Hi,
Small correction to my answer: UsernameToken is defined as complex type with
sequence containing first element Username (in
oasis-200401-wss-wssecurity-secext-1.0.xsd).
Therefore order of Username and Password elements is important. Correct sample
will be:
<wsse:Security
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
soap:mustUnderstand="1">
<wsse:UsernameToken wsu:Id="UsernameToken-2">
<wsse:Username>alice</wsse:Username>
<wsse:Password
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText";>clarinet</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
Regards,
Andrei.
> -----Original Message-----
> From: Andrei Shakirin [mailto:ashaki...@talend.com]
> Sent: Dienstag, 30. April 2013 13:11
> To: users@cxf.apache.org
> Cc: jobs.ni...@gmail.com
> Subject: RE: Problem with UsernameToken
>
> Hi,
>
> As far as I can see password type is missing in your request
> (Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-
> username-token-profile-1.0#PasswordText")
> The correct variant will look like:
>
> <wsse:Security xmlns:SOAP-
> ENV="http://schemas.xmlsoap.org/soap/envelope/";
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-
> wss-wssecurity-secext-1.0.xsd"
> SOAP-ENV:mustUnderstand="1">
> <wsse:UsernameToken>
> <wsse:Password
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-
> 200401-wss-wssecurity-secext-1.0.xsd" Type="http://docs.oasis-
> open.org/wss/2004/01/oasis-200401-wss-username-token-profile-
> 1.0#PasswordText">TestPassword</wsse:Password>
> <wsse:Username
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-
> 200401-wss-wssecurity-secext-1.0.xsd" >TestUser</wsse:Username>
> </wsse:UsernameToken>
> </wsse:Security>
>
> I would anyway recommend you to use WSS4JOutInterceptor or WS-Policy
> on the client side to create Security Token instead doing it manually in
> SOAPMessage.
>
> Regards,
> Andrei.
>
> > -----Original Message-----
> > From: Nidhi Sharma [mailto:jobs.ni...@gmail.com]
> > Sent: Montag, 29. April 2013 19:54
> > To: users@cxf.apache.org
> > Subject: Re: Problem with UsernameToken
> >
> > Hi Daniel,
> >
> > Sorry for late reply....
> >
> > POST /eskm/services/eventNotification HTTP/1.1
> > Content-Type: text/xml; charset=UTF-8
> > Accept: */*
> > SOAPAction: ""
> > User-Agent: Apache CXF 2.6.5
> > Cache-Control: no-cache
> > Pragma: no-cache
> > Host: localhost:8081
> > Connection: keep-alive
> > Content-Length: 1544
> >
> > I looged this request while creating service throught java client.
> >
> > <soap:Envelope
> >
> xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";><soap:Header>
> > <wsse:Security
> > xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/";
> > xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-
> > wssecurity-secext-1.0.xsd"
> > SOAP-
> ENV:mustUnderstand="1"><wsse:UsernameToken><wsse:Password
> > xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-
> > wssecurity-secext-
> > 1.0.xsd">TestPassword</wsse:Password><wsse:Username
> > xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-
> > wssecurity-secext-
> >
> 1.0.xsd">TestUser</wsse:Username></wsse:UsernameToken></wsse:Secu
> > rity></soap:Header><soap:Body><ns1:sendNotification
> > xmlns:ns1="http://webservice.oasys.ets.org";><EventNotificationInfo_1
> >
> xmlns:ns2="http://webservice.oasys.ets.org/types";><sourceName>IBIS</s
> > ourceName><sourceType>ITEM
> >
> BANK</sourceType><eventType>ADMIN_FINALIZED</eventType><xmlDat
> > a><questestinterop><qticomment>Event
> > Notification XML</qticomment> <context> <generic_identifier>
> > <type_label>TestProgramCode</type_label>
> > <identifier_string>GRI</identifier_string> </generic_identifier>
> > <generic_identifier> <type_label>TestSubjectCode</type_label>
> > <identifier_string>GEN</identifier_string>
> > </generic_identifier><generic_identifier>
> > <type_label>TestAdminCode</type_label>
> > <identifier_string>20100917A</identifier_string>
> > </generic_identifier></context></questestinterop></xmlData></
> > Ev
> >
> entNotificationInfo_1></ns1:sendNotification></soap:Body></soap:Envelo
> > p
> > e>
> >
> > This is the request created by java client while calling the webservice.
> >
> > And below is the response M getting from server..
> > HTTP/1.1 500 Internal Server Error
> > Server: Apache-Coyote/1.1
> > X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
> > Content-Type: text/xml;charset=UTF-8
> > Content-Length: 361
> > Date: Mon, 29 Apr 2013 17:44:30 GMT
> > Connection: close
> >
> > <soap:Envelope
> >
> xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";><soap:Body><s
> > oap:Fault><faultcode
> > xmlns:ns1="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-
> > wssecurity-secext-1.0.xsd">ns1:InvalidSecurity</faultcode><faultstring
> > >An error was discovered processing the <wsse:Security>
> > header</faultstring></soap:Fault></soap:Body></soap:Envelope>
> >
> >
> > Will appreciate your help...on server side in its not able to find
> > UsernameToken.
> >
> > Nidhi
> >
> >
> >
> >
> >
> >
> > --
> > View this message in context: http://cxf.547215.n5.nabble.com/Problem-
> > with-UsernameToken-tp5726788p5726913.html
> > Sent from the cxf-user mailing list archive at Nabble.com.
