Hi,
We have got a webservice with the following security policy from the client.
<wsp:Policy orawsp:provides="{http://docs.oasis-open.org/ns/opencsa/sca/200903}authentication, {http://docs.oasis-open.org/ns/opencsa/sca/200903}clientAuthentication, {http://docs.oasis-open.org/ns/opencsa/sca/200903}clientAuthentication.message, {http://schemas.oracle.com/ws/2006/01/policy}token.usernamePassword" wsu:Id="wss_username_token_service_policy" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:orawsp="http://schemas.oracle.com/ws/2006/01/policy" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<sp:SupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
<sp:WssUsernameToken10/>
</wsp:Policy>
</sp:UsernameToken>
</wsp:Policy>
</sp:SupportingTokens>
</wsp:Policy>
We generated client classes using the
Java JAX-WS tool from the wsdl(used the wsimport command).Afer that used the SecurityHandler class( attached the file) which incorporates the securtiy information in the handleMessage() method.
This is the standalone
Test class(contains binding information and calling the webservice method).
public class SellerServiceTest {
public static void main(
String args[]) throws Exception{
final Binding binding = ((BindingProvider) port).getBinding();
List<Handler> handlerList = binding.getHandlerChain();
if (handlerList == null)
handlerList = new ArrayList<Handler>();
handlerList.add(new SecurityHandler(userName,passWord));
binding.setHandlerChain(handlerList);
Service service = new Service();
Port port = service.getPort();
SaleResponseType saleResponseType = port.sale(saleRequestType);
}
}
The following class is the SecurityHandler code.
import java.util.Set;
import javax.xml.namespace.QName;
import javax.xml.soap.SOAPElement;
import javax.xml.soap.SOAPEnvelope;
import javax.xml.soap.SOAPHeader;
import javax.xml.ws.handler.MessageContext;
import javax.xml.ws.handler.soap.SOAPHandler;
import javax.xml.ws.handler.soap.SOAPMessageContext;
public class SecurityHandler implements SOAPHandler<SOAPMessageContext>{
private String user;
private String password;
public SecurityHandler(String user, String password) {
this.setUser(user);
this.setPassword(password);
}
@Override
public boolean handleMessage(final SOAPMessageContext msgCtx) {
// Indicatodor de direccion del mensaje
final Boolean outInd = (Boolean) msgCtx.get(MessageContext.MESSAGE_OUTBOUND_PROPERTY);
// Solo mensajes de seguridad a encabezados outbound
if (outInd.booleanValue()) {
try {
// Envoltorio
SOAP
final SOAPEnvelope envelope = msgCtx.getMessage().getSOAPPart().getEnvelope();
// Encabezado SOAP, puede no estar creado
SOAPHeader header = envelope.getHeader();
if (header == null)
header = envelope.addHeader();
//Agrego seguridad wsse
final SOAPElement security = header.addChildElement("Security", "wsse",
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
final SOAPElement userToken = security.addChildElement("UsernameToken", "wsse");
userToken.addChildElement("Username",
"wsse").addTextNode(getUser());
userToken.addChildElement("Password",
"wsse").addTextNode(getPassword());
} catch (final Exception e) {
e.printStackTrace();
return false;
}
}
return true;
}
@Override
public void close(MessageContext arg0) {
// TODO Auto-generated method stub
}
@Override
public boolean handleFault(SOAPMessageContext arg0) {
// TODO Auto-generated method stub
return false;
}
@Override
public Set<QName> getHeaders() {
// TODO Auto-generated method stub
return null;
}
public String getUser() {
return user;
}
public void setUser(String user) {
this.user = user;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
}
When i called the web service method from a standlone client class ,security authentication is done and got the webservice response.
But when accessing the webservice from the application deployed from JBoss7.1.0,Security Handler's handleMessage() method is not invoked due to this i am getting the excetion as
org.apache.cxf.ws.policy.PolicyException: No username available
at org.apache.cxf.ws.security.wss4j.UsernameTokenInterceptor.policyNotAsserted(UsernameTokenInterceptor.java:398)
at org.apache.cxf.ws.security.wss4j.UsernameTokenInterceptor.addUsernameToken(UsernameTokenInterceptor.java:341)
at org.apache.cxf.ws.security.wss4j.UsernameTokenInterceptor.addUsernameToken(UsernameTokenInterceptor.java:267)
at org.apache.cxf.ws.security.wss4j.UsernameTokenInterceptor.handleMessage(UsernameTokenInterceptor.java:112)
at org.apache.cxf.ws.security.wss4j.UsernameTokenInterceptor.handleMessage(UsernameTokenInterceptor.java:76)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:263)
at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:531)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:461)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:364)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:317)
at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:88)
00:05:21,350 ERROR [stderr] (http--192.168.172.142-8080-1) Caused by: org.apache.cxf.ws.policy.PolicyException: No username available
Please let me know where is the issue?
Thanks in advance,
Sridhar