Re: [WS-Security] JAXWS webservice client without using cxf specific apis
Hello Alessio/Dan, Many Thanks for your reply. I am stick with the cxf specific apis for now. So I have pulled the required jars in geronimo for ws-security support. I also tested the basic ws-security support (CXF/jetty) and it works. I will submit a patch soon on this. Thanks to Jarek for his constant help. Best Regards, Rahul On Fri, May 29, 2009 at 7:48 PM, Daniel Kulp dk...@apache.org wrote: I really don't think there is a way as JAX-WS doesn't specify anything related to WS-Security. That said, I would really suggest not going the WSS4JIn/OutInterceptor route and go the WS-SecurityPolicy route. Things are a LOT simpler from a coding/config standpoint then.There ARE properties that can be set on the request context for stuff needed by the security policy engine. Dan On Thu May 28 2009 7:01:24 pm rahul.soa wrote: Hello Devs, I am new for ws-security and working towards my gsoc project (aim is to enable CXF/axis2 ws-security support in Apache geronimo). I am working for CXF first and have build geronimo with CXF ws-security jar files. So I need a jaxws web service client sample to access my secure web service deployed on tomcat. I have developed a working version of client (invoking a secure web service with UserToken) using some cxf specific apis, the code is given below Is there any way if I can develop the jaxws client with ws-security support without using cxf specific apis like org.apache.cxf.endpoint.Client and org.apache.cxf.frontend.ClientProxy etc? (as I want to integrate only ws-security jars in CXF) Is there any sample code available for the same? //quote package demo.order.client; import java.net.URL; import java.util.HashMap; import java.util.Map; import javax.xml.namespace.QName; import javax.xml.ws.Service; import org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor; import org.apache.cxf.endpoint.Endpoint; import org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor; import org.apache.ws.security.WSConstants; import org.apache.ws.security.handler.WSHandlerConstants; import org.apache.cxf.endpoint.Client; import org.apache.cxf.frontend.ClientProxy; import demo.order.Order; import demo.order.OrderProcess; public class CL { public CL() { } public static void main(String args[]) throws Exception { Service service=Service.create(new URL( http://localhost:8095/orderapp/OrderProcess?wsdl;), new QName( http://order.demo/;, OrderProcessImplService)); OrderProcess hw = service.getPort(OrderProcess.class); Client client = ClientProxy.getClient(hw); Map outProps = new HashMap(); outProps.put(WSHandlerConstants.ACTION,WSHandlerConstants.USERNAME_TOKEN); outProps.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT); outProps.put(WSHandlerConstants.USER, ws-client); outProps.put(WSHandlerConstants.PW_CALLBACK_CLASS, ClientPasswordCallback.class.getName()); WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(outProps); Endpoint endPoint = client.getEndpoint(); endPoint.getOutInterceptors().add(wssOut); endPoint.getOutInterceptors().add(new SAAJOutInterceptor()); Order order = new Order(); System.out.println(hw.processOrder(order)); } } //unquote I am trying the following code but it gives me a SOAPFaultException, //quote public static void main(String args[]) throws Exception { Service service=Service.create(new URL( http://localhost:8095/orderapp/OrderProcess?wsdl;), new QName( http://order.demo/;, OrderProcessImplService)); OrderProcess hw = service.getPort(OrderProcess.class); Map outProps = new HashMap(); outProps.put(WSHandlerConstants.ACTION,WSHandlerConstants.USERNAME_TOKEN); outProps.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT); ((BindingProvider)hw).getRequestContext().put(BindingProvider.USERNAME_PROP ERTY, ws-client); ((BindingProvider)hw).getRequestContext().put(BindingProvider.PASSWORD_PROP ERTY, password); ((BindingProvider)hw).getRequestContext().put(WSHandlerConstants.ACTION,WSH andlerConstants.USERNAME_TOKEN); ((BindingProvider)hw).getRequestContext().put(WSHandlerConstants.PASSWORD_T YPE, WSConstants.PW_TEXT); Order order = new Order(); System.out.println(hw.processOrder(order)); } //unquote Exception: Exception in thread main javax.xml.ws.soap.SOAPFaultException: An error was discovered processing the wsse:Security header at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:145) at $Proxy34.processOrder(Unknown Source) at demo.order.client.CL.main(CL.java:74) Caused by: org.apache.cxf.binding.soap.SoapFault: An error was discovered processing the wsse:Security header at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.unmarshalF ault(Soap11FaultInInterceptor.java:75) at
Re: [WS-Security] JAXWS webservice client without using cxf specific apis
I really don't think there is a way as JAX-WS doesn't specify anything related to WS-Security. That said, I would really suggest not going the WSS4JIn/OutInterceptor route and go the WS-SecurityPolicy route. Things are a LOT simpler from a coding/config standpoint then.There ARE properties that can be set on the request context for stuff needed by the security policy engine. Dan On Thu May 28 2009 7:01:24 pm rahul.soa wrote: Hello Devs, I am new for ws-security and working towards my gsoc project (aim is to enable CXF/axis2 ws-security support in Apache geronimo). I am working for CXF first and have build geronimo with CXF ws-security jar files. So I need a jaxws web service client sample to access my secure web service deployed on tomcat. I have developed a working version of client (invoking a secure web service with UserToken) using some cxf specific apis, the code is given below Is there any way if I can develop the jaxws client with ws-security support without using cxf specific apis like org.apache.cxf.endpoint.Client and org.apache.cxf.frontend.ClientProxy etc? (as I want to integrate only ws-security jars in CXF) Is there any sample code available for the same? //quote package demo.order.client; import java.net.URL; import java.util.HashMap; import java.util.Map; import javax.xml.namespace.QName; import javax.xml.ws.Service; import org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor; import org.apache.cxf.endpoint.Endpoint; import org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor; import org.apache.ws.security.WSConstants; import org.apache.ws.security.handler.WSHandlerConstants; import org.apache.cxf.endpoint.Client; import org.apache.cxf.frontend.ClientProxy; import demo.order.Order; import demo.order.OrderProcess; public class CL { public CL() { } public static void main(String args[]) throws Exception { Service service=Service.create(new URL( http://localhost:8095/orderapp/OrderProcess?wsdl;), new QName( http://order.demo/;, OrderProcessImplService)); OrderProcess hw = service.getPort(OrderProcess.class); Client client = ClientProxy.getClient(hw); Map outProps = new HashMap(); outProps.put(WSHandlerConstants.ACTION,WSHandlerConstants.USERNAME_TOKEN); outProps.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT); outProps.put(WSHandlerConstants.USER, ws-client); outProps.put(WSHandlerConstants.PW_CALLBACK_CLASS, ClientPasswordCallback.class.getName()); WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(outProps); Endpoint endPoint = client.getEndpoint(); endPoint.getOutInterceptors().add(wssOut); endPoint.getOutInterceptors().add(new SAAJOutInterceptor()); Order order = new Order(); System.out.println(hw.processOrder(order)); } } //unquote I am trying the following code but it gives me a SOAPFaultException, //quote public static void main(String args[]) throws Exception { Service service=Service.create(new URL( http://localhost:8095/orderapp/OrderProcess?wsdl;), new QName( http://order.demo/;, OrderProcessImplService)); OrderProcess hw = service.getPort(OrderProcess.class); Map outProps = new HashMap(); outProps.put(WSHandlerConstants.ACTION,WSHandlerConstants.USERNAME_TOKEN); outProps.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT); ((BindingProvider)hw).getRequestContext().put(BindingProvider.USERNAME_PROP ERTY, ws-client); ((BindingProvider)hw).getRequestContext().put(BindingProvider.PASSWORD_PROP ERTY, password); ((BindingProvider)hw).getRequestContext().put(WSHandlerConstants.ACTION,WSH andlerConstants.USERNAME_TOKEN); ((BindingProvider)hw).getRequestContext().put(WSHandlerConstants.PASSWORD_T YPE, WSConstants.PW_TEXT); Order order = new Order(); System.out.println(hw.processOrder(order)); } //unquote Exception: Exception in thread main javax.xml.ws.soap.SOAPFaultException: An error was discovered processing the wsse:Security header at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:145) at $Proxy34.processOrder(Unknown Source) at demo.order.client.CL.main(CL.java:74) Caused by: org.apache.cxf.binding.soap.SoapFault: An error was discovered processing the wsse:Security header at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.unmarshalF ault(Soap11FaultInInterceptor.java:75) at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMess age(Soap11FaultInInterceptor.java:46) at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMess age(Soap11FaultInInterceptor.java:35) at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChai n.java:226) at org.apache.cxf.interceptor.AbstractFaultChainInitiatorObserver.onMessage(Ab stractFaultChainInitiatorObserver.java:96) at org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage (CheckFaultInterceptor.java:69) at
[WS-Security] JAXWS webservice client without using cxf specific apis
Hello Devs, I am new for ws-security and working towards my gsoc project (aim is to enable CXF/axis2 ws-security support in Apache geronimo). I am working for CXF first and have build geronimo with CXF ws-security jar files. So I need a jaxws web service client sample to access my secure web service deployed on tomcat. I have developed a working version of client (invoking a secure web service with UserToken) using some cxf specific apis, the code is given below Is there any way if I can develop the jaxws client with ws-security support without using cxf specific apis like org.apache.cxf.endpoint.Client and org.apache.cxf.frontend.ClientProxy etc? (as I want to integrate only ws-security jars in CXF) Is there any sample code available for the same? //quote package demo.order.client; import java.net.URL; import java.util.HashMap; import java.util.Map; import javax.xml.namespace.QName; import javax.xml.ws.Service; import org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor; import org.apache.cxf.endpoint.Endpoint; import org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor; import org.apache.ws.security.WSConstants; import org.apache.ws.security.handler.WSHandlerConstants; import org.apache.cxf.endpoint.Client; import org.apache.cxf.frontend.ClientProxy; import demo.order.Order; import demo.order.OrderProcess; public class CL { public CL() { } public static void main(String args[]) throws Exception { Service service=Service.create(new URL( http://localhost:8095/orderapp/OrderProcess?wsdl;), new QName( http://order.demo/;, OrderProcessImplService)); OrderProcess hw = service.getPort(OrderProcess.class); Client client = ClientProxy.getClient(hw); Map outProps = new HashMap(); outProps.put(WSHandlerConstants.ACTION,WSHandlerConstants.USERNAME_TOKEN); outProps.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT); outProps.put(WSHandlerConstants.USER, ws-client); outProps.put(WSHandlerConstants.PW_CALLBACK_CLASS, ClientPasswordCallback.class.getName()); WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(outProps); Endpoint endPoint = client.getEndpoint(); endPoint.getOutInterceptors().add(wssOut); endPoint.getOutInterceptors().add(new SAAJOutInterceptor()); Order order = new Order(); System.out.println(hw.processOrder(order)); } } //unquote I am trying the following code but it gives me a SOAPFaultException, //quote public static void main(String args[]) throws Exception { Service service=Service.create(new URL( http://localhost:8095/orderapp/OrderProcess?wsdl;), new QName( http://order.demo/;, OrderProcessImplService)); OrderProcess hw = service.getPort(OrderProcess.class); Map outProps = new HashMap(); outProps.put(WSHandlerConstants.ACTION,WSHandlerConstants.USERNAME_TOKEN); outProps.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT); ((BindingProvider)hw).getRequestContext().put(BindingProvider.USERNAME_PROPERTY, ws-client); ((BindingProvider)hw).getRequestContext().put(BindingProvider.PASSWORD_PROPERTY, password); ((BindingProvider)hw).getRequestContext().put(WSHandlerConstants.ACTION,WSHandlerConstants.USERNAME_TOKEN); ((BindingProvider)hw).getRequestContext().put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT); Order order = new Order(); System.out.println(hw.processOrder(order)); } //unquote Exception: Exception in thread main javax.xml.ws.soap.SOAPFaultException: An error was discovered processing the wsse:Security header at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:145) at $Proxy34.processOrder(Unknown Source) at demo.order.client.CL.main(CL.java:74) Caused by: org.apache.cxf.binding.soap.SoapFault: An error was discovered processing the wsse:Security header at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.unmarshalFault(Soap11FaultInInterceptor.java:75) at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:46) at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:35) at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:226) at org.apache.cxf.interceptor.AbstractFaultChainInitiatorObserver.onMessage(AbstractFaultChainInitiatorObserver.java:96) at org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:69) at org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:34) at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:226) at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:641) at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:2131) at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:2010) at