The configuration looks ok, but it looks like there is no security policy, and hence no security header is added to the request? There needs to be either a security policy specified in the WSDL, or alternatively you can reference one in your jaxws:client configuration. If you need UsernameToken I suggest looking at one of the policies in the tests here:
http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/ut/DoubleItUt.wsdl?view=markup Or for SAML: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/saml/DoubleItSaml.wsdl?view=markup Colm. On Wed, Oct 2, 2013 at 12:27 PM, Thomas Manson <[email protected]>wrote: > I forgot to include the webservice2.xml file : > > > > <?xml version="1.0" encoding="UTF-8"?> > <beans xmlns="http://www.springframework.org/schema/beans"; > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; > xmlns:jaxws="http://cxf.apache.org/jaxws"; > > xmlns:cxf="http://cxf.apache.org/core"; > xmlns:p="http://cxf.apache.org/policy"; > > xsi:schemaLocation=" > http://www.springframework.org/schema/beans > http://www.springframework.org/schema/beans/spring-beans-2.0.xsd > http://cxf.apache.org/jaxws > http://cxf.apache.org/schemas/jaxws.xsd > http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd > "> > > > > <cxf:bus> > <cxf:features> > <p:policies/> > <cxf:logging/> > </cxf:features> > </cxf:bus> > > > <jaxws:client > id="WorkListServiceProxyFactory" > name="{http://services.brm.n2.tibco.com}WorkListService_EP"; > serviceClass="com.tibco.n2.brm.services.WorkListService" > address="http://192.168.2.212:8080/amxbpm/WorkListService";> > > <jaxws:properties> > <entry key="ws-security.callback-handler" > > > value="com.mansonthomas.amxbpm.customwebapp.services.amxbpm.security.PasswordCallbackHandler" > /> > </jaxws:properties> > </jaxws:client> > > </beans> > > > On Wed, Oct 2, 2013 at 12:37 PM, Thomas Manson <[email protected] > > wrote: > >> Hi Colm, >> >> I can't make it work while I'm exactly in the configuration you're >> suggesting (and that is in the example you gave me) and I don't get what I >> miss : >> >> So in my spring bean, I initialize as suggested the WebService : >> >> >> >> ################################################################################### >> public WorkListServiceImpl2( ContextService contextService) throws >> Exception >> { >> this.contextService = contextService; >> >> SpringBusFactory bf = new SpringBusFactory(); >> URL busFile = >> this.contextService.getResource("/WEB-INF/spring/webservices2.xml"); >> >> Bus bus = bf.createBus(busFile.toString()); >> SpringBusFactory.setDefaultBus(bus); >> SpringBusFactory.setThreadDefaultBus(bus); >> >> URL wsdl = this.contextService.getResource("/wsdl/brm.wsdl"); >> >> Service service = Service.create(wsdl, new QName(" >> http://services.brm.n2.tibco.com","WorkListService";)); >> QName portQName = new QName("http://services.brm.n2.tibco.com";, >> "WorkListService_EP"); >> >> this.workListService = service.getPort(portQName, >> WorkListService.class); >> >> } >> >> ################################################################################### >> >> I use afterPropertySet() of Spring to call the webservice right after >> Spring init. >> >> >> ################################################################################### >> public List<WorkItemFwk> getWorkListItems(String username, >> WorkListItemQuery workListItemQuery) >> { >> //... init this object : getWorkListItems >> try >> { >> >> ((BindingProvider)this.workListService).getRequestContext().put("thread.local.request.context", >> "true"); >> >> ((BindingProvider)this.workListService).getRequestContext().put(SecurityConstants.USERNAME, >> username); >> >> getWorkListItemsResponse = >> this.workListService.getWorkListItems(getWorkListItems); >> } >> catch(Exception e) >> { >> logger.error("Error while getting worklistItems for >> "+workListItemQuery.toString(),e); >> } >> >> ################################################################################### >> >> And yet there's no SOAP header set in the request: >> >> >> oct. 02, 2013 12:28:11 PM >> org.apache.cxf.services.WorkListService.WorkListService_EP.WorkListService >> INFO: Outbound Message >> --------------------------- >> ID: 1 >> Address: http://192.168.2.212:8080/amxbpm/WorkListService >> Encoding: UTF-8 >> Http-Method: POST >> Content-Type: text/xml >> Headers: {Accept=[*/*], SOAPAction=["getWorkListItems"]} >> Payload: <soap:Envelope xmlns:soap=" >> http://schemas.xmlsoap.org/soap/envelope/";><soap:Body><ns2:getWorkListItems >> xmlns:ns2="http://api.brm.n2.tibco.com"; xmlns:ns3=" >> http://exception.api.brm.n2.tibco.com"; xmlns:ns4=" >> http://exception.api.common.n2.tibco.com"; xmlns:ns5=" >> http://www.tibco.com/XPD/ScriptDescriptor/"; xmlns:ns6=" >> http://exception.api.de.n2.tibco.com"; startPosition="0" >> numberOfItems="10" getTotalCount="true"><entityID entity-type="RESOURCE" >> guid="tibco-admin" >> model-version="-1"/><orderFilterCriteria/></ns2:getWorkListItems></soap:Body></soap:Envelope> >> -------------------------------------- >> >> So I get the following expection : >> >> javax.xml.ws.soap.SOAPFaultException: Authentication Failed. >> AuthNSAML20Principal set in Subject is null or empty. >> >> >> oct. 02, 2013 12:28:11 PM >> org.apache.cxf.services.WorkListService.WorkListService_EP.WorkListService >> INFO: Inbound Message >> ---------------------------- >> ID: 1 >> Response-Code: 500 >> Encoding: UTF-8 >> Content-Type: text/xml; charset=utf-8 >> Headers: {Content-Length=[605], content-type=[text/xml; charset=utf-8], >> Date=[Wed, 02 Oct 2013 10:27:43 GMT], Expires=[Thu, 01 Jan 1970 00:00:00 >> GMT], >> Set-Cookie=[JSESSIONID=1houdu4luwh4caof40jy2d8x6;Path=/amxbpm;HttpOnly]} >> Payload: <?xml version="1.0" encoding="UTF-8"?> >> <SOAP-ENV:Envelope xmlns:SOAP-ENV=" >> http://schemas.xmlsoap.org/soap/envelope/";><SOAP-ENV:Body><SOAP-ENV:Fault><faultcode>SOAP-ENV:Server</faultcode><faultstring>Authentication >> Failed. AuthNSAML20Principal set in Subject is null or >> empty.</faultstring><faultactor>DefaultRole</faultactor><detail><tibco:myFaultDetail >> xmlns:tibco="http://tibcouri/";>com.tibco.amf.spline.api.context.SplineMessagingException: >> Authentication Failed. AuthNSAML20Principal set in Subject is null or empty. >> >> </tibco:myFaultDetail></detail></SOAP-ENV:Fault></SOAP-ENV:Body></SOAP-ENV:Envelope> >> -------------------------------------- >> >> >> >> >> Any idea before I jump through the window ? ;) >> >> Thanks, >> Thomas. >> >> >> >> >> On Thu, Sep 26, 2013 at 4:36 PM, Thomas Manson < >> [email protected]> wrote: >> >>> Hi Colm, >>> >>> I know I'm probably exasperating you with my dumb questions, but I >>> really need help... >>> >>> >>> So reading the FAQ, I understand that we're thread safe if we use : >>> >>> ((BindingProvider)proxy).getRequestContext().put( >>> "thread.local.request.context", "true"); >>> >>> before calling >>> >>> ((BindingProvider)*this*.workListService >>> ).getRequestContext().put(SecurityConstants.*USERNAME*, "Alice"); >>> >>> Right ? >>> >>> >>> With the JaxWSClient, I've tried to use >>> >>> >>> ((BindingProvider)utPort).getRequestContext().put(SecurityConstants.USERNAME, >>> "Alice"); >>> >>> and it didn't had any effect... (I was making subsequent call, and >>> changing the username) >>> >>> The web service response was the same for the two user, while one should >>> have replied an empty response. >>> >>> * try >>> * { >>> ((BindingProvider)*this*.workListService >>> ).getRequestContext().put(SecurityConstants.*USERNAME*, username); >>> getWorkListItemsResponse = *this*.workListService >>> .getWorkListItems(getWorkListItems); >>> } >>> *catch*(Exception e) >>> { >>> *logger*.error("Error while getting worklistItems for " >>> +workListItemQuery.toString()); >>> } >>> >>> Did I miss somehting ? >>> >>> >>> >>> One other thing I did understand in the meantime, is that, by using >>> >>> JaxWsProxyFactoryBean factory = new JaxWsProxyFactoryBean(); >>> factory.setServiceClass(WorkListService.class); >>> factory.setAddress(this.endpoint); >>> // >>> factory.setWsdlLocation("D:/ARTIC/SOURCE/artic/trunk/webapp/src/main/webapp/WSDL/brm.wsdl"); >>> factory.setServiceName(new QName("http://services.brm.n2.tibco.com";, >>> "WorkListService")); >>> >>> Or >>> >>> SpringBusFactory bf = new SpringBusFactory(); >>> URL busFile = WorkListServiceImpl2.class.getResource("client.xml"); >>> >>> Bus bus = bf.createBus(busFile.toString()); >>> SpringBusFactory.setDefaultBus(bus); >>> SpringBusFactory.setThreadDefaultBus(bus); >>> >>> URL wsdl = WorkListServiceImpl2.class.getResource( >>> "/Users/tmanson/Dropbox/crf/AMXBPM-2.1-WS-Client/src/main/resources/brm.wsdl" >>> ); >>> Service service = Service.create(wsdl, new QName(" >>> http://api.brm.n2.tibco.com";, "WorkListService")); >>> QName portQName = new QName("http://services.brm.n2.tibco.com";, >>> "WorkListService_EP"); >>> this.workListService = >>> service.getPort(portQName, WorkListService.class); >>> >>> etc... >>> >>> we ask CXF to generate on the fly the WS Client, is it correct? >>> >>> >>> Now I've already generated a client (with CXF/Ant), which I want to >>> invoke instead with this code : >>> >>> WorkListService_Service proxy = *new* WorkListService_Service(*new* URL( >>> "http://localhost:8080/amxbpm-web/wsdl/brm.wsdl";), >>> *new* QName("http://services.brm.n2.tibco.com","WorkListService"; >>> )); >>> *this*.workListService = proxy.getPort( *new* QName(" >>> http://services.brm.n2.tibco.com";, "WorkListService_EP"), >>> WorkListService.*class*); >>> >>> I wonder how it can be used in conjonction with this code, and How >>> should I handle the authentication part...: >>> >>> SpringBusFactory bf = *new* SpringBusFactory(); >>> URL busFile = WorkListServiceImpl2.*class*.getResource("client.xml"); >>> Bus bus = bf.createBus(busFile.toString()); >>> SpringBusFactory.*setDefaultBus*(bus); >>> SpringBusFactory.*setThreadDefaultBus*(bus); >>> >>> >>> I still dont get what file should I put instead of client.xml as I'm >>> already in a spring context, should I specify the file where I define my >>> bean already ? >>> it's quite confusing... >>> >>> >>> Thomas. >>> >>> >>> On Wed, Sep 25, 2013 at 3:36 PM, Colm O hEigeartaigh < >>> [email protected]> wrote: >>> >>>> > Is it thread safe ? >>>> >>>> http://cxf.apache.org/faq.html#FAQ-AreJAXWSclientproxiesthreadsafe%3F >>>> >>>> All you need is a JAX-WS client proxy, how you obtain one or set up your >>>> project is up to you... >>>> >>>> Colm. >>>> >>>> >>>> On Tue, Sep 24, 2013 at 2:07 PM, Thomas Manson >>>> <[email protected]>wrote: >>>> >>>> > Hi Colm, >>>> > >>>> > I'm starting to understand that it's another way to configure the >>>> client. >>>> > >>>> > I've two questions : >>>> > >>>> > - Is it thread safe ? >>>> > I guess that it is as I see that the ServiceBus specify a Thread. >>>> > In a J2EE context, should I specify something else than >>>> > SpringBusFactory.setThreadDefaultBus(bus); ? >>>> > >>>> > >>>> > - I'm a bit puzzled by the configuration: >>>> > >>>> > >>>> > SpringBusFactory bf = new SpringBusFactory(); >>>> > URL busFile = >>>> UsernameTokenTest.class.getResource("client/client.xml"); >>>> > >>>> > >>>> > This code load a Spring configuration file, while I already have mine >>>> + >>>> > the client.xml configuration has some cxf:bus definition (is it the >>>> same >>>> > thing ? SringBusFactory & cxf:bus ?). >>>> > >>>> > So I wonder I can't just use this code in an existing spring >>>> context, How >>>> > should I transpose this within an existing spring context? >>>> > >>>> > >>>> > How I think it would work is : >>>> > >>>> > >>>> > - Use your way to setup SpringBus and the Client >>>> > - Have a Spring class X that has the WS Client as dependency >>>> > - X implement each method of the WS(+some additional business >>>> logic) >>>> > and set the username dynamically <= I still don't know how to do >>>> this... >>>> > >>>> > Is it the correct way ? >>>> > >>>> > Thomas. >>>> > >>>> > Here is my current work in progress spring file >>>> > >>>> > <beans xmlns="http://www.springframework.org/schema/beans"; >>>> > >>>> > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns:cxf=" >>>> > http://cxf.apache.org/core"; >>>> > xsi:schemaLocation=" >>>> > http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd >>>> > http://www.springframework.org/schema/beans >>>> > http://www.springframework.org/schema/beans/spring-beans-2.0.xsd";> >>>> > >>>> > >>>> > <cxf:bus> >>>> > <cxf:features> >>>> > <cxf:logging /> >>>> > </cxf:features> >>>> > </cxf:bus> >>>> > >>>> > >>>> > >>>> > <!-- >>>> > >>>> /Users/tmanson/Dropbox/crf/AMXBPM-2.1-WS-Client/src/main/resources/de.wsdl >>>> > --> >>>> > <jaxws:client >>>> > name="{http://services.brm.n2.tibco.com >>>> }EntityResolverService" >>>> > >>>> > >>>> wsdlLocation="/Users/tmanson/Dropbox/crf/AMXBPM-2.1-WS-Client/src/main/resources/de.wsdl" >>>> > serviceClass="com.tibco.n2.de.services.EntityResolverService" >>>> > address=" >>>> http://192.168.2.202:8080/amxbpm/EntityResolverService"; >>>> > createdFromAPI="true"> >>>> > <jaxws:properties> >>>> > <entry key="ws-security.callback-handler" >>>> > >>>> > >>>> >>>> value="com.mansonthomas.amxbpm.customwebapp.services.amxbpm.security.PasswordCallbackHandler" >>>> > /> >>>> > </jaxws:properties> >>>> > </jaxws:client> >>>> > >>>> > </beans> >>>> > >>>> > >>>> > >>>> > >>>> > >>>> > >>>> > >>>> > >>>> > >>>> > On Tue, Sep 24, 2013 at 11:41 AM, Colm O hEigeartaigh < >>>> [email protected] >>>> > > wrote: >>>> > >>>> >> Look at the last test here: >>>> >> >>>> >> >>>> >> >>>> http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/ut/UsernameTokenTest.java?view=markup >>>> >> >>>> >> >>>> >> >>>> ((BindingProvider)utPort).getRequestContext().put(SecurityConstants.USERNAME, >>>> >> "Alice"); >>>> >> >>>> >> Colm. >>>> >> >>>> >> >>>> >> On Tue, Sep 24, 2013 at 10:33 AM, Thomas Manson >>>> >> <[email protected]>wrote: >>>> >> >>>> >> > Hi Colm, >>>> >> > >>>> >> > I'm back working on this subject (was on pause as I was working >>>> for >>>> >> other >>>> >> > clients) >>>> >> > >>>> >> > I've checked out the SVN repo you gave me, and I've looked >>>> through the >>>> >> > samples configurations (client.xml) and I can't find anything >>>> >> appropriate. >>>> >> > >>>> >> > In the UT (Username Token I guess), the username is always >>>> provided in >>>> >> the >>>> >> > configuration file. >>>> >> > The saml/x509 configuration still refers to Alice.properties... >>>> >> > >>>> >> > >>>> >> > In my case, the username shouldn't appear in the configuration >>>> files, >>>> >> as >>>> >> > I need to use the J2EE Principal as login, and call the webservice >>>> to >>>> >> > authenticate the user. >>>> >> > >>>> >> > Could you point me to the right direction ? >>>> >> > >>>> >> > Thomas. >>>> >> > >>>> >> > >>>> >> > >>>> >> > >>>> >> > >>>> >> > On Sat, Jul 13, 2013 at 1:45 AM, Thomas Manson >>>> >> > <[email protected]>wrote: >>>> >> > >>>> >> > > Thanks, it will surely help a lot :) >>>> >> > > >>>> >> > > Thomas. >>>> >> > > >>>> >> > > >>>> >> > > On Fri, Jul 12, 2013 at 6:05 PM, Colm O hEigeartaigh < >>>> >> > [email protected]>wrote: >>>> >> > > >>>> >> > >> Please take a look at the tests here: >>>> >> > >> >>>> >> > >> >>>> >> > >> >>>> >> > >>>> >> >>>> http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/systests/ws-security-examples/ >>>> >> > >> >>>> >> > >> Colm. >>>> >> > >> >>>> >> > >> >>>> >> > >> On Fri, Jul 12, 2013 at 4:22 PM, Thomas Manson >>>> >> > >> <[email protected]>wrote: >>>> >> > >> >>>> >> > >> > Do you have any other pointer that this page : >>>> >> > >> > >>>> >> > >> > cxf.apache.org/docs/ws-securitypolicy.html >>>> >> > >> > >>>> >> > >> > it's way to short for me as documentation to build something >>>> that >>>> >> > work. >>>> >> > >> > When I read the properties described, I feel there's a mix >>>> between >>>> >> > >> server >>>> >> > >> > side properties (which I'm not interested as I'm just >>>> implementing >>>> >> a >>>> >> > >> > client)... + it starts with extra properties... where are the >>>> basic >>>> >> > >> ones? >>>> >> > >> > >>>> >> > >> > what would help is a full example of the code of a client. >>>> >> > >> > >>>> >> > >> > I'm quite lost ;) >>>> >> > >> > >>>> >> > >> > >>>> >> > >> > >>>> >> > >> > >>>> >> > >> > On Fri, Jul 12, 2013 at 5:09 PM, Colm O hEigeartaigh < >>>> >> > >> [email protected] >>>> >> > >> > >wrote: >>>> >> > >> > >>>> >> > >> > > >>>> >> > >> > > If you follow the WS-SecurityPolicy approach then it will >>>> work, >>>> >> as >>>> >> > >> all of >>>> >> > >> > > the configuration is taken from the context rather than a >>>> >> properties >>>> >> > >> Map. >>>> >> > >> > > >>>> >> > >> > > Colm. >>>> >> > >> > > >>>> >> > >> > > >>>> >> > >> > > On Fri, Jul 12, 2013 at 4:01 PM, Thomas Manson < >>>> >> > >> > [email protected] >>>> >> > >> > > > wrote: >>>> >> > >> > > >>>> >> > >> > >> I already does what you say as follow, but it mean one >>>> >> instance of >>>> >> > >> the >>>> >> > >> > >> client per user connected. >>>> >> > >> > >> >>>> >> > >> > >> >>>> >> > >> > >> I've search quite some time dans didn't find a way to set >>>> >> something >>>> >> > >> like >>>> >> > >> > >> the password callback handler. >>>> >> > >> > >> >>>> >> > >> > >> >>>> >> > >> > >> >>>> >> > >> > >> JaxWsProxyFactoryBean factory = new >>>> JaxWsProxyFactoryBean(); >>>> >> > >> > >> >>>> >> > >> > >> factory.setServiceClass(WorkListService.class); >>>> >> > >> > >> >>>> >> > >> > >> factory.setAddress(this.endpoint); >>>> >> > >> > >> >>>> >> > >> > >> // >>>> >> > >> > >> >>>> >> > >> > >>>> >> > >> >>>> >> > >>>> >> >>>> factory.setWsdlLocation("D:/ARTIC/SOURCE/artic/trunk/webapp/src/main/webapp/WSDL/brm.wsdl"); >>>> >> > >> > >> >>>> >> > >> > >> factory.setServiceName(new QName(" >>>> >> > >> http://services.brm.n2.tibco.com >>>> >> > >> > ", >>>> >> > >> > >> "WorkListService")); >>>> >> > >> > >> >>>> >> > >> > >> WorkListService workListService = (WorkListService) >>>> >> > >> > factory.create(); >>>> >> > >> > >> >>>> >> > >> > >> >>>> >> > >> > >> Client client = >>>> ClientProxy.getClient(workListService); >>>> >> > >> > >> >>>> >> > >> > >> >>>> >> > >> > >> Map<String, Object> properties = new HashMap<String, >>>> >> Object>(); >>>> >> > >> > >> >>>> >> > >> > >> properties.put(WSHandlerConstants.ACTION , >>>> >> > >> > >> WSHandlerConstants.USERNAME_TOKEN); >>>> >> > >> > >> >>>> >> > >> > >> properties.put(WSHandlerConstants.USER , >>>> >> > >> this.username); >>>> >> > >> > >> >>>> >> > >> > >> properties.put(WSHandlerConstants.PASSWORD_TYPE , >>>> >> > WSConstants. >>>> >> > >> > >> PW_TEXT);// "PasswordDigest" >>>> >> > >> > >> >>>> >> > >> > >> properties.put(WSHandlerConstants.PW_CALLBACK_REF , >>>> >> > >> > newPasswordCallbackHandler( >>>> >> > >> > >> this.username, password, "password")); >>>> >> > >> > >> >>>> >> > >> > >> >>>> >> > >> > >> client.getOutInterceptors().add(new >>>> >> > >> > WSS4JOutInterceptor(properties)); >>>> >> > >> > >> >>>> >> > >> > >> >>>> >> > >> > >> On Fri, Jul 12, 2013 at 4:36 PM, Colm O hEigeartaigh < >>>> >> > >> > [email protected] >>>> >> > >> > >> > wrote: >>>> >> > >> > >> >>>> >> > >> > >>> ou could create a CXF interceptor that sets the username >>>> on the >>>> >> > fly, >>>> >> > >> > >>> before the WSS4JOutInterceptor is called. >>>> >> > >> > >> >>>> >> > >> > >> >>>> >> > >> > >> >>>> >> > >> > >> >>>> >> > >> > > >>>> >> > >> > > >>>> >> > >> > > -- >>>> >> > >> > > Colm O hEigeartaigh >>>> >> > >> > > >>>> >> > >> > > Talend Community Coder >>>> >> > >> > > http://coders.talend.com >>>> >> > >> > > >>>> >> > >> > >>>> >> > >> >>>> >> > >> >>>> >> > >> >>>> >> > >> -- >>>> >> > >> Colm O hEigeartaigh >>>> >> > >> >>>> >> > >> Talend Community Coder >>>> >> > >> http://coders.talend.com >>>> >> > >> >>>> >> > > >>>> >> > > >>>> >> > >>>> >> >>>> >> >>>> >> >>>> >> -- >>>> >> Colm O hEigeartaigh >>>> >> >>>> >> Talend Community Coder >>>> >> http://coders.talend.com >>>> >> >>>> > >>>> > >>>> >>>> >>>> -- >>>> Colm O hEigeartaigh >>>> >>>> Talend Community Coder >>>> http://coders.talend.com >>>> >>> >>> >> > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
