Forums Register Login

Help regarding User-name Token

+Pie Number of slices to send: Send
Hi All

I have to authenticate web service client by using User-name token. Can anyone help which step i have to carry out at service side and which at client side using WSS4J API.

Thanks
+Pie Number of slices to send: Send
Hi!
First, a tutorial on how to use WSS4J with Apache CXF:
http://www.skillrack.com/tutorial/25_Securing_Apache_CXF_webservices_using_Apache_WSS4J_Username_Token_X_509_v3_Signature_Approach

Finally, a tutorial that uses Metro and NetBeans (which is not what you asked for, but I include it for reference):
http://netbeans.org/kb/docs/javaee/identity-amsecurity.html
Happy reading!
+Pie Number of slices to send: Send
Do really need to use the WSS4J API directly? Generally, WS-Security is configured through files (at least it is for Axis 2 and Metro).
+Pie Number of slices to send: Send
 

Ulf Dittmer wrote:Do really need to use the WSS4J API directly? Generally, WS-Security is configured through files (at least it is for Axis 2 and Metro).



Hi
It is not necessary to use WSS4J directly. As you told, WS-Security is configured through files, how i can do it. Please guide me in detail.

Best Regards
+Pie Number of slices to send: Send
Which SOAP stack are you using?
+Pie Number of slices to send: Send
 

Ulf Dittmer wrote:Which SOAP stack are you using?



Hi
Thanks for reply. i have to use JAX-WS. I have to design contract-first web services using document/literal style. Basically i want to implement message level security among service and clients without compromising the interopearbility.

Best Regards
+Pie Number of slices to send: Send
JAX-WS is an API; which implementation are you using? Axis2? Metro? JBossWS?
+Pie Number of slices to send: Send
 

Ulf Dittmer wrote:JAX-WS is an API; which implementation are you using? Axis2? Metro? JBossWS?



I am using Metro.

Thanks
+Pie Number of slices to send: Send
Metro comes with sample code that shows how to configure a UserName token externally; look in the samples/ws-security/un_symmetric folder.
+Pie Number of slices to send: Send
 

Ulf Dittmer wrote:Metro comes with sample code that shows how to configure a UserName token externally; look in the samples/ws-security/un_symmetric folder.



Hi
I have used the given link. But i found the following errors during running the client. I am also using handler for intercepting the SOAP messages.

compile:
run:

Outbound message:
welcome

<S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/"><S:Body><ns2:getTime xmlns:ns2="http://pqr/"/></S:Body></S:Envelope>** Response: com.sun.xml.messaging.saaj.soap.ver1_1.Message1_1Impl@18f7386

Inbound message:
** Response: com.sun.xml.messaging.saaj.soap.ver1_1.Message1_1Impl@46b90a
Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: ERROR: No security header found in the message
at com.sun.xml.ws.fault.SOAP11Fault.getProtocolException(SOAP11Fault.java:187)
at com.sun.xml.ws.fault.SOAPFaultBuilder.createException(SOAPFaultBuilder.java:116)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:254)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:224)
at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:117)
at $Proxy28.getTime(Unknown Source)
at time_client.Main.main(Main.java:36)
Caused by: com.sun.xml.wss.impl.PolicyViolationException: ERROR: No security header found in the message
at com.sun.xml.wss.impl.policy.verifier.MessagePolicyVerifier.verifyPolicy(MessagePolicyVerifier.java:109)
at com.sun.xml.ws.security.opt.impl.incoming.SecurityRecipient.createMessage(SecurityRecipient.java:817)
at com.sun.xml.ws.security.opt.impl.incoming.SecurityRecipient.validateMessage(SecurityRecipient.java:226)
at com.sun.xml.wss.provider.wsit.WSITServerAuthContext.verifyInboundMessage(WSITServerAuthContext.java:471)
at com.sun.xml.wss.provider.wsit.WSITServerAuthContext.validateRequest(WSITServerAuthContext.java:297)
at com.sun.xml.wss.provider.wsit.WSITServerAuthContext.validateRequest(WSITServerAuthContext.java:211)
at com.sun.enterprise.webservice.CommonServerSecurityPipe.processRequest(CommonServerSecurityPipe.java:168)
at com.sun.enterprise.webservice.CommonServerSecurityPipe.process(CommonServerSecurityPipe.java:129)
at com.sun.xml.ws.api.pipe.helper.PipeAdapter.processRequest(PipeAdapter.java:115)
at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:595)
at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:554)
at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:539)
at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:436)
at com.sun.xml.ws.server.WSEndpointImpl$2.process(WSEndpointImpl.java:243)
at com.sun.xml.ws.transport.http.HttpAdapter$HttpToolkit.handle(HttpAdapter.java:444)
at com.sun.xml.ws.transport.http.HttpAdapter.handle(HttpAdapter.java:244)
at com.sun.xml.ws.transport.http.servlet.ServletAdapter.handle(ServletAdapter.java:135)
at com.sun.enterprise.webservice.JAXWSServlet.doPost(JAXWSServlet.java:159)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:738)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:831)
at org.apache.catalina.core.ApplicationFilterChain.servletService(ApplicationFilterChain.java:411)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:317)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:198)
at org.netbeans.modules.web.monitor.server.MonitorFilter.doFilter(MonitorFilter.java:390)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:230)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:198)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:288)
at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:271)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:202)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:632)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:577)
at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:94)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:206)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:632)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:577)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:571)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:1080)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:150)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:632)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:577)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:571)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:1080)
at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:272)
at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.invokeAdapter(DefaultProcessorTask.java:637)
at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.doProcess(DefaultProcessorTask.java:568)
at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.process(DefaultProcessorTask.java:813)
at com.sun.enterprise.web.connector.grizzly.DefaultReadTask.executeProcessorTask(DefaultReadTask.java:341)
at com.sun.enterprise.web.connector.grizzly.DefaultReadTask.doTask(DefaultReadTask.java:263)
at com.sun.enterprise.web.connector.grizzly.DefaultReadTask.doTask(DefaultReadTask.java:214)
at com.sun.enterprise.web.connector.grizzly.TaskBase.run(TaskBase.java:265)
at com.sun.enterprise.web.connector.grizzly.ssl.SSLWorkerThread.run(SSLWorkerThread.java:106)
Java Result: 1
BUILD SUCCESSFUL (total time: 2 seconds)


Thanks
He was giving me directions and I was powerless to resist. I cannot resist this tiny ad:
a bit of art, as a gift, the permaculture playing cards
https://gardener-gift.com


reply
reply
This thread has been viewed 2647 times.
Similar Threads
Generating a token request (WS-Trust)-HELP
web service security error using basic auth
Wss4J Security question on Username Token
Best practice for user authentication
How to create UsernameToken in Java WS client to compatble with .Net (.asmx) web service
More...

All times above are in ranch (not your local) time.
The current ranch time is
Mar 29, 2024 01:27:16.