PASSWORD_TYPE,
>> WSConstants.PASSWORD_TEXT);
>> port._setProperty(WSHandlerConstants.USER, "werner");
>>
>> This is from the package description of org.apache.ws.axis.security.
>>
>> I had success with the following approach , but all these classes are
>> deprecated, and no alternative is suggested in the api.
>>
>> OutflowConfiguration outflowConfig = new
>> OutflowConfiguration();
>>
>>
>> outflowConfig.setActionItems("UsernameToken");
>>
>>
>> outflowConfig.setUser("bob");
>>
>>
>> outflowConfig.setPasswordCallbackClass("test1.security.PWCBClientHandle
>> r");
>>
>>
>> axisstub._getServiceClient().getOptions().setProperty(WSSHandlerConstan
>> ts.OUTFLOW_SECURITY,
>>
>>
>> outflowConfig.getProperty());
>>
>> I am trying to attempt something basic here, unfortunately the api doc
>> is
>> quite poor.
>> Any ideas?
>>
>> Brian
>>
>> brianfm wrote:
>> >
>> > Hi,
>> >
>> > My application requires that I programmatically set a username and
>> > password into the ws-security standard locations in the soap header.
>> Note
>> > that I do not want to configure Rampart athentication because
>> > authentication logic will be fully proprietery in the server.
>> > I intend to just retrieve the usename/password from soap header
>> > programmtically from server and then authenticate.
>> >
>> > thanks,
>> >
>> > Brian
>> >
>>
>> --
>> View this message in context: http://www.nabble.com/setting-username-
>> password-in-soap-header-programmatically-tp21641020p21689872.html
>> Sent from the Axis - User mailing list archive at Nabble.com.
>
>
> VVA Networks GmbH
>
> Mario-Leander Reimer
> Dipl.-Inf. (FH)
> Teamleitung Publishing Solutions
> ---
> VVA Networks GmbH
> : medien mit zukunft
> Geisenhausenerstraße 15-17
> 81379 München
> Deutschland
> ---
> Fon:+49 89 2000375-610
> Fax:+49 89 2000375-699
> Mobil: +49 173 5883541
> ---
> leander.rei...@vva-networks.de
> www.vva-networks.de
>
> ---
> HRB 33884 Düsseldorf
> Geschäftsführer Rolf Christian Kassel
> ---
> Ein Unternehmen der VVA Kommunikation
> http://www.vva.de
> ---
> omnisuite® - integrate. automate. communicate.
> http://www.omnisuite.de
> ---
>
> Diese Nachricht (inklusive aller Anhänge) ist vertraulich. Sie darf
> ausschließlich durch den vorgesehenen Empfänger und Adressaten gelesen,
> kopiert oder genutzt werden. Sollten Sie diese Nachricht versehentlich
> erhalten haben, bitten wir, den Absender (durch Antwort-E-Mail) hiervon
> unverzüglich zu informieren und die Nachricht zu löschen. Jede unerlaubte
> Nutzung oder Weitergabe des Inhalts dieser Nachricht, sei es vollständig
> oder teilweise, ist unzulässig.
>
> This message (including any attachments) is confidential and may be
> privileged. It may be read, copied and used only by the intended
> recipient.
> If you have received it in error please contact the sender (by return
> E-Mail) immediately and delete this message. Any unauthorised use or
> dissemination of
AW: AW: setting username/password in soap header programmatically
Hi,
then your example with the PingServiceLocator and the PingPort classes confused
me.
I also use wsdl2java (well the Maven plugin with wsdl2code goal), and I end up
with a couple of classes and interfaces.
For the client code I use the generated class that ends in Stub, so I would
expect something like PingServiceStub that extends from
org.apache.axis2.client.Stub and implements PingService
Maybe the names are a little different.
Then construct a org.apache.axis2.context.ConfigurationContext instance using
ConfigurationContext context = ConfigurationContextFactory
.createConfigurationContextFromFileSystem(this.axis2repo,
this.axis2xml);
The parameters are the location of the axis2repo (where your modules are) and
the axis2xml parameter sets the location of the "client" axis2.xml (well, I
just use a customized axis2.xml for my client). The most important changes for
my service and client are
UsernameToken
PasswordText
Nonce Created
Then construct the service stub with the context
this.serviceStub = new PingServiceStub(context, "enter service URL here");
Then get the service options
org.apache.axis2.client.Options options = this.serviceStub
._getServiceClient().getOptions();
And set the security options programmatically as previously posted, e.g.
options.setProperty(WSHandlerConstants.USER, this.user);
OutflowSecurityCallbackHandler cbh = new OutflowSecurityCallbackHandler();
options.setProperty(WSHandlerConstants.PW_CALLBACK_REF, cbh);
That should do it. Obviously your service also needs to have the proper Rampart
and InflowSecurity parameter configuration in its service.xml or the server
side axis2.xml.
BR,
Leander
> -Ursprüngliche Nachricht-
> Von: brianfm [mailto:bfmur...@gmail.com]
> Gesendet: Mittwoch, 28. Januar 2009 10:26
> An: axis-user@ws.apache.org
> Betreff: Re: AW: setting username/password in soap header
> programmatically
>
>
> Hi,
>
> thanks agagin for your reply. I am using Axis2 (with Rampart 1.4) and
> not
> Axis 1.
> I am generating a stub for my client using wsdl2java. I just noticed
> from
> your reply you say to use axis2.xml for the client, where would I
> insert
> this. I have searched the web extensively, there does not seem to be
> any way
> of the client inserting a handler programmatically,
>
> thanks,
>
> Brian
>
> Mario-Leander Reimer wrote:
> >
> > Hi Brain,
> >
> > I just realized that you are using Axis1. Sorry for the
> misunderstanding.
> >
> > The code you had sent will was for Axis2, I have this working under
> Axis2
> > 1.4.1 with Rampart 1.4.
> >
> > Unfortunately I have no experience with Axis1 so I can't help you any
> > further.
> >
> > Regards,
> > Leander
> >
> >
> >
> >> -Ursprüngliche Nachricht-
> >> Von: brianfm [mailto:bfmur...@gmail.com]
> >> Gesendet: Dienstag, 27. Januar 2009 18:18
> >> An: axis-user@ws.apache.org
> >> Betreff: Re: setting username/password in soap header
> programmatically
> >>
> >>
> >> Hi,
> >>
> >> thanks to everyone again who has replied.
> >> I would prefer not to add custom headers to the soap message, i want
> to
> >> use
> >> the ws-security usernametoken.
> >> Thanks Leander for your response, but that approach did not work.
> >> In the wss4j documentation, is the following code snippit.
> >> Unfortunately, it is not clear on which object the _setPropery in on
> -
> >> its
> >> is not on any generation code from wsdl2java or in the apit:
> >>
> >> PingServiceLocator service = new PingServiceLocator();
> >> ...
> >> PingPort port = (PingPort) service.getPing1();
> >> port._setProperty(UsernameToken.PASSWORD_TYPE,
> >> WSConstants.PASSWORD_TEXT);
> >> port._setProperty(WSHandlerConstants.USER, "werner");
> >>
> >> This is from the package description of org.apache.ws.axis.security.
> >>
> >> I had success with the following approach , but all these classes
> are
> >> deprecated, and no alternative is suggested in the api.
> >>
> >> OutflowConfiguration outflowConfig = new
> >> OutflowConfiguration();
> >>
> >>
> >> outflowConfig.setActionItems("UsernameToken");
> >>
> >>
> >> outflowConfig.setUser("bob");
> >>
> >>
> >>
> outflowConfig.setPasswordCallbackClass("test1.security.PWCBClient
