*
The moose likes Web Services and the fly likes Help regarding User-name Token Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of EJB 3 in Action this week in the EJB and other Java EE Technologies forum!
JavaRanch » Java Forums » Java » Web Services
Bookmark "Help regarding User-name Token" Watch "Help regarding User-name Token" New topic
Author

Help regarding User-name Token

somia razzaq
Ranch Hand

Joined: Jan 26, 2010
Posts: 44
Hi All

I have to authenticate web service client by using User-name token. Can anyone help which step i have to carry out at service side and which at client side using WSS4J API.

Thanks
Ivan Krizsan
Ranch Hand

Joined: Oct 04, 2006
Posts: 2198
    
    1
Hi!
First, a tutorial on how to use WSS4J with Apache CXF:
http://www.skillrack.com/tutorial/25_Securing_Apache_CXF_webservices_using_Apache_WSS4J_Username_Token_X_509_v3_Signature_Approach

Finally, a tutorial that uses Metro and NetBeans (which is not what you asked for, but I include it for reference):
http://netbeans.org/kb/docs/javaee/identity-amsecurity.html
Happy reading!
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 39547
    
  27
Do really need to use the WSS4J API directly? Generally, WS-Security is configured through files (at least it is for Axis 2 and Metro).


Ping & DNS - updated with new look and Ping home screen widget
somia razzaq
Ranch Hand

Joined: Jan 26, 2010
Posts: 44
Ulf Dittmer wrote:Do really need to use the WSS4J API directly? Generally, WS-Security is configured through files (at least it is for Axis 2 and Metro).


Hi
It is not necessary to use WSS4J directly. As you told, WS-Security is configured through files, how i can do it. Please guide me in detail.

Best Regards
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 39547
    
  27
Which SOAP stack are you using?
somia razzaq
Ranch Hand

Joined: Jan 26, 2010
Posts: 44
Ulf Dittmer wrote:Which SOAP stack are you using?


Hi
Thanks for reply. i have to use JAX-WS. I have to design contract-first web services using document/literal style. Basically i want to implement message level security among service and clients without compromising the interopearbility.

Best Regards
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 39547
    
  27
JAX-WS is an API; which implementation are you using? Axis2? Metro? JBossWS?
somia razzaq
Ranch Hand

Joined: Jan 26, 2010
Posts: 44
Ulf Dittmer wrote:JAX-WS is an API; which implementation are you using? Axis2? Metro? JBossWS?


I am using Metro.

Thanks
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 39547
    
  27
Metro comes with sample code that shows how to configure a UserName token externally; look in the samples/ws-security/un_symmetric folder.
somia razzaq
Ranch Hand

Joined: Jan 26, 2010
Posts: 44
Ulf Dittmer wrote:Metro comes with sample code that shows how to configure a UserName token externally; look in the samples/ws-security/un_symmetric folder.


Hi
I have used the given link. But i found the following errors during running the client. I am also using handler for intercepting the SOAP messages.

compile:
run:

Outbound message:
welcome

<S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/"><S:Body><ns2:getTime xmlns:ns2="http://pqr/"/></S:Body></S:Envelope>** Response: com.sun.xml.messaging.saaj.soap.ver1_1.Message1_1Impl@18f7386

Inbound message:
** Response: com.sun.xml.messaging.saaj.soap.ver1_1.Message1_1Impl@46b90a
Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: ERROR: No security header found in the message
at com.sun.xml.ws.fault.SOAP11Fault.getProtocolException(SOAP11Fault.java:187)
at com.sun.xml.ws.fault.SOAPFaultBuilder.createException(SOAPFaultBuilder.java:116)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:254)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:224)
at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:117)
at $Proxy28.getTime(Unknown Source)
at time_client.Main.main(Main.java:36)
Caused by: com.sun.xml.wss.impl.PolicyViolationException: ERROR: No security header found in the message
at com.sun.xml.wss.impl.policy.verifier.MessagePolicyVerifier.verifyPolicy(MessagePolicyVerifier.java:109)
at com.sun.xml.ws.security.opt.impl.incoming.SecurityRecipient.createMessage(SecurityRecipient.java:817)
at com.sun.xml.ws.security.opt.impl.incoming.SecurityRecipient.validateMessage(SecurityRecipient.java:226)
at com.sun.xml.wss.provider.wsit.WSITServerAuthContext.verifyInboundMessage(WSITServerAuthContext.java:471)
at com.sun.xml.wss.provider.wsit.WSITServerAuthContext.validateRequest(WSITServerAuthContext.java:297)
at com.sun.xml.wss.provider.wsit.WSITServerAuthContext.validateRequest(WSITServerAuthContext.java:211)
at com.sun.enterprise.webservice.CommonServerSecurityPipe.processRequest(CommonServerSecurityPipe.java:168)
at com.sun.enterprise.webservice.CommonServerSecurityPipe.process(CommonServerSecurityPipe.java:129)
at com.sun.xml.ws.api.pipe.helper.PipeAdapter.processRequest(PipeAdapter.java:115)
at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:595)
at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:554)
at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:539)
at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:436)
at com.sun.xml.ws.server.WSEndpointImpl$2.process(WSEndpointImpl.java:243)
at com.sun.xml.ws.transport.http.HttpAdapter$HttpToolkit.handle(HttpAdapter.java:444)
at com.sun.xml.ws.transport.http.HttpAdapter.handle(HttpAdapter.java:244)
at com.sun.xml.ws.transport.http.servlet.ServletAdapter.handle(ServletAdapter.java:135)
at com.sun.enterprise.webservice.JAXWSServlet.doPost(JAXWSServlet.java:159)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:738)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:831)
at org.apache.catalina.core.ApplicationFilterChain.servletService(ApplicationFilterChain.java:411)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:317)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:198)
at org.netbeans.modules.web.monitor.server.MonitorFilter.doFilter(MonitorFilter.java:390)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:230)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:198)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:288)
at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:271)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:202)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:632)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:577)
at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:94)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:206)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:632)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:577)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:571)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:1080)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:150)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:632)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:577)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:571)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:1080)
at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:272)
at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.invokeAdapter(DefaultProcessorTask.java:637)
at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.doProcess(DefaultProcessorTask.java:568)
at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.process(DefaultProcessorTask.java:813)
at com.sun.enterprise.web.connector.grizzly.DefaultReadTask.executeProcessorTask(DefaultReadTask.java:341)
at com.sun.enterprise.web.connector.grizzly.DefaultReadTask.doTask(DefaultReadTask.java:263)
at com.sun.enterprise.web.connector.grizzly.DefaultReadTask.doTask(DefaultReadTask.java:214)
at com.sun.enterprise.web.connector.grizzly.TaskBase.run(TaskBase.java:265)
at com.sun.enterprise.web.connector.grizzly.ssl.SSLWorkerThread.run(SSLWorkerThread.java:106)
Java Result: 1
BUILD SUCCESSFUL (total time: 2 seconds)


Thanks
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Help regarding User-name Token
 
Similar Threads
web service security error using basic auth
Best practice for user authentication
Generating a token request (WS-Trust)-HELP
Wss4J Security question on Username Token
How to create UsernameToken in Java WS client to compatble with .Net (.asmx) web service