You are viewing a plain text version of this content. The canonical link for it is here.

Posted to java-user@axis.apache.org by Matt Graham <ge...@gmail.com> on 2010/09/10 00:05:36 UTC

[AXIS2] - Adding ws-security headers from wsdl2java generated client...

My head asplode.  If someone can point me in the right direction here, I'll
be very grateful.

I have a third party wsdl which I've used (wsdl2java) to generate my client
stub and test classes.   When I run my test, the SOAP message is being
generated just fine, but the ws-security headers are forever missing.

With all the weblogs, tutorials and posts I've read, I've gotten all turned
around.

Here is what I've done, and a few clarifying questions:

WSDL:  Looking at the wsdl, there is nothing there about security policies,
etc.  Actually, nothing at all about security that I can see.  Does there
need to be?  (Not that I have any control over this...  just trying to
understand.)

STUB:  I've left the stub untouched, and can use it's methods, and call to
the web service successfully (except for the security errors.)

RAMPART:  I've been trying to use Rampart to enable security, and add the
headers.  To do this, I've unzipped the axis2-1.5 zip and the Rampart 1.5
zip together so the repository/modules directory would have all the right
files.

TEST: Then, in my test code, I added the following:
...
    ConfigurationContext ctx =
ConfigurationContextFactory.createConfigurationContextFromFileSystem("src/test/java/com/thirdparty/soap/user/axis2-1.5/repository",
null);
    com.pearson.soap.user.UserManagementStub stub = new
com.pearson.soap.user.UserManagementStub(ctx);
    ServiceClient sc = stub._getServiceClient();
    sc.engageModule("rampart");

    Options options = sc.getOptions();
    options.setUserName("apache");
    options.setPassword("password");
    options.setProperty("Created", "20011-05-01T15:05:01=06");
    options.setProperty("Expires", "2011-05-01T15:05:01=06");
    options.setProperty("UsernameToken", myToken);
...
Then I process the request.  It goes through, but never includes the
<soap:Header> section at all.

This is a sample of the header I'm trying to generate.

<soap:Header>
   <wsse:Security soap:mustUnderstand="1">
    <wsu:Timestamp wsu:Id="Timestamp-b23cf78f-09f8-4eec-9106-
3a9a52819842">
    <wsu:Created>2007-04-23T22:37:12Z</wsu:Created>
    <wsu:Expires>2007-04-23T22:38:12Z</wsu:Expires>
   </wsu:Timestamp>
  <wsse:UsernameToken wsu:Id="SecurityToken-8836043e-8f9b-4e56-
8e2b-5610e9ce280f">
    <wsse:Username>test</wsse:Username>
    <wsse:Password Type="http://docs.oasis-
open.org/wss/2004/01/oasis-200401-wss-username-token-profile-
1.0#PasswordDigest">43h23932189t10yhahg09</wsse:Password>
    <wsse:Nonce>f2949g0939g203yh203hg</wsse:Nonce>
    <wsu:Created>2007-04-23T22:37:12Z</wsu:Created>
   </wsse:UsernameToken>
  </wsse:Security>
  </soap:Header>

Can someone set me straight?  Is Rampart the way to go here?  Am I missing
any steps, or files I need to include?  Maybe I needed rampart somewhere
when I used wsdl2java?

AW: [AXIS2] - Adding ws-security headers from wsdl2java generated client...

Posted by Markus Schaber <MS...@soloplan.de>.

Hi, Matt,

 

It seems that we have a similar problem...

 

Markus

 

**************************************************************************
Soloplan GmbH
Software für Logistik und Planung
Markus Schaber (Dipl.-Informatiker)
Entwicklung, Projektleitung
Burgstraße 20 | 87435 Kempten | Deutschland
Telefon: +49 831 57407-0 | Telefax: +49 831 57407-111
E-Mail: msr@soloplan.de <ma...@soloplan.de>  | Internet: www.soloplan.de <http://www.soloplan.de/> 
Geschäftsführer: Wolfgang Heidl, HRB 5304 Kempten

________________________________

Von: Matt Graham [mailto:gerter@gmail.com] 
Gesendet: Freitag, 10. September 2010 00:06
An: java-user@axis.apache.org
Betreff: [AXIS2] - Adding ws-security headers from wsdl2java generated client...

 

My head asplode.  If someone can point me in the right direction here, I'll be very grateful.

 

I have a third party wsdl which I've used (wsdl2java) to generate my client stub and test classes.   When I run my test, the SOAP message is being generated just fine, but the ws-security headers are forever missing.  

 

With all the weblogs, tutorials and posts I've read, I've gotten all turned around. 

 

Here is what I've done, and a few clarifying questions:   

 

WSDL:  Looking at the wsdl, there is nothing there about security policies, etc.  Actually, nothing at all about security that I can see.  Does there need to be?  (Not that I have any control over this...  just trying to understand.)  

 

STUB:  I've left the stub untouched, and can use it's methods, and call to the web service successfully (except for the security errors.)

 

RAMPART:  I've been trying to use Rampart to enable security, and add the headers.  To do this, I've unzipped the axis2-1.5 zip and the Rampart 1.5 zip together so the repository/modules directory would have all the right files.  

 

TEST: Then, in my test code, I added the following:

...  

    ConfigurationContext ctx = ConfigurationContextFactory.createConfigurationContextFromFileSystem("src/test/java/com/thirdparty/soap/user/axis2-1.5/repository", null);

    com.pearson.soap.user.UserManagementStub stub = new com.pearson.soap.user.UserManagementStub(ctx);

    ServiceClient sc = stub._getServiceClient();

    sc.engageModule("rampart");

    

    Options options = sc.getOptions();

    options.setUserName("apache");

    options.setPassword("password");

    options.setProperty("Created", "20011-05-01T15:05:01=06");

    options.setProperty("Expires", "2011-05-01T15:05:01=06");

    options.setProperty("UsernameToken", myToken);

...

Then I process the request.  It goes through, but never includes the <soap:Header> section at all.  

 

This is a sample of the header I'm trying to generate. 

 

<soap:Header> 

   <wsse:Security soap:mustUnderstand="1"> 

    <wsu:Timestamp wsu:Id="Timestamp-b23cf78f-09f8-4eec-9106-

3a9a52819842"> 

    <wsu:Created>2007-04-23T22:37:12Z</wsu:Created> 

    <wsu:Expires>2007-04-23T22:38:12Z</wsu:Expires> 

   </wsu:Timestamp>

  <wsse:UsernameToken wsu:Id="SecurityToken-8836043e-8f9b-4e56-

8e2b-5610e9ce280f"> 

    <wsse:Username>test</wsse:Username> 

    <wsse:Password Type="http://docs.oasis-

open.org/wss/2004/01/oasis-200401-wss-username-token-profile-

1.0#PasswordDigest">43h23932189t10yhahg09</wsse:Password> 

    <wsse:Nonce>f2949g0939g203yh203hg</wsse:Nonce> 

    <wsu:Created>2007-04-23T22:37:12Z</wsu:Created> 

   </wsse:UsernameToken> 

  </wsse:Security> 

  </soap:Header>

 

Can someone set me straight?  Is Rampart the way to go here?  Am I missing any steps, or files I need to include?  Maybe I needed rampart somewhere when I used wsdl2java?