You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cxf.apache.org by "rahul.soa" <ra...@googlemail.com> on 2009/05/29 01:01:24 UTC
[WS-Security] JAXWS webservice client without using cxf specific apis
Hello Devs,
I am new for ws-security and working towards my gsoc project (aim is to
enable CXF/axis2 ws-security support in Apache geronimo). I am working for
CXF first and have build geronimo with CXF ws-security jar files.
So I need a jaxws web service client sample to access my secure web service
deployed on tomcat.
I have developed a working version of client (invoking a secure web service
with UserToken) using some cxf specific apis, the code is given below
Is there any way if I can develop the jaxws client with ws-security support
without using cxf specific apis like org.apache.cxf.endpoint.Client and
org.apache.cxf.frontend.ClientProxy etc? (as I want to integrate only
ws-security jars in CXF)
Is there any sample code available for the same?
//quote
package demo.order.client;
import java.net.URL;
import java.util.HashMap;
import java.util.Map;
import javax.xml.namespace.QName;
import javax.xml.ws.Service;
import org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor;
import org.apache.cxf.endpoint.Endpoint;
import org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.handler.WSHandlerConstants;
import org.apache.cxf.endpoint.Client;
import org.apache.cxf.frontend.ClientProxy;
import demo.order.Order;
import demo.order.OrderProcess;
public class CL {
public CL() {
}
public static void main(String args[]) throws Exception {
Service service=Service.create(new URL("
http://localhost:8095/orderapp/OrderProcess?wsdl"), new QName("
http://order.demo/", "OrderProcessImplService"));
OrderProcess hw = service.getPort(OrderProcess.class);
Client client = ClientProxy.getClient(hw);
Map outProps = new HashMap();
outProps.put(WSHandlerConstants.ACTION,WSHandlerConstants.USERNAME_TOKEN);
outProps.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT);
outProps.put(WSHandlerConstants.USER, "ws-client");
outProps.put(WSHandlerConstants.PW_CALLBACK_CLASS,
ClientPasswordCallback.class.getName());
WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(outProps);
Endpoint endPoint = client.getEndpoint();
endPoint.getOutInterceptors().add(wssOut);
endPoint.getOutInterceptors().add(new SAAJOutInterceptor());
Order order = new Order();
System.out.println(hw.processOrder(order));
}
}
//unquote
I am trying the following code but it gives me a SOAPFaultException,
//quote
public static void main(String args[]) throws Exception
{
Service service=Service.create(new URL("
http://localhost:8095/orderapp/OrderProcess?wsdl"), new QName("
http://order.demo/", "OrderProcessImplService"));
OrderProcess hw = service.getPort(OrderProcess.class);
Map outProps = new HashMap();
outProps.put(WSHandlerConstants.ACTION,WSHandlerConstants.USERNAME_TOKEN);
outProps.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT);
((BindingProvider)hw).getRequestContext().put(BindingProvider.USERNAME_PROPERTY,
"ws-client");
((BindingProvider)hw).getRequestContext().put(BindingProvider.PASSWORD_PROPERTY,
"password");
((BindingProvider)hw).getRequestContext().put(WSHandlerConstants.ACTION,WSHandlerConstants.USERNAME_TOKEN);
((BindingProvider)hw).getRequestContext().put(WSHandlerConstants.PASSWORD_TYPE,
WSConstants.PW_TEXT);
Order order = new Order();
System.out.println(hw.processOrder(order));
}
//unquote
Exception:
Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: An error
was discovered processing the <wsse:Security> header
at
org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:145)
at $Proxy34.processOrder(Unknown Source)
at demo.order.client.CL.main(CL.java:74)
Caused by: org.apache.cxf.binding.soap.SoapFault: An error was discovered
processing the <wsse:Security> header
at
org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.unmarshalFault(Soap11FaultInInterceptor.java:75)
at
org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:46)
at
org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:35)
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:226)
at
org.apache.cxf.interceptor.AbstractFaultChainInitiatorObserver.onMessage(AbstractFaultChainInitiatorObserver.java:96)
at
org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:69)
at
org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:34)
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:226)
at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:641)
at
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:2131)
at
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:2010)
at
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1935)
at
org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:66)
at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:626)
at
org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:226)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:469)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:299)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:251)
at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73)
at
org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:124)
... 2 more
Can anyone correct me? Am I missing something?
Thanks in advance for your help.
Regards,
Rahul
Re: [WS-Security] JAXWS webservice client without using cxf specific
apis
Posted by "rahul.soa" <ra...@googlemail.com>.
Hello Alessio/Dan,
Many Thanks for your reply.
I am stick with the cxf specific apis for now. So I have pulled the required
jars in geronimo for ws-security support. I also tested the basic
ws-security support (CXF/jetty) and it works. I will submit a patch soon on
this.
Thanks to Jarek for his constant help.
Best Regards,
Rahul
On Fri, May 29, 2009 at 7:48 PM, Daniel Kulp <dk...@apache.org> wrote:
>
>
> I really don't think there is a way as JAX-WS doesn't specify anything
> related
> to WS-Security.
>
>
> That said, I would really suggest not going the WSS4JIn/OutInterceptor
> route
> and go the WS-SecurityPolicy route. Things are a LOT simpler from a
> coding/config standpoint then. There ARE properties that can be set on
> the
> request context for stuff needed by the security policy engine.
>
> Dan
>
>
> On Thu May 28 2009 7:01:24 pm rahul.soa wrote:
> > Hello Devs,
> >
> > I am new for ws-security and working towards my gsoc project (aim is to
> > enable CXF/axis2 ws-security support in Apache geronimo). I am working
> for
> > CXF first and have build geronimo with CXF ws-security jar files.
> >
> > So I need a jaxws web service client sample to access my secure web
> service
> > deployed on tomcat.
> >
> > I have developed a working version of client (invoking a secure web
> service
> > with UserToken) using some cxf specific apis, the code is given below
> >
> > Is there any way if I can develop the jaxws client with ws-security
> support
> > without using cxf specific apis like org.apache.cxf.endpoint.Client and
> > org.apache.cxf.frontend.ClientProxy etc? (as I want to integrate only
> > ws-security jars in CXF)
> >
> > Is there any sample code available for the same?
> >
> > //quote
> >
> > package demo.order.client;
> >
> > import java.net.URL;
> > import java.util.HashMap;
> > import java.util.Map;
> >
> > import javax.xml.namespace.QName;
> > import javax.xml.ws.Service;
> > import org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor;
> > import org.apache.cxf.endpoint.Endpoint;
> > import org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor;
> > import org.apache.ws.security.WSConstants;
> > import org.apache.ws.security.handler.WSHandlerConstants;
> > import org.apache.cxf.endpoint.Client;
> > import org.apache.cxf.frontend.ClientProxy;
> >
> > import demo.order.Order;
> > import demo.order.OrderProcess;
> >
> > public class CL {
> >
> > public CL() {
> > }
> >
> > public static void main(String args[]) throws Exception {
> > Service service=Service.create(new URL("
> > http://localhost:8095/orderapp/OrderProcess?wsdl"), new QName("
> > http://order.demo/", "OrderProcessImplService"));
> > OrderProcess hw = service.getPort(OrderProcess.class);
> >
> > Client client = ClientProxy.getClient(hw);
> >
> > Map outProps = new HashMap();
> >
> >
> outProps.put(WSHandlerConstants.ACTION,WSHandlerConstants.USERNAME_TOKEN);
> > outProps.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT);
> > outProps.put(WSHandlerConstants.USER, "ws-client");
> > outProps.put(WSHandlerConstants.PW_CALLBACK_CLASS,
> > ClientPasswordCallback.class.getName());
> >
> >
> > WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(outProps);
> > Endpoint endPoint = client.getEndpoint();
> > endPoint.getOutInterceptors().add(wssOut);
> > endPoint.getOutInterceptors().add(new SAAJOutInterceptor());
> >
> > Order order = new Order();
> > System.out.println(hw.processOrder(order));
> >
> > }
> >
> > }
> >
> > //unquote
> >
> >
> > I am trying the following code but it gives me a SOAPFaultException,
> >
> >
> > //quote
> >
> > public static void main(String args[]) throws Exception
> > {
> > Service service=Service.create(new URL("
> > http://localhost:8095/orderapp/OrderProcess?wsdl"), new QName("
> > http://order.demo/", "OrderProcessImplService"));
> > OrderProcess hw = service.getPort(OrderProcess.class);
> >
> > Map outProps = new HashMap();
> >
> >
> outProps.put(WSHandlerConstants.ACTION,WSHandlerConstants.USERNAME_TOKEN);
> > outProps.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT);
> >
> >
> ((BindingProvider)hw).getRequestContext().put(BindingProvider.USERNAME_PROP
> >ERTY, "ws-client");
> >
> ((BindingProvider)hw).getRequestContext().put(BindingProvider.PASSWORD_PROP
> >ERTY, "password");
> >
> ((BindingProvider)hw).getRequestContext().put(WSHandlerConstants.ACTION,WSH
> >andlerConstants.USERNAME_TOKEN);
> >
> ((BindingProvider)hw).getRequestContext().put(WSHandlerConstants.PASSWORD_T
> >YPE, WSConstants.PW_TEXT);
> >
> > Order order = new Order();
> > System.out.println(hw.processOrder(order));
> >
> > }
> >
> > //unquote
> >
> > Exception:
> >
> > Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: An error
> > was discovered processing the <wsse:Security> header
> > at
> > org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:145)
> > at $Proxy34.processOrder(Unknown Source)
> > at demo.order.client.CL.main(CL.java:74)
> > Caused by: org.apache.cxf.binding.soap.SoapFault: An error was discovered
> > processing the <wsse:Security> header
> > at
> >
> org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.unmarshalF
> >ault(Soap11FaultInInterceptor.java:75) at
> >
> org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMess
> >age(Soap11FaultInInterceptor.java:46) at
> >
> org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMess
> >age(Soap11FaultInInterceptor.java:35) at
> >
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChai
> >n.java:226) at
> >
> org.apache.cxf.interceptor.AbstractFaultChainInitiatorObserver.onMessage(Ab
> >stractFaultChainInitiatorObserver.java:96) at
> >
> org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage
> >(CheckFaultInterceptor.java:69) at
> >
> org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage
> >(CheckFaultInterceptor.java:34) at
> >
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChai
> >n.java:226) at
> > org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:641) at
> >
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleRespons
> >eInternal(HTTPConduit.java:2131) at
> >
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleRespons
> >e(HTTPConduit.java:2010) at
> >
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPCon
> >duit.java:1935) at
> > org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:66)
> > at
> > org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:626) at
> >
> org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInte
> >rceptor.handleMessage(MessageSenderInterceptor.java:62) at
> >
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChai
> >n.java:226) at
> > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:469) at
> > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:299) at
> > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:251) at
> > org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73) at
> > org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:124)
> > ... 2 more
> >
> >
> >
> >
> >
> > Can anyone correct me? Am I missing something?
> >
> > Thanks in advance for your help.
> >
> > Regards,
> > Rahul
>
> --
> Daniel Kulp
> dkulp@apache.org
> http://www.dankulp.com/blog
>
Re: [WS-Security] JAXWS webservice client without using cxf specific
apis
Posted by "rahul.soa" <ra...@googlemail.com>.
Hello Alessio/Dan,
Many Thanks for your reply.
I am stick with the cxf specific apis for now. So I have pulled the required
jars in geronimo for ws-security support. I also tested the basic
ws-security support (CXF/jetty) and it works. I will submit a patch soon on
this.
Thanks to Jarek for his constant help.
Best Regards,
Rahul
On Fri, May 29, 2009 at 7:48 PM, Daniel Kulp <dk...@apache.org> wrote:
>
>
> I really don't think there is a way as JAX-WS doesn't specify anything
> related
> to WS-Security.
>
>
> That said, I would really suggest not going the WSS4JIn/OutInterceptor
> route
> and go the WS-SecurityPolicy route. Things are a LOT simpler from a
> coding/config standpoint then. There ARE properties that can be set on
> the
> request context for stuff needed by the security policy engine.
>
> Dan
>
>
> On Thu May 28 2009 7:01:24 pm rahul.soa wrote:
> > Hello Devs,
> >
> > I am new for ws-security and working towards my gsoc project (aim is to
> > enable CXF/axis2 ws-security support in Apache geronimo). I am working
> for
> > CXF first and have build geronimo with CXF ws-security jar files.
> >
> > So I need a jaxws web service client sample to access my secure web
> service
> > deployed on tomcat.
> >
> > I have developed a working version of client (invoking a secure web
> service
> > with UserToken) using some cxf specific apis, the code is given below
> >
> > Is there any way if I can develop the jaxws client with ws-security
> support
> > without using cxf specific apis like org.apache.cxf.endpoint.Client and
> > org.apache.cxf.frontend.ClientProxy etc? (as I want to integrate only
> > ws-security jars in CXF)
> >
> > Is there any sample code available for the same?
> >
> > //quote
> >
> > package demo.order.client;
> >
> > import java.net.URL;
> > import java.util.HashMap;
> > import java.util.Map;
> >
> > import javax.xml.namespace.QName;
> > import javax.xml.ws.Service;
> > import org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor;
> > import org.apache.cxf.endpoint.Endpoint;
> > import org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor;
> > import org.apache.ws.security.WSConstants;
> > import org.apache.ws.security.handler.WSHandlerConstants;
> > import org.apache.cxf.endpoint.Client;
> > import org.apache.cxf.frontend.ClientProxy;
> >
> > import demo.order.Order;
> > import demo.order.OrderProcess;
> >
> > public class CL {
> >
> > public CL() {
> > }
> >
> > public static void main(String args[]) throws Exception {
> > Service service=Service.create(new URL("
> > http://localhost:8095/orderapp/OrderProcess?wsdl"), new QName("
> > http://order.demo/", "OrderProcessImplService"));
> > OrderProcess hw = service.getPort(OrderProcess.class);
> >
> > Client client = ClientProxy.getClient(hw);
> >
> > Map outProps = new HashMap();
> >
> >
> outProps.put(WSHandlerConstants.ACTION,WSHandlerConstants.USERNAME_TOKEN);
> > outProps.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT);
> > outProps.put(WSHandlerConstants.USER, "ws-client");
> > outProps.put(WSHandlerConstants.PW_CALLBACK_CLASS,
> > ClientPasswordCallback.class.getName());
> >
> >
> > WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(outProps);
> > Endpoint endPoint = client.getEndpoint();
> > endPoint.getOutInterceptors().add(wssOut);
> > endPoint.getOutInterceptors().add(new SAAJOutInterceptor());
> >
> > Order order = new Order();
> > System.out.println(hw.processOrder(order));
> >
> > }
> >
> > }
> >
> > //unquote
> >
> >
> > I am trying the following code but it gives me a SOAPFaultException,
> >
> >
> > //quote
> >
> > public static void main(String args[]) throws Exception
> > {
> > Service service=Service.create(new URL("
> > http://localhost:8095/orderapp/OrderProcess?wsdl"), new QName("
> > http://order.demo/", "OrderProcessImplService"));
> > OrderProcess hw = service.getPort(OrderProcess.class);
> >
> > Map outProps = new HashMap();
> >
> >
> outProps.put(WSHandlerConstants.ACTION,WSHandlerConstants.USERNAME_TOKEN);
> > outProps.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT);
> >
> >
> ((BindingProvider)hw).getRequestContext().put(BindingProvider.USERNAME_PROP
> >ERTY, "ws-client");
> >
> ((BindingProvider)hw).getRequestContext().put(BindingProvider.PASSWORD_PROP
> >ERTY, "password");
> >
> ((BindingProvider)hw).getRequestContext().put(WSHandlerConstants.ACTION,WSH
> >andlerConstants.USERNAME_TOKEN);
> >
> ((BindingProvider)hw).getRequestContext().put(WSHandlerConstants.PASSWORD_T
> >YPE, WSConstants.PW_TEXT);
> >
> > Order order = new Order();
> > System.out.println(hw.processOrder(order));
> >
> > }
> >
> > //unquote
> >
> > Exception:
> >
> > Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: An error
> > was discovered processing the <wsse:Security> header
> > at
> > org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:145)
> > at $Proxy34.processOrder(Unknown Source)
> > at demo.order.client.CL.main(CL.java:74)
> > Caused by: org.apache.cxf.binding.soap.SoapFault: An error was discovered
> > processing the <wsse:Security> header
> > at
> >
> org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.unmarshalF
> >ault(Soap11FaultInInterceptor.java:75) at
> >
> org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMess
> >age(Soap11FaultInInterceptor.java:46) at
> >
> org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMess
> >age(Soap11FaultInInterceptor.java:35) at
> >
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChai
> >n.java:226) at
> >
> org.apache.cxf.interceptor.AbstractFaultChainInitiatorObserver.onMessage(Ab
> >stractFaultChainInitiatorObserver.java:96) at
> >
> org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage
> >(CheckFaultInterceptor.java:69) at
> >
> org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage
> >(CheckFaultInterceptor.java:34) at
> >
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChai
> >n.java:226) at
> > org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:641) at
> >
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleRespons
> >eInternal(HTTPConduit.java:2131) at
> >
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleRespons
> >e(HTTPConduit.java:2010) at
> >
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPCon
> >duit.java:1935) at
> > org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:66)
> > at
> > org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:626) at
> >
> org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInte
> >rceptor.handleMessage(MessageSenderInterceptor.java:62) at
> >
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChai
> >n.java:226) at
> > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:469) at
> > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:299) at
> > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:251) at
> > org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73) at
> > org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:124)
> > ... 2 more
> >
> >
> >
> >
> >
> > Can anyone correct me? Am I missing something?
> >
> > Thanks in advance for your help.
> >
> > Regards,
> > Rahul
>
> --
> Daniel Kulp
> dkulp@apache.org
> http://www.dankulp.com/blog
>
Re: [WS-Security] JAXWS webservice client without using cxf specific apis
Posted by Daniel Kulp <dk...@apache.org>.
I really don't think there is a way as JAX-WS doesn't specify anything related
to WS-Security.
That said, I would really suggest not going the WSS4JIn/OutInterceptor route
and go the WS-SecurityPolicy route. Things are a LOT simpler from a
coding/config standpoint then. There ARE properties that can be set on the
request context for stuff needed by the security policy engine.
Dan
On Thu May 28 2009 7:01:24 pm rahul.soa wrote:
> Hello Devs,
>
> I am new for ws-security and working towards my gsoc project (aim is to
> enable CXF/axis2 ws-security support in Apache geronimo). I am working for
> CXF first and have build geronimo with CXF ws-security jar files.
>
> So I need a jaxws web service client sample to access my secure web service
> deployed on tomcat.
>
> I have developed a working version of client (invoking a secure web service
> with UserToken) using some cxf specific apis, the code is given below
>
> Is there any way if I can develop the jaxws client with ws-security support
> without using cxf specific apis like org.apache.cxf.endpoint.Client and
> org.apache.cxf.frontend.ClientProxy etc? (as I want to integrate only
> ws-security jars in CXF)
>
> Is there any sample code available for the same?
>
> //quote
>
> package demo.order.client;
>
> import java.net.URL;
> import java.util.HashMap;
> import java.util.Map;
>
> import javax.xml.namespace.QName;
> import javax.xml.ws.Service;
> import org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor;
> import org.apache.cxf.endpoint.Endpoint;
> import org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor;
> import org.apache.ws.security.WSConstants;
> import org.apache.ws.security.handler.WSHandlerConstants;
> import org.apache.cxf.endpoint.Client;
> import org.apache.cxf.frontend.ClientProxy;
>
> import demo.order.Order;
> import demo.order.OrderProcess;
>
> public class CL {
>
> public CL() {
> }
>
> public static void main(String args[]) throws Exception {
> Service service=Service.create(new URL("
> http://localhost:8095/orderapp/OrderProcess?wsdl"), new QName("
> http://order.demo/", "OrderProcessImplService"));
> OrderProcess hw = service.getPort(OrderProcess.class);
>
> Client client = ClientProxy.getClient(hw);
>
> Map outProps = new HashMap();
>
> outProps.put(WSHandlerConstants.ACTION,WSHandlerConstants.USERNAME_TOKEN);
> outProps.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT);
> outProps.put(WSHandlerConstants.USER, "ws-client");
> outProps.put(WSHandlerConstants.PW_CALLBACK_CLASS,
> ClientPasswordCallback.class.getName());
>
>
> WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(outProps);
> Endpoint endPoint = client.getEndpoint();
> endPoint.getOutInterceptors().add(wssOut);
> endPoint.getOutInterceptors().add(new SAAJOutInterceptor());
>
> Order order = new Order();
> System.out.println(hw.processOrder(order));
>
> }
>
> }
>
> //unquote
>
>
> I am trying the following code but it gives me a SOAPFaultException,
>
>
> //quote
>
> public static void main(String args[]) throws Exception
> {
> Service service=Service.create(new URL("
> http://localhost:8095/orderapp/OrderProcess?wsdl"), new QName("
> http://order.demo/", "OrderProcessImplService"));
> OrderProcess hw = service.getPort(OrderProcess.class);
>
> Map outProps = new HashMap();
>
> outProps.put(WSHandlerConstants.ACTION,WSHandlerConstants.USERNAME_TOKEN);
> outProps.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT);
>
> ((BindingProvider)hw).getRequestContext().put(BindingProvider.USERNAME_PROP
>ERTY, "ws-client");
> ((BindingProvider)hw).getRequestContext().put(BindingProvider.PASSWORD_PROP
>ERTY, "password");
> ((BindingProvider)hw).getRequestContext().put(WSHandlerConstants.ACTION,WSH
>andlerConstants.USERNAME_TOKEN);
> ((BindingProvider)hw).getRequestContext().put(WSHandlerConstants.PASSWORD_T
>YPE, WSConstants.PW_TEXT);
>
> Order order = new Order();
> System.out.println(hw.processOrder(order));
>
> }
>
> //unquote
>
> Exception:
>
> Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: An error
> was discovered processing the <wsse:Security> header
> at
> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:145)
> at $Proxy34.processOrder(Unknown Source)
> at demo.order.client.CL.main(CL.java:74)
> Caused by: org.apache.cxf.binding.soap.SoapFault: An error was discovered
> processing the <wsse:Security> header
> at
> org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.unmarshalF
>ault(Soap11FaultInInterceptor.java:75) at
> org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMess
>age(Soap11FaultInInterceptor.java:46) at
> org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMess
>age(Soap11FaultInInterceptor.java:35) at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChai
>n.java:226) at
> org.apache.cxf.interceptor.AbstractFaultChainInitiatorObserver.onMessage(Ab
>stractFaultChainInitiatorObserver.java:96) at
> org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage
>(CheckFaultInterceptor.java:69) at
> org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage
>(CheckFaultInterceptor.java:34) at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChai
>n.java:226) at
> org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:641) at
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleRespons
>eInternal(HTTPConduit.java:2131) at
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleRespons
>e(HTTPConduit.java:2010) at
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPCon
>duit.java:1935) at
> org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:66)
> at
> org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:626) at
> org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInte
>rceptor.handleMessage(MessageSenderInterceptor.java:62) at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChai
>n.java:226) at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:469) at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:299) at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:251) at
> org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73) at
> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:124)
> ... 2 more
>
>
>
>
>
> Can anyone correct me? Am I missing something?
>
> Thanks in advance for your help.
>
> Regards,
> Rahul
--
Daniel Kulp
dkulp@apache.org
http://www.dankulp.com/blog
Re: [WS-Security] JAXWS webservice client without using cxf specific
apis
Posted by Alessio Soldano <as...@redhat.com>.
Hi Rahul,
rahul.soa wrote:
> Is there any way if I can develop the jaxws client with ws-security support
> without using cxf specific apis like org.apache.cxf.endpoint.Client and
> org.apache.cxf.frontend.ClientProxy etc? (as I want to integrate only
> ws-security jars in CXF)
>
You could try defining a custom bus in an xml descriptor and specifying
the security configuration there (using jaxws:client). Then you load
your bus in the code. Never tried setting the client for ws-security
with username token this way personally, but I believe it works.
Otherwise you might switch the server on using WS-Security Policy, so
that the configuration on client side is driven by the policies and you
don't have to manually install interceptors using the API:
http://cwiki.apache.org/CXF20DOC/ws-securitypolicy.html
> Is there any sample code available for the same?
>
The bus specified can be loaded doing something like:
SpringBusFactory busFactory = new SpringBusFactory();
URL cxfConfig = getResourceURL("jaxws/cxf/interop/wstrust10/META-INF/" +
scenario + "-client-config.xml");
bus = busFactory.createBus(cxfConfig);
BusFactory.setDefaultBus(bus);
Speaking of WS-Security Policy, instead, I've done that on top of JBoss,
but it should basically work independently, it's a standard client after
all:
http://anonsvn.jboss.org/repos/jbossws/stack/cxf/trunk/modules/testsuite/cxf-tests/src/test/java/org/jboss/test/ws/jaxws/samples/wssePolicy/UsernameTestCase.java
> I am trying the following code but it gives me a SOAPFaultException,
>
>
> //quote
>
> public static void main(String args[]) throws Exception
> {
> Service service=Service.create(new URL("
> http://localhost:8095/orderapp/OrderProcess?wsdl"), new QName("
> http://order.demo/", "OrderProcessImplService"));
> OrderProcess hw = service.getPort(OrderProcess.class);
>
> Map outProps = new HashMap();
>
> outProps.put(WSHandlerConstants.ACTION,WSHandlerConstants.USERNAME_TOKEN);
> outProps.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT);
>
> ((BindingProvider)hw).getRequestContext().put(BindingProvider.USERNAME_PROPERTY,
> "ws-client");
> ((BindingProvider)hw).getRequestContext().put(BindingProvider.PASSWORD_PROPERTY,
> "password");
> ((BindingProvider)hw).getRequestContext().put(WSHandlerConstants.ACTION,WSHandlerConstants.USERNAME_TOKEN);
> ((BindingProvider)hw).getRequestContext().put(WSHandlerConstants.PASSWORD_TYPE,
> WSConstants.PW_TEXT);
>
> Order order = new Order();
> System.out.println(hw.processOrder(order));
>
> }
>
> //unquote
>
> Exception:
>
> Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: An error
> was discovered processing the <wsse:Security> header
> at
> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:145)
> at $Proxy34.processOrder(Unknown Source)
> at demo.order.client.CL.main(CL.java:74)
> Caused by: org.apache.cxf.binding.soap.SoapFault: An error was discovered
> processing the <wsse:Security> header
> a
I think you get this simply because the security interceptors are not
installed.
Cheers
Alessio
--
Alessio Soldano
Web Service Lead
JBoss, a division of Red Hat
Re: [WS-Security] JAXWS webservice client without using cxf specific apis
Posted by Daniel Kulp <dk...@apache.org>.
I really don't think there is a way as JAX-WS doesn't specify anything related
to WS-Security.
That said, I would really suggest not going the WSS4JIn/OutInterceptor route
and go the WS-SecurityPolicy route. Things are a LOT simpler from a
coding/config standpoint then. There ARE properties that can be set on the
request context for stuff needed by the security policy engine.
Dan
On Thu May 28 2009 7:01:24 pm rahul.soa wrote:
> Hello Devs,
>
> I am new for ws-security and working towards my gsoc project (aim is to
> enable CXF/axis2 ws-security support in Apache geronimo). I am working for
> CXF first and have build geronimo with CXF ws-security jar files.
>
> So I need a jaxws web service client sample to access my secure web service
> deployed on tomcat.
>
> I have developed a working version of client (invoking a secure web service
> with UserToken) using some cxf specific apis, the code is given below
>
> Is there any way if I can develop the jaxws client with ws-security support
> without using cxf specific apis like org.apache.cxf.endpoint.Client and
> org.apache.cxf.frontend.ClientProxy etc? (as I want to integrate only
> ws-security jars in CXF)
>
> Is there any sample code available for the same?
>
> //quote
>
> package demo.order.client;
>
> import java.net.URL;
> import java.util.HashMap;
> import java.util.Map;
>
> import javax.xml.namespace.QName;
> import javax.xml.ws.Service;
> import org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor;
> import org.apache.cxf.endpoint.Endpoint;
> import org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor;
> import org.apache.ws.security.WSConstants;
> import org.apache.ws.security.handler.WSHandlerConstants;
> import org.apache.cxf.endpoint.Client;
> import org.apache.cxf.frontend.ClientProxy;
>
> import demo.order.Order;
> import demo.order.OrderProcess;
>
> public class CL {
>
> public CL() {
> }
>
> public static void main(String args[]) throws Exception {
> Service service=Service.create(new URL("
> http://localhost:8095/orderapp/OrderProcess?wsdl"), new QName("
> http://order.demo/", "OrderProcessImplService"));
> OrderProcess hw = service.getPort(OrderProcess.class);
>
> Client client = ClientProxy.getClient(hw);
>
> Map outProps = new HashMap();
>
> outProps.put(WSHandlerConstants.ACTION,WSHandlerConstants.USERNAME_TOKEN);
> outProps.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT);
> outProps.put(WSHandlerConstants.USER, "ws-client");
> outProps.put(WSHandlerConstants.PW_CALLBACK_CLASS,
> ClientPasswordCallback.class.getName());
>
>
> WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(outProps);
> Endpoint endPoint = client.getEndpoint();
> endPoint.getOutInterceptors().add(wssOut);
> endPoint.getOutInterceptors().add(new SAAJOutInterceptor());
>
> Order order = new Order();
> System.out.println(hw.processOrder(order));
>
> }
>
> }
>
> //unquote
>
>
> I am trying the following code but it gives me a SOAPFaultException,
>
>
> //quote
>
> public static void main(String args[]) throws Exception
> {
> Service service=Service.create(new URL("
> http://localhost:8095/orderapp/OrderProcess?wsdl"), new QName("
> http://order.demo/", "OrderProcessImplService"));
> OrderProcess hw = service.getPort(OrderProcess.class);
>
> Map outProps = new HashMap();
>
> outProps.put(WSHandlerConstants.ACTION,WSHandlerConstants.USERNAME_TOKEN);
> outProps.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT);
>
> ((BindingProvider)hw).getRequestContext().put(BindingProvider.USERNAME_PROP
>ERTY, "ws-client");
> ((BindingProvider)hw).getRequestContext().put(BindingProvider.PASSWORD_PROP
>ERTY, "password");
> ((BindingProvider)hw).getRequestContext().put(WSHandlerConstants.ACTION,WSH
>andlerConstants.USERNAME_TOKEN);
> ((BindingProvider)hw).getRequestContext().put(WSHandlerConstants.PASSWORD_T
>YPE, WSConstants.PW_TEXT);
>
> Order order = new Order();
> System.out.println(hw.processOrder(order));
>
> }
>
> //unquote
>
> Exception:
>
> Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: An error
> was discovered processing the <wsse:Security> header
> at
> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:145)
> at $Proxy34.processOrder(Unknown Source)
> at demo.order.client.CL.main(CL.java:74)
> Caused by: org.apache.cxf.binding.soap.SoapFault: An error was discovered
> processing the <wsse:Security> header
> at
> org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.unmarshalF
>ault(Soap11FaultInInterceptor.java:75) at
> org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMess
>age(Soap11FaultInInterceptor.java:46) at
> org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMess
>age(Soap11FaultInInterceptor.java:35) at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChai
>n.java:226) at
> org.apache.cxf.interceptor.AbstractFaultChainInitiatorObserver.onMessage(Ab
>stractFaultChainInitiatorObserver.java:96) at
> org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage
>(CheckFaultInterceptor.java:69) at
> org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage
>(CheckFaultInterceptor.java:34) at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChai
>n.java:226) at
> org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:641) at
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleRespons
>eInternal(HTTPConduit.java:2131) at
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleRespons
>e(HTTPConduit.java:2010) at
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPCon
>duit.java:1935) at
> org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:66)
> at
> org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:626) at
> org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInte
>rceptor.handleMessage(MessageSenderInterceptor.java:62) at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChai
>n.java:226) at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:469) at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:299) at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:251) at
> org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73) at
> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:124)
> ... 2 more
>
>
>
>
>
> Can anyone correct me? Am I missing something?
>
> Thanks in advance for your help.
>
> Regards,
> Rahul
--
Daniel Kulp
dkulp@apache.org
http://www.dankulp.com/blog