aspose file tools*
The moose likes Web Services and the fly likes Help regarding User-name Token Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Web Services
Bookmark "Help regarding User-name Token" Watch "Help regarding User-name Token" New topic
Author

Help regarding User-name Token

somia razzaq
Ranch Hand

Joined: Jan 26, 2010
Posts: 44
Hi All

I have to authenticate web service client by using User-name token. Can anyone help which step i have to carry out at service side and which at client side using WSS4J API.

Thanks
Ivan Krizsan
Ranch Hand

Joined: Oct 04, 2006
Posts: 2198
    
    1
Hi!
First, a tutorial on how to use WSS4J with Apache CXF:
http://www.skillrack.com/tutorial/25_Securing_Apache_CXF_webservices_using_Apache_WSS4J_Username_Token_X_509_v3_Signature_Approach

Finally, a tutorial that uses Metro and NetBeans (which is not what you asked for, but I include it for reference):
http://netbeans.org/kb/docs/javaee/identity-amsecurity.html
Happy reading!
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 39549
    
  27
Do really need to use the WSS4J API directly? Generally, WS-Security is configured through files (at least it is for Axis 2 and Metro).


Ping & DNS - updated with new look and Ping home screen widget
somia razzaq
Ranch Hand

Joined: Jan 26, 2010
Posts: 44
Ulf Dittmer wrote:Do really need to use the WSS4J API directly? Generally, WS-Security is configured through files (at least it is for Axis 2 and Metro).


Hi
It is not necessary to use WSS4J directly. As you told, WS-Security is configured through files, how i can do it. Please guide me in detail.

Best Regards
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 39549
    
  27
Which SOAP stack are you using?
somia razzaq
Ranch Hand

Joined: Jan 26, 2010
Posts: 44
Ulf Dittmer wrote:Which SOAP stack are you using?


Hi
Thanks for reply. i have to use JAX-WS. I have to design contract-first web services using document/literal style. Basically i want to implement message level security among service and clients without compromising the interopearbility.

Best Regards
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 39549
    
  27
JAX-WS is an API; which implementation are you using? Axis2? Metro? JBossWS?
somia razzaq
Ranch Hand

Joined: Jan 26, 2010
Posts: 44
Ulf Dittmer wrote:JAX-WS is an API; which implementation are you using? Axis2? Metro? JBossWS?


I am using Metro.

Thanks
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 39549
    
  27
Metro comes with sample code that shows how to configure a UserName token externally; look in the samples/ws-security/un_symmetric folder.
somia razzaq
Ranch Hand

Joined: Jan 26, 2010
Posts: 44
Ulf Dittmer wrote:Metro comes with sample code that shows how to configure a UserName token externally; look in the samples/ws-security/un_symmetric folder.


Hi
I have used the given link. But i found the following errors during running the client. I am also using handler for intercepting the SOAP messages.

compile:
run:

Outbound message:
welcome

<S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/"><S:Body><ns2:getTime xmlns:ns2="http://pqr/"/></S:Body></S:Envelope>** Response: com.sun.xml.messaging.saaj.soap.ver1_1.Message1_1Impl@18f7386

Inbound message:
** Response: com.sun.xml.messaging.saaj.soap.ver1_1.Message1_1Impl@46b90a
Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: ERROR: No security header found in the message
at com.sun.xml.ws.fault.SOAP11Fault.getProtocolException(SOAP11Fault.java:187)
at com.sun.xml.ws.fault.SOAPFaultBuilder.createException(SOAPFaultBuilder.java:116)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:254)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:224)
at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:117)
at $Proxy28.getTime(Unknown Source)
at time_client.Main.main(Main.java:36)
Caused by: com.sun.xml.wss.impl.PolicyViolationException: ERROR: No security header found in the message
at com.sun.xml.wss.impl.policy.verifier.MessagePolicyVerifier.verifyPolicy(MessagePolicyVerifier.java:109)
at com.sun.xml.ws.security.opt.impl.incoming.SecurityRecipient.createMessage(SecurityRecipient.java:817)
at com.sun.xml.ws.security.opt.impl.incoming.SecurityRecipient.validateMessage(SecurityRecipient.java:226)
at com.sun.xml.wss.provider.wsit.WSITServerAuthContext.verifyInboundMessage(WSITServerAuthContext.java:471)
at com.sun.xml.wss.provider.wsit.WSITServerAuthContext.validateRequest(WSITServerAuthContext.java:297)
at com.sun.xml.wss.provider.wsit.WSITServerAuthContext.validateRequest(WSITServerAuthContext.java:211)
at com.sun.enterprise.webservice.CommonServerSecurityPipe.processRequest(CommonServerSecurityPipe.java:168)
at com.sun.enterprise.webservice.CommonServerSecurityPipe.process(CommonServerSecurityPipe.java:129)
at com.sun.xml.ws.api.pipe.helper.PipeAdapter.processRequest(PipeAdapter.java:115)
at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:595)
at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:554)
at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:539)
at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:436)
at com.sun.xml.ws.server.WSEndpointImpl$2.process(WSEndpointImpl.java:243)
at com.sun.xml.ws.transport.http.HttpAdapter$HttpToolkit.handle(HttpAdapter.java:444)
at com.sun.xml.ws.transport.http.HttpAdapter.handle(HttpAdapter.java:244)
at com.sun.xml.ws.transport.http.servlet.ServletAdapter.handle(ServletAdapter.java:135)
at com.sun.enterprise.webservice.JAXWSServlet.doPost(JAXWSServlet.java:159)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:738)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:831)
at org.apache.catalina.core.ApplicationFilterChain.servletService(ApplicationFilterChain.java:411)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:317)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:198)
at org.netbeans.modules.web.monitor.server.MonitorFilter.doFilter(MonitorFilter.java:390)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:230)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:198)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:288)
at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:271)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:202)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:632)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:577)
at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:94)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:206)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:632)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:577)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:571)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:1080)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:150)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:632)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:577)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:571)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:1080)
at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:272)
at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.invokeAdapter(DefaultProcessorTask.java:637)
at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.doProcess(DefaultProcessorTask.java:568)
at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.process(DefaultProcessorTask.java:813)
at com.sun.enterprise.web.connector.grizzly.DefaultReadTask.executeProcessorTask(DefaultReadTask.java:341)
at com.sun.enterprise.web.connector.grizzly.DefaultReadTask.doTask(DefaultReadTask.java:263)
at com.sun.enterprise.web.connector.grizzly.DefaultReadTask.doTask(DefaultReadTask.java:214)
at com.sun.enterprise.web.connector.grizzly.TaskBase.run(TaskBase.java:265)
at com.sun.enterprise.web.connector.grizzly.ssl.SSLWorkerThread.run(SSLWorkerThread.java:106)
Java Result: 1
BUILD SUCCESSFUL (total time: 2 seconds)


Thanks
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Help regarding User-name Token
 
Similar Threads
Wss4J Security question on Username Token
How to create UsernameToken in Java WS client to compatble with .Net (.asmx) web service
web service security error using basic auth
Best practice for user authentication
Generating a token request (WS-Trust)-HELP