I have developed a webservice in Axis2 1.5 which will be called by a Java client. The client needs to pass username and password in SOAP Header. For this I am using Rampart 1.5.
Till now I have followed these steps
1. Copy rampart-1.5.mar and rahas-1.5.mar in modules directory of both client and service.
2. Copy Rampart jars in the lib directory of both service and client.
3. In client following was done
-- Following was added to axis2.xml
-- Following is ClientCredentialsHandler.java
4. In the webservice following was done
-- Following was added to services.xml
-- Following is ServiceCredentialsHandler.java
When I execute the client, it gives me the following error
It seems the client handler is not getting called as I cannot see the sysouts that were a part of the client handler.
Is there any setting that I need to do?
Thanks for the info, it was very useful.
There is problem in server side handler code. Code written by you is valid if password is coming as plain text. Since in your case it's coming as digest modify your code as follows.
modify above with this
This should throw exception if you try passing invalid password.
You can use getUsage() method of pwcb to know if password is plain text or digest. If it's WSPasswordCallback.USERNAME_TOKEN(implies digest) use
if it is WSPasswordCallback.USERNAME_TOKEN_UNKNOWN that says plain text is coming so use
shivendra tripathi wrote:This is some problem related to sending the attachment with response. For time being just remove the code where you are doing attachment stuff and see if security stuff works fine.
You are absolutely correct. If I remove the attachment stuff the code works fine. Security is working absolutely fine.
If I remove the security stuff then attachments works fine. If I keep both then attachments give the above problem.