You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by lv <lv...@live.cn> on 2013/02/17 11:04:35 UTC
Simple questions about username token example
I have created a web services from java first . I need to add web services security - username token.
I find UsernameTokenRequest.xml in \apache-cxf-2.7.0-src\systests\ws-security\src\test\resources\org\apache\cxf\systest\ws\security\test-data
This xml file contains:
<wss:UsernameToken>
<wss:Username>alice</wss:Username>
<wss:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">FPqPsaAp7hWASdknPsbfZxIoDVI=</wss:Password>
<wss:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">OJBNzEGDmTiD/lbeA+UDeg==</wss:Nonce>
<wsu:Created xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2009-12-10T21:12:59.100Z</wsu:Created>
</wss:UsernameToken>
Does it mean only alice with correct password can login?
If there are thousands of users need to provide username and password, how to write the xml file?
Thanks.
RE: Simple questions about username token example
Posted by lv <lv...@live.cn>.
Thank you for your help.
My sample web services work. I will let mobile application developers to add soap head.
> Date: Tue, 19 Feb 2013 13:41:33 +1100
> Subject: Re: Simple questions about username token example
> From: jason@pellcorp.com
> To: users@cxf.apache.org
>
> It is difficult for me to say without seeing your project and test case.
>
> If you want to send me a sample project I am happy to have a look at
> it and provide some advice on what you need to do.
>
>
>
> On Tue, Feb 19, 2013 at 12:21 PM, lv <lv...@live.cn> wrote:
> >
> > Thank you again. I can see policy in WSDL.
> >
> > I have another question about client side. My client side is mobile users.
> > After publishing WSDL, mobile users can send data (string) to my web services. The contents like follow: <params><param>1460</param><param>hotel</param></params>
> >
> > I just add following code and run the web project.
> >
> > @Component
> > @WebService(name="appServiceSecurity",
> > serviceName="appServiceSrcSecurity",
> > targetNamespace="http://com.ws"
> > )
> > @SOAPBinding(style = SOAPBinding.Style.DOCUMENT,
> > use=SOAPBinding.Use.LITERAL,
> > parameterStyle=SOAPBinding.ParameterStyle.WRAPPED
> > )
> > @Policies(
> > @Policy(uri="classpath:/AlternativesPolicy.xml",
> > placement = Policy.Placement.BINDING))
> >
> > public class AppServiceSecurity{
> > ..............}
> >
> > However, after mobile users send data to web services (no username, no password), the policy does not work. It does not shows policy exceptions.
> > 1, If WSDL has policy, what data contents should mobile user send? Should soap headers be added?
> > 2, If I create web services by java first method, what code should I added to obtain username and password from mobile client side?
> >
Re: Simple questions about username token example
Posted by Jason Pell <ja...@pellcorp.com>.
Hi,
Sorry I am still not clear what you are trying to do. Can I suggest
you take another look at my example. Run the
com.pellcorp.server.ServiceInvoker class from eclipse which starts a
jetty server with various endpoints exposed.
Remove the <sp:IncludeTimestamp /> from the UsernamePasswordToken.xml
before you start the ServiceInvoker.
You can then execute the ping() method located at:
https://localhost:10000/OperationSimpleService
with the following XML
Notice the ws-security heading. I guess my point is start with
something that works, and then start to morph it to your desired web
service rather than start from scratch. That is certainly what I find
works best.
<soapenv:Envelope
xmlns:oper="http://com.pellcorp/service/OperationSimpleService"
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Header>
<wsse:Security soapenv:mustUnderstand="1"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:UsernameToken wsu:Id="UsernameToken-1">
<wsse:Username>lucy</wsse:Username>
<wsse:Password
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
<soapenv:Body>
<oper:ping/>
</soapenv:Body>
</soapenv:Envelope>
On Tue, Feb 19, 2013 at 7:19 PM, lv <lv...@live.cn> wrote:
>
> I copy following class to the sample project. Now I can see the error: org.apache.ws.security.WSSecurityException: An error was discovered processing the <wsse:Security> header
>
> Client side [mobile users: IOS and Android ] send xml to web services. What's the contents of incoming data ?
>
> package com.testws.callback;
>
> import java.io.IOException;
> import java.util.HashMap;
> import java.util.Map;
> import javax.security.auth.callback.Callback;
> import javax.security.auth.callback.CallbackHandler;
> import javax.security.auth.callback.UnsupportedCallbackException;
> import org.apache.ws.security.WSConstants;
> import org.apache.ws.security.WSPasswordCallback;
>
> public class WSDemoAuthHandler implements CallbackHandler {
> private Map<String, String> passwords = new HashMap<String, String>();
>
> public WSDemoAuthHandler() {
> passwords.put("client", "admin");
> }
>
> public void handle(Callback[] callbacks) throws IOException,
> UnsupportedCallbackException {
> for (int i = 0; i < callbacks.length; i++) {
> WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];
> String passwordText = WSConstants.PASSWORD_TEXT;
> System.out.println("passwordText:" + passwordText);
> System.out.println("WSClientAuthHandler client password:"
> + pc.getPassword());
> String pass = passwords.get(pc.getIdentifier());
> System.out.println("WSDemoAuthHandler server password:" + pass);
> if (pass != null) {
> pc.setPassword(pass);
> }
> }
> }
>
> }
>
>
>> From: lv.123@live.cn
>> To: users@cxf.apache.org
>> Subject: RE: Simple questions about username token example
>> Date: Tue, 19 Feb 2013 06:53:35 +0000
>>
>>
>> Thank you. I create a sample project and it can publish wsdl with security.
>> But after client side [mobile users] send string parameters, the security does not show any error. Web servers do not require username and password.
>> What code snippet is missing?
>> And what the incomming data format should client side sent? Should soap head be added?
>>
>>
>> package com.testws.ws;
>>
>> import java.io.StringReader;
>> import java.lang.reflect.Method;
>> import java.util.ArrayList;
>> import java.util.List;
>> import javax.jws.WebMethod;
>> import javax.jws.WebService;
>> import javax.jws.soap.SOAPBinding;
>> import org.jdom.Document;
>> import org.jdom.Element;
>> import org.jdom.input.SAXBuilder;
>> import org.springframework.stereotype.Component;
>> import org.xml.sax.InputSource;
>> import com.testws.util.WSConvert;
>> import com.testws.util.WStype;
>> import org.apache.cxf.annotations.Policies;
>> import org.apache.cxf.annotations.Policy;
>> /*
>> * http://localhost:8080/testWS/testWebServiceSecurity/TestWebServiceSecurity?WSDL
>> * */
>>
>> @Component
>> @WebService(name="testWebServiceSecurity",
>> serviceName="testWebServiceSecurity",
>> targetNamespace="http://com.testws"
>> )
>> @SOAPBinding(style = SOAPBinding.Style.DOCUMENT,
>> use=SOAPBinding.Use.LITERAL,
>> parameterStyle=SOAPBinding.ParameterStyle.WRAPPED
>> )
>> //@Policies(
>> // @Policy(uri="classpath:/AlternativesPolicy.xml",
>> // placement = Policy.Placement.BINDING))
>>
>> public class TestWebServiceSecurity{
>>
>> public TestWebServiceSecurity(){}
>>
>> private static ArrayList<Object[]> parseXml2(String paramString) throws Exception{
>> StringReader read = new StringReader(paramString);
>> InputSource source = new InputSource(read);
>> SAXBuilder sb = new SAXBuilder();
>> Document doc = sb.build(source);
>> Element root = doc.getRootElement();
>> Element functionElt=root.getChild("function");
>> Element par=root.getChild("params");
>> List<Element> listElt=par.getChildren();
>> String str[]=new String[listElt.size()+1];
>> String rmp [] =new String[listElt.size()];
>> String funcitonName=functionElt.getText();
>> str[0]=funcitonName;
>> String [] rmp1={str[0]};
>> for(int i=0;i<listElt.size();i++){
>> Element el=listElt.get(i);
>> str[i+1]=el.getText();
>> rmp[i]=el.getText();
>> }
>> ArrayList<Object[]>ra=new ArrayList<Object[]>();
>> ra.add(rmp1);
>> ra.add(rmp);
>> return ra;
>> }
>>
>> @Policies({
>> @Policy(uri = "classpath:/UsernamePasswordPolicy.xml",
>> placement = Policy.Placement.BINDING_OPERATION_INPUT)
>> })
>> // @Policies(
>> // @Policy(uri="classpath:/AlternativesPolicy.xml",
>> // placement = Policy.Placement.BINDING))
>> @WebMethod(operationName = "TestService")
>> public String TestService(String paramString) throws Exception{
>> Object returnValue = null;
>> String functionName="";
>> ArrayList<Object []>s = parseXml2(paramString);
>> functionName = s.get(0)[0].toString();
>> Class<?>[] mapValue = WStype.map.get(functionName);
>> Class cl=Class.forName("com.testws.dao.TestWebServiceSecurityDao");
>> Method m=cl.getDeclaredMethod(functionName, mapValue);
>> m.setAccessible(true);
>> Object[] newobject=getObject(s.get(1), mapValue);
>> m.invoke(cl.newInstance(), newobject);
>> return functionName;
>> }
>>
>> private Object[] getObject(Object[] ina, Class<?>[] type){
>> Object [] o = new Object[ina.length];
>> for(int i=0; i<ina.length; i++){
>> o[i]=WSConvert.convert(ina[i].toString(), type[i]);
>>
>> }
>> return o;
>> }
>>
>> }
>>
>>
>> package com.testws.dao;
>>
>> import org.springframework.stereotype.Repository;
>>
>> @Repository
>> public class TestWebServiceSecurityDao {
>>
>> public TestWebServiceSecurityDao(){}
>>
>> @SuppressWarnings("unused")
>> private String TestOrder(String userName, String type, String startNo, String endNo){
>> StringBuilder sb = new StringBuilder("<?xml version=\"1.0\" encoding=\"utf-8\" ?><Root function=\"TestOrder\" result=\"false\"><status str=\"error\" /></Root>");
>> System.out.println(sb);
>> return sb.toString();
>> }
>>
>> }
>>
>>
>> Testing code:
>> I use wsdl2java to get java code. And following is my testing code:
>>
>> package testws.test;
>>
>> import testws.com.Exception_Exception;
>> import testws.com.TestWebServiceSecurity;
>> import testws.com.TestWebServiceSecurity_Service;
>>
>> public class Test {
>> public static void main(String[] args) throws Exception_Exception {
>> TestWebServiceSecurity_Service tss = new TestWebServiceSecurity_Service();
>> TestWebServiceSecurity tws = tss.getTestWebServiceSecurityPort();
>> String param = "<root><function>TestOrder</function><params><param>1460</param><param>travel</param><param>travel</param><param>2012-11-30 11:59:57 +0000</param></params></root>";
>> System.out.println("18="+tws.testService(param));
>> }
>> }
>>
>>
>
>
RE: Simple questions about username token example
Posted by lv <lv...@live.cn>.
I copy following class to the sample project. Now I can see the error: org.apache.ws.security.WSSecurityException: An error was discovered processing the <wsse:Security> header
Client side [mobile users: IOS and Android ] send xml to web services. What's the contents of incoming data ?
package com.testws.callback;
import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSPasswordCallback;
public class WSDemoAuthHandler implements CallbackHandler {
private Map<String, String> passwords = new HashMap<String, String>();
public WSDemoAuthHandler() {
passwords.put("client", "admin");
}
public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];
String passwordText = WSConstants.PASSWORD_TEXT;
System.out.println("passwordText:" + passwordText);
System.out.println("WSClientAuthHandler client password:"
+ pc.getPassword());
String pass = passwords.get(pc.getIdentifier());
System.out.println("WSDemoAuthHandler server password:" + pass);
if (pass != null) {
pc.setPassword(pass);
}
}
}
}
> From: lv.123@live.cn
> To: users@cxf.apache.org
> Subject: RE: Simple questions about username token example
> Date: Tue, 19 Feb 2013 06:53:35 +0000
>
>
> Thank you. I create a sample project and it can publish wsdl with security.
> But after client side [mobile users] send string parameters, the security does not show any error. Web servers do not require username and password.
> What code snippet is missing?
> And what the incomming data format should client side sent? Should soap head be added?
>
>
> package com.testws.ws;
>
> import java.io.StringReader;
> import java.lang.reflect.Method;
> import java.util.ArrayList;
> import java.util.List;
> import javax.jws.WebMethod;
> import javax.jws.WebService;
> import javax.jws.soap.SOAPBinding;
> import org.jdom.Document;
> import org.jdom.Element;
> import org.jdom.input.SAXBuilder;
> import org.springframework.stereotype.Component;
> import org.xml.sax.InputSource;
> import com.testws.util.WSConvert;
> import com.testws.util.WStype;
> import org.apache.cxf.annotations.Policies;
> import org.apache.cxf.annotations.Policy;
> /*
> * http://localhost:8080/testWS/testWebServiceSecurity/TestWebServiceSecurity?WSDL
> * */
>
> @Component
> @WebService(name="testWebServiceSecurity",
> serviceName="testWebServiceSecurity",
> targetNamespace="http://com.testws"
> )
> @SOAPBinding(style = SOAPBinding.Style.DOCUMENT,
> use=SOAPBinding.Use.LITERAL,
> parameterStyle=SOAPBinding.ParameterStyle.WRAPPED
> )
> //@Policies(
> // @Policy(uri="classpath:/AlternativesPolicy.xml",
> // placement = Policy.Placement.BINDING))
>
> public class TestWebServiceSecurity{
>
> public TestWebServiceSecurity(){}
>
> private static ArrayList<Object[]> parseXml2(String paramString) throws Exception{
> StringReader read = new StringReader(paramString);
> InputSource source = new InputSource(read);
> SAXBuilder sb = new SAXBuilder();
> Document doc = sb.build(source);
> Element root = doc.getRootElement();
> Element functionElt=root.getChild("function");
> Element par=root.getChild("params");
> List<Element> listElt=par.getChildren();
> String str[]=new String[listElt.size()+1];
> String rmp [] =new String[listElt.size()];
> String funcitonName=functionElt.getText();
> str[0]=funcitonName;
> String [] rmp1={str[0]};
> for(int i=0;i<listElt.size();i++){
> Element el=listElt.get(i);
> str[i+1]=el.getText();
> rmp[i]=el.getText();
> }
> ArrayList<Object[]>ra=new ArrayList<Object[]>();
> ra.add(rmp1);
> ra.add(rmp);
> return ra;
> }
>
> @Policies({
> @Policy(uri = "classpath:/UsernamePasswordPolicy.xml",
> placement = Policy.Placement.BINDING_OPERATION_INPUT)
> })
> // @Policies(
> // @Policy(uri="classpath:/AlternativesPolicy.xml",
> // placement = Policy.Placement.BINDING))
> @WebMethod(operationName = "TestService")
> public String TestService(String paramString) throws Exception{
> Object returnValue = null;
> String functionName="";
> ArrayList<Object []>s = parseXml2(paramString);
> functionName = s.get(0)[0].toString();
> Class<?>[] mapValue = WStype.map.get(functionName);
> Class cl=Class.forName("com.testws.dao.TestWebServiceSecurityDao");
> Method m=cl.getDeclaredMethod(functionName, mapValue);
> m.setAccessible(true);
> Object[] newobject=getObject(s.get(1), mapValue);
> m.invoke(cl.newInstance(), newobject);
> return functionName;
> }
>
> private Object[] getObject(Object[] ina, Class<?>[] type){
> Object [] o = new Object[ina.length];
> for(int i=0; i<ina.length; i++){
> o[i]=WSConvert.convert(ina[i].toString(), type[i]);
>
> }
> return o;
> }
>
> }
>
>
> package com.testws.dao;
>
> import org.springframework.stereotype.Repository;
>
> @Repository
> public class TestWebServiceSecurityDao {
>
> public TestWebServiceSecurityDao(){}
>
> @SuppressWarnings("unused")
> private String TestOrder(String userName, String type, String startNo, String endNo){
> StringBuilder sb = new StringBuilder("<?xml version=\"1.0\" encoding=\"utf-8\" ?><Root function=\"TestOrder\" result=\"false\"><status str=\"error\" /></Root>");
> System.out.println(sb);
> return sb.toString();
> }
>
> }
>
>
> Testing code:
> I use wsdl2java to get java code. And following is my testing code:
>
> package testws.test;
>
> import testws.com.Exception_Exception;
> import testws.com.TestWebServiceSecurity;
> import testws.com.TestWebServiceSecurity_Service;
>
> public class Test {
> public static void main(String[] args) throws Exception_Exception {
> TestWebServiceSecurity_Service tss = new TestWebServiceSecurity_Service();
> TestWebServiceSecurity tws = tss.getTestWebServiceSecurityPort();
> String param = "<root><function>TestOrder</function><params><param>1460</param><param>travel</param><param>travel</param><param>2012-11-30 11:59:57 +0000</param></params></root>";
> System.out.println("18="+tws.testService(param));
> }
> }
>
>
RE: Simple questions about username token example
Posted by lv <lv...@live.cn>.
Thank you. I create a sample project and it can publish wsdl with security.
But after client side [mobile users] send string parameters, the security does not show any error. Web servers do not require username and password.
What code snippet is missing?
And what the incomming data format should client side sent? Should soap head be added?
package com.testws.ws;
import java.io.StringReader;
import java.lang.reflect.Method;
import java.util.ArrayList;
import java.util.List;
import javax.jws.WebMethod;
import javax.jws.WebService;
import javax.jws.soap.SOAPBinding;
import org.jdom.Document;
import org.jdom.Element;
import org.jdom.input.SAXBuilder;
import org.springframework.stereotype.Component;
import org.xml.sax.InputSource;
import com.testws.util.WSConvert;
import com.testws.util.WStype;
import org.apache.cxf.annotations.Policies;
import org.apache.cxf.annotations.Policy;
/*
* http://localhost:8080/testWS/testWebServiceSecurity/TestWebServiceSecurity?WSDL
* */
@Component
@WebService(name="testWebServiceSecurity",
serviceName="testWebServiceSecurity",
targetNamespace="http://com.testws"
)
@SOAPBinding(style = SOAPBinding.Style.DOCUMENT,
use=SOAPBinding.Use.LITERAL,
parameterStyle=SOAPBinding.ParameterStyle.WRAPPED
)
//@Policies(
// @Policy(uri="classpath:/AlternativesPolicy.xml",
// placement = Policy.Placement.BINDING))
public class TestWebServiceSecurity{
public TestWebServiceSecurity(){}
private static ArrayList<Object[]> parseXml2(String paramString) throws Exception{
StringReader read = new StringReader(paramString);
InputSource source = new InputSource(read);
SAXBuilder sb = new SAXBuilder();
Document doc = sb.build(source);
Element root = doc.getRootElement();
Element functionElt=root.getChild("function");
Element par=root.getChild("params");
List<Element> listElt=par.getChildren();
String str[]=new String[listElt.size()+1];
String rmp [] =new String[listElt.size()];
String funcitonName=functionElt.getText();
str[0]=funcitonName;
String [] rmp1={str[0]};
for(int i=0;i<listElt.size();i++){
Element el=listElt.get(i);
str[i+1]=el.getText();
rmp[i]=el.getText();
}
ArrayList<Object[]>ra=new ArrayList<Object[]>();
ra.add(rmp1);
ra.add(rmp);
return ra;
}
@Policies({
@Policy(uri = "classpath:/UsernamePasswordPolicy.xml",
placement = Policy.Placement.BINDING_OPERATION_INPUT)
})
// @Policies(
// @Policy(uri="classpath:/AlternativesPolicy.xml",
// placement = Policy.Placement.BINDING))
@WebMethod(operationName = "TestService")
public String TestService(String paramString) throws Exception{
Object returnValue = null;
String functionName="";
ArrayList<Object []>s = parseXml2(paramString);
functionName = s.get(0)[0].toString();
Class<?>[] mapValue = WStype.map.get(functionName);
Class cl=Class.forName("com.testws.dao.TestWebServiceSecurityDao");
Method m=cl.getDeclaredMethod(functionName, mapValue);
m.setAccessible(true);
Object[] newobject=getObject(s.get(1), mapValue);
m.invoke(cl.newInstance(), newobject);
return functionName;
}
private Object[] getObject(Object[] ina, Class<?>[] type){
Object [] o = new Object[ina.length];
for(int i=0; i<ina.length; i++){
o[i]=WSConvert.convert(ina[i].toString(), type[i]);
}
return o;
}
}
package com.testws.dao;
import org.springframework.stereotype.Repository;
@Repository
public class TestWebServiceSecurityDao {
public TestWebServiceSecurityDao(){}
@SuppressWarnings("unused")
private String TestOrder(String userName, String type, String startNo, String endNo){
StringBuilder sb = new StringBuilder("<?xml version=\"1.0\" encoding=\"utf-8\" ?><Root function=\"TestOrder\" result=\"false\"><status str=\"error\" /></Root>");
System.out.println(sb);
return sb.toString();
}
}
Testing code:
I use wsdl2java to get java code. And following is my testing code:
package testws.test;
import testws.com.Exception_Exception;
import testws.com.TestWebServiceSecurity;
import testws.com.TestWebServiceSecurity_Service;
public class Test {
public static void main(String[] args) throws Exception_Exception {
TestWebServiceSecurity_Service tss = new TestWebServiceSecurity_Service();
TestWebServiceSecurity tws = tss.getTestWebServiceSecurityPort();
String param = "<root><function>TestOrder</function><params><param>1460</param><param>travel</param><param>travel</param><param>2012-11-30 11:59:57 +0000</param></params></root>";
System.out.println("18="+tws.testService(param));
}
}
> Date: Tue, 19 Feb 2013 13:41:33 +1100
> Subject: Re: Simple questions about username token example
> From: jason@pellcorp.com
> To: users@cxf.apache.org
>
> It is difficult for me to say without seeing your project and test case.
>
> If you want to send me a sample project I am happy to have a look at
> it and provide some advice on what you need to do.
>
Re: Simple questions about username token example
Posted by Jason Pell <ja...@pellcorp.com>.
It is difficult for me to say without seeing your project and test case.
If you want to send me a sample project I am happy to have a look at
it and provide some advice on what you need to do.
On Tue, Feb 19, 2013 at 12:21 PM, lv <lv...@live.cn> wrote:
>
> Thank you again. I can see policy in WSDL.
>
> I have another question about client side. My client side is mobile users.
> After publishing WSDL, mobile users can send data (string) to my web services. The contents like follow: <params><param>1460</param><param>hotel</param></params>
>
> I just add following code and run the web project.
>
> @Component
> @WebService(name="appServiceSecurity",
> serviceName="appServiceSrcSecurity",
> targetNamespace="http://com.ws"
> )
> @SOAPBinding(style = SOAPBinding.Style.DOCUMENT,
> use=SOAPBinding.Use.LITERAL,
> parameterStyle=SOAPBinding.ParameterStyle.WRAPPED
> )
> @Policies(
> @Policy(uri="classpath:/AlternativesPolicy.xml",
> placement = Policy.Placement.BINDING))
>
> public class AppServiceSecurity{
> ..............}
>
> However, after mobile users send data to web services (no username, no password), the policy does not work. It does not shows policy exceptions.
> 1, If WSDL has policy, what data contents should mobile user send? Should soap headers be added?
> 2, If I create web services by java first method, what code should I added to obtain username and password from mobile client side?
>
RE: Simple questions about username token example
Posted by lv <lv...@live.cn>.
Thank you again. I can see policy in WSDL.
I have another question about client side. My client side is mobile users.
After publishing WSDL, mobile users can send data (string) to my web services. The contents like follow: <params><param>1460</param><param>hotel</param></params>
I just add following code and run the web project.
@Component
@WebService(name="appServiceSecurity",
serviceName="appServiceSrcSecurity",
targetNamespace="http://com.ws"
)
@SOAPBinding(style = SOAPBinding.Style.DOCUMENT,
use=SOAPBinding.Use.LITERAL,
parameterStyle=SOAPBinding.ParameterStyle.WRAPPED
)
@Policies(
@Policy(uri="classpath:/AlternativesPolicy.xml",
placement = Policy.Placement.BINDING))
public class AppServiceSecurity{
..............}
However, after mobile users send data to web services (no username, no password), the policy does not work. It does not shows policy exceptions.
1, If WSDL has policy, what data contents should mobile user send? Should soap headers be added?
2, If I create web services by java first method, what code should I added to obtain username and password from mobile client side?
Re: Simple questions about username token example
Posted by Jason Pell <ja...@pellcorp.com>.
You would need to add a repo to the pom file to refer to the apache
cxf snapshots.
I did not need to have that as I had already compiled cxf locally.
I updated the source to reference the snapshot repo
Give it a go now
The reason for the snapshots is because this project has been used to
test out some of the ws-policy features in cxf 2.7.4-snapshot.
On Mon, Feb 18, 2013 at 6:15 PM, lv <lv...@live.cn> wrote:
>
> Thank you.
> I run mvn compile, but I get errors:
>
> Failed to execute goal on project JavaFirst: Could not resolve dependenc
> ies for project com.pellcorp:JavaFirst:jar:0.1-SNAPSHOT: The following artifacts
> could not be resolved: org.apache.cxf:cxf-rt-frontend-jaxws:jar:2.7.4-SNAPSHOT,
> org.apache.cxf:cxf-rt-transports-http-jetty:jar:2.7.4-SNAPSHOT, org.apache.cxf:
> cxf-rt-ws-policy:jar:2.7.4-SNAPSHOT, org.apache.cxf:cxf-rt-ws-security:jar:2.7.4
> -SNAPSHOT: Could not find artifact org.apache.cxf:cxf-rt-frontend-jaxws:jar:2.7.
>
> How to fix these problems?
>
>
>> Date: Mon, 18 Feb 2013 14:28:47 +1100
>> Subject: RE: Simple questions about username token example
>> From: jason@pellcorp.com
>> To: users@cxf.apache.org
>>
>> There are a few in ws-security systests specifically for use with ws policy.
>>
>> I also have some here:
>>
>> https://github.com/pellcorp/cxf/tree/master/JavaFirst
>>
>> Sent from my Galaxy S2
>> On Feb 18, 2013 1:10 PM, "lv" <lv...@live.cn> wrote:
>>
>> >
>> > Thank you!
>> > Do you have example about web service security - username token which is
>> > done by java first?
>> >
>> > > Date: Sun, 17 Feb 2013 14:55:42 -0500
>> > > From: glen.mazza@gmail.com
>> > > To: users@cxf.apache.org
>> > > Subject: Re: Simple questions about username token example
>> > >
>> > > You can dynamically set the username and password for the client to use
>> > > following these examples:
>> > >
>> > http://stackoverflow.com/questions/5906154/apache-cxf-credentials-not-being-sent-from-wss4joutinterceptor
>> > >
>> > > This blog article may provide a more helpful UT example:
>> > > http://www.jroller.com/gmazza/entry/cxf_usernametoken_profile
>> > >
>> > > Glen
>> > >
>> > > On 02/17/2013 05:04 AM, lv wrote:
>> > > > I have created a web services from java first . I need to add web
>> > services security - username token.
>> > > > I find UsernameTokenRequest.xml in
>> > \apache-cxf-2.7.0-src\systests\ws-security\src\test\resources\org\apache\cxf\systest\ws\security\test-data
>> > > > This xml file contains:
>> > > > <wss:UsernameToken>
>> > > > <wss:Username>alice</wss:Username>
>> > > > <wss:Password Type="
>> > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest
>> > ">FPqPsaAp7hWASdknPsbfZxIoDVI=</wss:Password>
>> > > > <wss:Nonce EncodingType="
>> > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
>> > ">OJBNzEGDmTiD/lbeA+UDeg==</wss:Nonce>
>> > > > <wsu:Created xmlns:wsu="
>> > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
>> > ">2009-12-10T21:12:59.100Z</wsu:Created>
>> > > > </wss:UsernameToken>
>> > > >
>> > > > Does it mean only alice with correct password can login?
>> > > >
>> > > > If there are thousands of users need to provide username and password,
>> > how to write the xml file?
>> > > >
>> > > > Thanks.
>> > > >
>> > >
>> >
>
RE: Simple questions about username token example
Posted by lv <lv...@live.cn>.
Thank you.
I run mvn compile, but I get errors:
Failed to execute goal on project JavaFirst: Could not resolve dependenc
ies for project com.pellcorp:JavaFirst:jar:0.1-SNAPSHOT: The following artifacts
could not be resolved: org.apache.cxf:cxf-rt-frontend-jaxws:jar:2.7.4-SNAPSHOT,
org.apache.cxf:cxf-rt-transports-http-jetty:jar:2.7.4-SNAPSHOT, org.apache.cxf:
cxf-rt-ws-policy:jar:2.7.4-SNAPSHOT, org.apache.cxf:cxf-rt-ws-security:jar:2.7.4
-SNAPSHOT: Could not find artifact org.apache.cxf:cxf-rt-frontend-jaxws:jar:2.7.
How to fix these problems?
> Date: Mon, 18 Feb 2013 14:28:47 +1100
> Subject: RE: Simple questions about username token example
> From: jason@pellcorp.com
> To: users@cxf.apache.org
>
> There are a few in ws-security systests specifically for use with ws policy.
>
> I also have some here:
>
> https://github.com/pellcorp/cxf/tree/master/JavaFirst
>
> Sent from my Galaxy S2
> On Feb 18, 2013 1:10 PM, "lv" <lv...@live.cn> wrote:
>
> >
> > Thank you!
> > Do you have example about web service security - username token which is
> > done by java first?
> >
> > > Date: Sun, 17 Feb 2013 14:55:42 -0500
> > > From: glen.mazza@gmail.com
> > > To: users@cxf.apache.org
> > > Subject: Re: Simple questions about username token example
> > >
> > > You can dynamically set the username and password for the client to use
> > > following these examples:
> > >
> > http://stackoverflow.com/questions/5906154/apache-cxf-credentials-not-being-sent-from-wss4joutinterceptor
> > >
> > > This blog article may provide a more helpful UT example:
> > > http://www.jroller.com/gmazza/entry/cxf_usernametoken_profile
> > >
> > > Glen
> > >
> > > On 02/17/2013 05:04 AM, lv wrote:
> > > > I have created a web services from java first . I need to add web
> > services security - username token.
> > > > I find UsernameTokenRequest.xml in
> > \apache-cxf-2.7.0-src\systests\ws-security\src\test\resources\org\apache\cxf\systest\ws\security\test-data
> > > > This xml file contains:
> > > > <wss:UsernameToken>
> > > > <wss:Username>alice</wss:Username>
> > > > <wss:Password Type="
> > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest
> > ">FPqPsaAp7hWASdknPsbfZxIoDVI=</wss:Password>
> > > > <wss:Nonce EncodingType="
> > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
> > ">OJBNzEGDmTiD/lbeA+UDeg==</wss:Nonce>
> > > > <wsu:Created xmlns:wsu="
> > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> > ">2009-12-10T21:12:59.100Z</wsu:Created>
> > > > </wss:UsernameToken>
> > > >
> > > > Does it mean only alice with correct password can login?
> > > >
> > > > If there are thousands of users need to provide username and password,
> > how to write the xml file?
> > > >
> > > > Thanks.
> > > >
> > >
> >
RE: Simple questions about username token example
Posted by Jason Pell <ja...@pellcorp.com>.
There are a few in ws-security systests specifically for use with ws policy.
I also have some here:
https://github.com/pellcorp/cxf/tree/master/JavaFirst
Sent from my Galaxy S2
On Feb 18, 2013 1:10 PM, "lv" <lv...@live.cn> wrote:
>
> Thank you!
> Do you have example about web service security - username token which is
> done by java first?
>
> > Date: Sun, 17 Feb 2013 14:55:42 -0500
> > From: glen.mazza@gmail.com
> > To: users@cxf.apache.org
> > Subject: Re: Simple questions about username token example
> >
> > You can dynamically set the username and password for the client to use
> > following these examples:
> >
> http://stackoverflow.com/questions/5906154/apache-cxf-credentials-not-being-sent-from-wss4joutinterceptor
> >
> > This blog article may provide a more helpful UT example:
> > http://www.jroller.com/gmazza/entry/cxf_usernametoken_profile
> >
> > Glen
> >
> > On 02/17/2013 05:04 AM, lv wrote:
> > > I have created a web services from java first . I need to add web
> services security - username token.
> > > I find UsernameTokenRequest.xml in
> \apache-cxf-2.7.0-src\systests\ws-security\src\test\resources\org\apache\cxf\systest\ws\security\test-data
> > > This xml file contains:
> > > <wss:UsernameToken>
> > > <wss:Username>alice</wss:Username>
> > > <wss:Password Type="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest
> ">FPqPsaAp7hWASdknPsbfZxIoDVI=</wss:Password>
> > > <wss:Nonce EncodingType="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
> ">OJBNzEGDmTiD/lbeA+UDeg==</wss:Nonce>
> > > <wsu:Created xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> ">2009-12-10T21:12:59.100Z</wsu:Created>
> > > </wss:UsernameToken>
> > >
> > > Does it mean only alice with correct password can login?
> > >
> > > If there are thousands of users need to provide username and password,
> how to write the xml file?
> > >
> > > Thanks.
> > >
> >
>
RE: Simple questions about username token example
Posted by lv <lv...@live.cn>.
Thank you!
Do you have example about web service security - username token which is done by java first?
> Date: Sun, 17 Feb 2013 14:55:42 -0500
> From: glen.mazza@gmail.com
> To: users@cxf.apache.org
> Subject: Re: Simple questions about username token example
>
> You can dynamically set the username and password for the client to use
> following these examples:
> http://stackoverflow.com/questions/5906154/apache-cxf-credentials-not-being-sent-from-wss4joutinterceptor
>
> This blog article may provide a more helpful UT example:
> http://www.jroller.com/gmazza/entry/cxf_usernametoken_profile
>
> Glen
>
> On 02/17/2013 05:04 AM, lv wrote:
> > I have created a web services from java first . I need to add web services security - username token.
> > I find UsernameTokenRequest.xml in \apache-cxf-2.7.0-src\systests\ws-security\src\test\resources\org\apache\cxf\systest\ws\security\test-data
> > This xml file contains:
> > <wss:UsernameToken>
> > <wss:Username>alice</wss:Username>
> > <wss:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">FPqPsaAp7hWASdknPsbfZxIoDVI=</wss:Password>
> > <wss:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">OJBNzEGDmTiD/lbeA+UDeg==</wss:Nonce>
> > <wsu:Created xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2009-12-10T21:12:59.100Z</wsu:Created>
> > </wss:UsernameToken>
> >
> > Does it mean only alice with correct password can login?
> >
> > If there are thousands of users need to provide username and password, how to write the xml file?
> >
> > Thanks.
> >
>
Re: Simple questions about username token example
Posted by Glen Mazza <gl...@gmail.com>.
You can dynamically set the username and password for the client to use
following these examples:
http://stackoverflow.com/questions/5906154/apache-cxf-credentials-not-being-sent-from-wss4joutinterceptor
This blog article may provide a more helpful UT example:
http://www.jroller.com/gmazza/entry/cxf_usernametoken_profile
Glen
On 02/17/2013 05:04 AM, lv wrote:
> I have created a web services from java first . I need to add web services security - username token.
> I find UsernameTokenRequest.xml in \apache-cxf-2.7.0-src\systests\ws-security\src\test\resources\org\apache\cxf\systest\ws\security\test-data
> This xml file contains:
> <wss:UsernameToken>
> <wss:Username>alice</wss:Username>
> <wss:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">FPqPsaAp7hWASdknPsbfZxIoDVI=</wss:Password>
> <wss:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">OJBNzEGDmTiD/lbeA+UDeg==</wss:Nonce>
> <wsu:Created xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2009-12-10T21:12:59.100Z</wsu:Created>
> </wss:UsernameToken>
>
> Does it mean only alice with correct password can login?
>
> If there are thousands of users need to provide username and password, how to write the xml file?
>
> Thanks.
>