This week's book giveaway is in the Servlets forum.
We're giving away four copies of Murach's Java Servlets and JSP and have Joel Murach on-line!
See this thread for details.
The moose likes Web Services and the fly likes Help regarding User-name Token Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Java » Web Services
Bookmark "Help regarding User-name Token" Watch "Help regarding User-name Token" New topic
Author

Help regarding User-name Token

somia razzaq
Ranch Hand

Joined: Jan 26, 2010
Posts: 44
Hi All

I have to authenticate web service client by using User-name token. Can anyone help which step i have to carry out at service side and which at client side using WSS4J API.

Thanks
Ivan Krizsan
Ranch Hand

Joined: Oct 04, 2006
Posts: 2198
    
    1
Hi!
First, a tutorial on how to use WSS4J with Apache CXF:
http://www.skillrack.com/tutorial/25_Securing_Apache_CXF_webservices_using_Apache_WSS4J_Username_Token_X_509_v3_Signature_Approach

Finally, a tutorial that uses Metro and NetBeans (which is not what you asked for, but I include it for reference):
http://netbeans.org/kb/docs/javaee/identity-amsecurity.html
Happy reading!
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41032
    
  43
Do really need to use the WSS4J API directly? Generally, WS-Security is configured through files (at least it is for Axis 2 and Metro).


Ping & DNS - my free Android networking tools app
somia razzaq
Ranch Hand

Joined: Jan 26, 2010
Posts: 44
Ulf Dittmer wrote:Do really need to use the WSS4J API directly? Generally, WS-Security is configured through files (at least it is for Axis 2 and Metro).


Hi
It is not necessary to use WSS4J directly. As you told, WS-Security is configured through files, how i can do it. Please guide me in detail.

Best Regards
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41032
    
  43
Which SOAP stack are you using?
somia razzaq
Ranch Hand

Joined: Jan 26, 2010
Posts: 44
Ulf Dittmer wrote:Which SOAP stack are you using?


Hi
Thanks for reply. i have to use JAX-WS. I have to design contract-first web services using document/literal style. Basically i want to implement message level security among service and clients without compromising the interopearbility.

Best Regards
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41032
    
  43
JAX-WS is an API; which implementation are you using? Axis2? Metro? JBossWS?
somia razzaq
Ranch Hand

Joined: Jan 26, 2010
Posts: 44
Ulf Dittmer wrote:JAX-WS is an API; which implementation are you using? Axis2? Metro? JBossWS?


I am using Metro.

Thanks
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41032
    
  43
Metro comes with sample code that shows how to configure a UserName token externally; look in the samples/ws-security/un_symmetric folder.
somia razzaq
Ranch Hand

Joined: Jan 26, 2010
Posts: 44
Ulf Dittmer wrote:Metro comes with sample code that shows how to configure a UserName token externally; look in the samples/ws-security/un_symmetric folder.


Hi
I have used the given link. But i found the following errors during running the client. I am also using handler for intercepting the SOAP messages.

compile:
run:

Outbound message:
welcome

<S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/"><S:Body><ns2:getTime xmlns:ns2="http://pqr/"/></S:Body></S:Envelope>** Response: com.sun.xml.messaging.saaj.soap.ver1_1.Message1_1Impl@18f7386

Inbound message:
** Response: com.sun.xml.messaging.saaj.soap.ver1_1.Message1_1Impl@46b90a
Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: ERROR: No security header found in the message
at com.sun.xml.ws.fault.SOAP11Fault.getProtocolException(SOAP11Fault.java:187)
at com.sun.xml.ws.fault.SOAPFaultBuilder.createException(SOAPFaultBuilder.java:116)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:254)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:224)
at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:117)
at $Proxy28.getTime(Unknown Source)
at time_client.Main.main(Main.java:36)
Caused by: com.sun.xml.wss.impl.PolicyViolationException: ERROR: No security header found in the message
at com.sun.xml.wss.impl.policy.verifier.MessagePolicyVerifier.verifyPolicy(MessagePolicyVerifier.java:109)
at com.sun.xml.ws.security.opt.impl.incoming.SecurityRecipient.createMessage(SecurityRecipient.java:817)
at com.sun.xml.ws.security.opt.impl.incoming.SecurityRecipient.validateMessage(SecurityRecipient.java:226)
at com.sun.xml.wss.provider.wsit.WSITServerAuthContext.verifyInboundMessage(WSITServerAuthContext.java:471)
at com.sun.xml.wss.provider.wsit.WSITServerAuthContext.validateRequest(WSITServerAuthContext.java:297)
at com.sun.xml.wss.provider.wsit.WSITServerAuthContext.validateRequest(WSITServerAuthContext.java:211)
at com.sun.enterprise.webservice.CommonServerSecurityPipe.processRequest(CommonServerSecurityPipe.java:168)
at com.sun.enterprise.webservice.CommonServerSecurityPipe.process(CommonServerSecurityPipe.java:129)
at com.sun.xml.ws.api.pipe.helper.PipeAdapter.processRequest(PipeAdapter.java:115)
at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:595)
at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:554)
at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:539)
at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:436)
at com.sun.xml.ws.server.WSEndpointImpl$2.process(WSEndpointImpl.java:243)
at com.sun.xml.ws.transport.http.HttpAdapter$HttpToolkit.handle(HttpAdapter.java:444)
at com.sun.xml.ws.transport.http.HttpAdapter.handle(HttpAdapter.java:244)
at com.sun.xml.ws.transport.http.servlet.ServletAdapter.handle(ServletAdapter.java:135)
at com.sun.enterprise.webservice.JAXWSServlet.doPost(JAXWSServlet.java:159)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:738)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:831)
at org.apache.catalina.core.ApplicationFilterChain.servletService(ApplicationFilterChain.java:411)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:317)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:198)
at org.netbeans.modules.web.monitor.server.MonitorFilter.doFilter(MonitorFilter.java:390)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:230)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:198)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:288)
at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:271)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:202)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:632)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:577)
at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:94)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:206)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:632)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:577)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:571)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:1080)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:150)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:632)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:577)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:571)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:1080)
at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:272)
at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.invokeAdapter(DefaultProcessorTask.java:637)
at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.doProcess(DefaultProcessorTask.java:568)
at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.process(DefaultProcessorTask.java:813)
at com.sun.enterprise.web.connector.grizzly.DefaultReadTask.executeProcessorTask(DefaultReadTask.java:341)
at com.sun.enterprise.web.connector.grizzly.DefaultReadTask.doTask(DefaultReadTask.java:263)
at com.sun.enterprise.web.connector.grizzly.DefaultReadTask.doTask(DefaultReadTask.java:214)
at com.sun.enterprise.web.connector.grizzly.TaskBase.run(TaskBase.java:265)
at com.sun.enterprise.web.connector.grizzly.ssl.SSLWorkerThread.run(SSLWorkerThread.java:106)
Java Result: 1
BUILD SUCCESSFUL (total time: 2 seconds)


Thanks
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Help regarding User-name Token
 
Similar Threads
web service security error using basic auth
Best practice for user authentication
Wss4J Security question on Username Token
How to create UsernameToken in Java WS client to compatble with .Net (.asmx) web service
Generating a token request (WS-Trust)-HELP