You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cxf.apache.org by "rahul.soa" <ra...@googlemail.com> on 2009/07/08 00:43:06 UTC
Security header wsse:Security is missing in Response
Hello CXF Devs,
I am trying to access the secured (usernameToken) webservice deployed on
tomcat by the java client. I intercepted the exchanged messages via tcpmon,
which are following:
Request:
----------
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Header><wsse:Security
xmlns:wsse="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
soap:mustUnderstand="1"><wsse:UsernameToken xmlns:wsse="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="UsernameToken-1"><wsse:Username>ws-client</wsse:Username><wsse:Password
Type="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password</wsse:Password></wsse:UsernameToken></wsse:Security></soap:Header><soap:Body><ns2:processOrder
xmlns:ns2="http://order.demo/"><arg0
/></ns2:processOrder></soap:Body></soap:Envelope>
Response:
-------------
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><ns2:processOrderResponse
xmlns:ns2="http://order.demo/
"><return>ORD1234</return></ns2:processOrderResponse></soap:Body></soap:Envelope>
Unlike the Request, response does not have the security header. I want to
know why **security header** (wsse:Security) is missing in the response. Am
I missing something in the configurations?
Can you please suggest what should I do to solve this problem?
Here are the client and service side configurations:
client-beans.xml
---------------------
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:jaxws="http://cxf.apache.org/jaxws"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://cxf.apache.org/jaxws http://cxf.apache.org/schema/jaxws.xsd">
<bean id="client" class="demo.order.OrderProcess"
factory-bean="clientFactory" factory-method="create"/>
<bean id="logIn" class="org.apache.cxf.interceptor.LoggingInInterceptor"
/>
<bean id="logOut" class="org.apache.cxf.interceptor.LoggingOutInterceptor"
/>
<bean id="saajOut"
class="org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor" />
<bean id="wss4jOut"
class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
<constructor-arg>
<map>
<entry key="action" value="UsernameToken" />
<entry key="user" value="ws-client" />
<entry key="passwordType" value="PasswordText" />
<entry key="passwordCallbackClass"
value="demo.order.client.ClientPasswordCallback" />
</map>
</constructor-arg>
</bean>
<bean id="clientFactory"
class="org.apache.cxf.jaxws.JaxWsProxyFactoryBean">
<property name="serviceClass" value="demo.order.OrderProcess"/>
<property name="address" value="
http://localhost:8080/neworderapp/OrderProcess"/>
<property name="inInterceptors">
<list>
<ref bean="logIn" />
</list>
</property>
<property name="outInterceptors">
<list>
<ref bean="logOut" />
<ref bean="saajOut" />
<ref bean="wss4jOut" />
</list>
</property>
</bean>
</beans>
beans.xml
-------------
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:jaxws="http://cxf.apache.org/jaxws"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd">
<import resource="classpath:META-INF/cxf/cxf.xml" />
<import resource="classpath:META-INF/cxf/cxf-extension-soap.xml" />
<import resource="classpath:META-INF/cxf/cxf-servlet.xml" />
<jaxws:endpoint
id="orderProcess"
implementor="demo.order.OrderProcessImpl"
address="/OrderProcess">
<jaxws:inInterceptors>
<bean class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor" />
<bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
<constructor-arg>
<map>
<entry key="action" value="UsernameToken" />
<entry key="passwordType" value="PasswordText" />
<entry key="passwordCallbackClass"
value="demo.order.ServerPasswordCallback" />
</map>
</constructor-arg>
</bean>
</jaxws:inInterceptors>
</jaxws:endpoint>
</beans>
Many Thanks in advance.
Best Regards,
Rahul
Re: Security header wsse:Security is missing in Response
Posted by "rahul.soa" <ra...@googlemail.com>.
Many Thanks Mayank and Dan.
Setting the WSSJIn/OutInterceptors both way worked for me and now security
header is passing both sides. In addition, both client and server are able
to handle them.
Thanks again for the pointers for policy. I think, after setting up basic
ws-security I can soon jump to the policy.
I appreciate the quick response from you.
Best Regards,
Rahul
On Thu, Jul 9, 2009 at 5:42 AM, Mayank Mishra <ma...@gmail.com> wrote:
> Daniel Kulp wrote:
>
>> On Wed July 8 2009 5:29:16 pm rahul.soa wrote:
>>
>>
>>> Thanks Mayank for the response. So that means Client should have
>>> WSS4JOutInterceptor configured to send the secured SOAP Request and
>>> should
>>> also be configured with WSS4JInInterceptor to receive the secured
>>> Response
>>> from Server. And contrary applies to Server.
>>>
>>>
>>
>> That's right.
>>
>> This is partially why using the WS-SecurityPolicy stuff makes it a bit
>> easier. You don't need to mess with interceptors as the Policy framework
>> handles that. You just need to add a little configuration to the endpoint
>> or client (via standard JAX-WS context property mechanisms) and the policy
>> framework does the rest.
>>
>> Dan
>>
>>
>>
> True. You can provide the WS-SecurityPolicy for input and output elements
> (if you want to configure them differently), or operation level/binding
> level (they applies to all input and output messages for all operations
> inside Binding).
> You can write an external policy file or can embed the policy element
> inside using the PolicyReference element of WS-Policy. It's quite neat and
> compatible with all WS Engines (of course a few assertions for configuring
> keystore, callbacks etc which are not there is WS-SecurityPolicy
> specification.
>
> With Regards,
> Mayank
>
>
>>
>>> Best Regards,
>>> Rahul
>>>
>>>
>>> So that means
>>>
>>> On Wed, Jul 8, 2009 at 7:51 PM, Mayank Mishra <ma...@gmail.com>
>>> wrote:
>>>
>>>
>>>> rahul.soa wrote:
>>>>
>>>>
>>>>> Hello CXF Devs,
>>>>>
>>>>> I am trying to access the secured (usernameToken) webservice deployed
>>>>> on
>>>>> tomcat by the java client. I intercepted the exchanged messages via
>>>>> tcpmon,
>>>>> which are following:
>>>>>
>>>>> Request:
>>>>> ----------
>>>>>
>>>>> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/
>>>>> "><soap:Header><wsse:Security
>>>>> xmlns:wsse="
>>>>>
>>>>>
>>>>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secex
>>>>> t-1.0.xsd "
>>>>> soap:mustUnderstand="1"><wsse:UsernameToken xmlns:wsse="
>>>>>
>>>>>
>>>>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secex
>>>>> t-1.0.xsd "
>>>>> xmlns:wsu="
>>>>>
>>>>>
>>>>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utili
>>>>> ty-1.0.xsd "
>>>>>
>>>>>
>>>>> wsu:Id="UsernameToken-1"><wsse:Username>ws-client</wsse:Username><wsse:P
>>>>> assword Type="
>>>>>
>>>>>
>>>>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-p
>>>>> rofile-1.0#PasswordText
>>>>>
>>>>> ">password</wsse:Password></wsse:UsernameToken></wsse:Security></soap:He
>>>>> ader><soap:Body><ns2:processOrder xmlns:ns2="http://order.demo/"><arg0
>>>>> /></ns2:processOrder></soap:Body></soap:Envelope>
>>>>>
>>>>>
>>>>> Response:
>>>>> -------------
>>>>>
>>>>> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/
>>>>> "><soap:Body><ns2:processOrderResponse
>>>>> xmlns:ns2="http://order.demo/
>>>>>
>>>>>
>>>>> "><return>ORD1234</return></ns2:processOrderResponse></soap:Body></soap:
>>>>> Envelope>
>>>>>
>>>>>
>>>>> Unlike the Request, response does not have the security header. I want
>>>>> to know why **security header** (wsse:Security) is missing in the
>>>>> response. Am
>>>>> I missing something in the configurations?
>>>>>
>>>>> Can you please suggest what should I do to solve this problem?
>>>>>
>>>>> Here are the client and service side configurations:
>>>>>
>>>>> client-beans.xml
>>>>> ---------------------
>>>>>
>>>>> <beans xmlns="http://www.springframework.org/schema/beans"
>>>>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>>>>> xmlns:jaxws="http://cxf.apache.org/jaxws"
>>>>> xsi:schemaLocation="
>>>>> http://www.springframework.org/schema/beans
>>>>> http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
>>>>> http://cxf.apache.org/jaxws http://cxf.apache.org/schema/jaxws.xsd">
>>>>>
>>>>> <bean id="client" class="demo.order.OrderProcess"
>>>>> factory-bean="clientFactory" factory-method="create"/>
>>>>>
>>>>> <bean id="logIn"
>>>>> class="org.apache.cxf.interceptor.LoggingInInterceptor" />
>>>>> <bean id="logOut"
>>>>> class="org.apache.cxf.interceptor.LoggingOutInterceptor"
>>>>> />
>>>>> <bean id="saajOut"
>>>>> class="org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor" />
>>>>> <bean id="wss4jOut"
>>>>> class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
>>>>> <constructor-arg>
>>>>> <map>
>>>>> <entry key="action" value="UsernameToken" />
>>>>> <entry key="user" value="ws-client" />
>>>>> <entry key="passwordType" value="PasswordText" />
>>>>> <entry key="passwordCallbackClass"
>>>>> value="demo.order.client.ClientPasswordCallback" />
>>>>> </map>
>>>>> </constructor-arg>
>>>>> </bean>
>>>>>
>>>>> <bean id="clientFactory"
>>>>> class="org.apache.cxf.jaxws.JaxWsProxyFactoryBean">
>>>>> <property name="serviceClass" value="demo.order.OrderProcess"/>
>>>>> <property name="address" value="
>>>>> http://localhost:8080/neworderapp/OrderProcess"/>
>>>>> <property name="inInterceptors">
>>>>> <list>
>>>>> <ref bean="logIn" />
>>>>> </list>
>>>>> </property>
>>>>> <property name="outInterceptors">
>>>>> <list>
>>>>> <ref bean="logOut" />
>>>>> <ref bean="saajOut" />
>>>>> <ref bean="wss4jOut" />
>>>>> </list>
>>>>> </property>
>>>>> </bean>
>>>>>
>>>>> </beans>
>>>>>
>>>>>
>>>>>
>>>>> beans.xml
>>>>> -------------
>>>>>
>>>>> <beans xmlns="http://www.springframework.org/schema/beans"
>>>>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>>>>> xmlns:jaxws="http://cxf.apache.org/jaxws"
>>>>> xsi:schemaLocation="
>>>>> http://www.springframework.org/schema/beans
>>>>> http://www.springframework.org/schema/beans/spring-beans.xsd
>>>>> http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd">
>>>>>
>>>>> <import resource="classpath:META-INF/cxf/cxf.xml" />
>>>>> <import resource="classpath:META-INF/cxf/cxf-extension-soap.xml" />
>>>>> <import resource="classpath:META-INF/cxf/cxf-servlet.xml" />
>>>>>
>>>>> <jaxws:endpoint
>>>>> id="orderProcess"
>>>>> implementor="demo.order.OrderProcessImpl"
>>>>> address="/OrderProcess">
>>>>> <jaxws:inInterceptors>
>>>>> <bean class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor" />
>>>>> <bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
>>>>> <constructor-arg>
>>>>> <map>
>>>>> <entry key="action" value="UsernameToken" />
>>>>> <entry key="passwordType" value="PasswordText" />
>>>>> <entry key="passwordCallbackClass"
>>>>> value="demo.order.ServerPasswordCallback" />
>>>>> </map>
>>>>> </constructor-arg>
>>>>> </bean>
>>>>> </jaxws:inInterceptors>
>>>>> </jaxws:endpoint>
>>>>> </beans>
>>>>>
>>>>>
>>>> I am unable to see ServerOut-ClientIn WSS4J Interceptor configuration.
>>>> For each way you require to configure.
>>>>
>>>> With Regards,
>>>> Mayank
>>>>
>>>> Many Thanks in advance.
>>>>
>>>>
>>>>
>>>>> Best Regards,
>>>>> Rahul
>>>>>
>>>>>
>>>>
>>
>>
>
>
Re: Security header wsse:Security is missing in Response
Posted by Mayank Mishra <ma...@gmail.com>.
Daniel Kulp wrote:
> On Wed July 8 2009 5:29:16 pm rahul.soa wrote:
>
>> Thanks Mayank for the response. So that means Client should have
>> WSS4JOutInterceptor configured to send the secured SOAP Request and should
>> also be configured with WSS4JInInterceptor to receive the secured Response
>> from Server. And contrary applies to Server.
>>
>
> That's right.
>
> This is partially why using the WS-SecurityPolicy stuff makes it a bit easier.
> You don't need to mess with interceptors as the Policy framework handles that.
> You just need to add a little configuration to the endpoint or client (via
> standard JAX-WS context property mechanisms) and the policy framework does the
> rest.
>
> Dan
>
>
True. You can provide the WS-SecurityPolicy for input and output
elements (if you want to configure them differently), or operation
level/binding level (they applies to all input and output messages for
all operations inside Binding).
You can write an external policy file or can embed the policy element
inside using the PolicyReference element of WS-Policy. It's quite neat
and compatible with all WS Engines (of course a few assertions for
configuring keystore, callbacks etc which are not there is
WS-SecurityPolicy specification.
With Regards,
Mayank
>
>> Best Regards,
>> Rahul
>>
>>
>> So that means
>>
>> On Wed, Jul 8, 2009 at 7:51 PM, Mayank Mishra <ma...@gmail.com> wrote:
>>
>>> rahul.soa wrote:
>>>
>>>> Hello CXF Devs,
>>>>
>>>> I am trying to access the secured (usernameToken) webservice deployed on
>>>> tomcat by the java client. I intercepted the exchanged messages via
>>>> tcpmon,
>>>> which are following:
>>>>
>>>> Request:
>>>> ----------
>>>>
>>>> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/
>>>> "><soap:Header><wsse:Security
>>>> xmlns:wsse="
>>>>
>>>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secex
>>>> t-1.0.xsd "
>>>> soap:mustUnderstand="1"><wsse:UsernameToken xmlns:wsse="
>>>>
>>>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secex
>>>> t-1.0.xsd "
>>>> xmlns:wsu="
>>>>
>>>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utili
>>>> ty-1.0.xsd "
>>>>
>>>> wsu:Id="UsernameToken-1"><wsse:Username>ws-client</wsse:Username><wsse:P
>>>> assword Type="
>>>>
>>>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-p
>>>> rofile-1.0#PasswordText
>>>> ">password</wsse:Password></wsse:UsernameToken></wsse:Security></soap:He
>>>> ader><soap:Body><ns2:processOrder xmlns:ns2="http://order.demo/"><arg0
>>>> /></ns2:processOrder></soap:Body></soap:Envelope>
>>>>
>>>>
>>>> Response:
>>>> -------------
>>>>
>>>> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/
>>>> "><soap:Body><ns2:processOrderResponse
>>>> xmlns:ns2="http://order.demo/
>>>>
>>>> "><return>ORD1234</return></ns2:processOrderResponse></soap:Body></soap:
>>>> Envelope>
>>>>
>>>>
>>>> Unlike the Request, response does not have the security header. I want
>>>> to know why **security header** (wsse:Security) is missing in the
>>>> response. Am
>>>> I missing something in the configurations?
>>>>
>>>> Can you please suggest what should I do to solve this problem?
>>>>
>>>> Here are the client and service side configurations:
>>>>
>>>> client-beans.xml
>>>> ---------------------
>>>>
>>>> <beans xmlns="http://www.springframework.org/schema/beans"
>>>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>>>> xmlns:jaxws="http://cxf.apache.org/jaxws"
>>>> xsi:schemaLocation="
>>>> http://www.springframework.org/schema/beans
>>>> http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
>>>> http://cxf.apache.org/jaxws http://cxf.apache.org/schema/jaxws.xsd">
>>>>
>>>> <bean id="client" class="demo.order.OrderProcess"
>>>> factory-bean="clientFactory" factory-method="create"/>
>>>>
>>>> <bean id="logIn"
>>>> class="org.apache.cxf.interceptor.LoggingInInterceptor" />
>>>> <bean id="logOut"
>>>> class="org.apache.cxf.interceptor.LoggingOutInterceptor"
>>>> />
>>>> <bean id="saajOut"
>>>> class="org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor" />
>>>> <bean id="wss4jOut"
>>>> class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
>>>> <constructor-arg>
>>>> <map>
>>>> <entry key="action" value="UsernameToken" />
>>>> <entry key="user" value="ws-client" />
>>>> <entry key="passwordType" value="PasswordText" />
>>>> <entry key="passwordCallbackClass"
>>>> value="demo.order.client.ClientPasswordCallback" />
>>>> </map>
>>>> </constructor-arg>
>>>> </bean>
>>>>
>>>> <bean id="clientFactory"
>>>> class="org.apache.cxf.jaxws.JaxWsProxyFactoryBean">
>>>> <property name="serviceClass" value="demo.order.OrderProcess"/>
>>>> <property name="address" value="
>>>> http://localhost:8080/neworderapp/OrderProcess"/>
>>>> <property name="inInterceptors">
>>>> <list>
>>>> <ref bean="logIn" />
>>>> </list>
>>>> </property>
>>>> <property name="outInterceptors">
>>>> <list>
>>>> <ref bean="logOut" />
>>>> <ref bean="saajOut" />
>>>> <ref bean="wss4jOut" />
>>>> </list>
>>>> </property>
>>>> </bean>
>>>>
>>>> </beans>
>>>>
>>>>
>>>>
>>>> beans.xml
>>>> -------------
>>>>
>>>> <beans xmlns="http://www.springframework.org/schema/beans"
>>>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>>>> xmlns:jaxws="http://cxf.apache.org/jaxws"
>>>> xsi:schemaLocation="
>>>> http://www.springframework.org/schema/beans
>>>> http://www.springframework.org/schema/beans/spring-beans.xsd
>>>> http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd">
>>>>
>>>> <import resource="classpath:META-INF/cxf/cxf.xml" />
>>>> <import resource="classpath:META-INF/cxf/cxf-extension-soap.xml" />
>>>> <import resource="classpath:META-INF/cxf/cxf-servlet.xml" />
>>>>
>>>> <jaxws:endpoint
>>>> id="orderProcess"
>>>> implementor="demo.order.OrderProcessImpl"
>>>> address="/OrderProcess">
>>>> <jaxws:inInterceptors>
>>>> <bean class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor" />
>>>> <bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
>>>> <constructor-arg>
>>>> <map>
>>>> <entry key="action" value="UsernameToken" />
>>>> <entry key="passwordType" value="PasswordText" />
>>>> <entry key="passwordCallbackClass"
>>>> value="demo.order.ServerPasswordCallback" />
>>>> </map>
>>>> </constructor-arg>
>>>> </bean>
>>>> </jaxws:inInterceptors>
>>>> </jaxws:endpoint>
>>>> </beans>
>>>>
>>> I am unable to see ServerOut-ClientIn WSS4J Interceptor configuration.
>>> For each way you require to configure.
>>>
>>> With Regards,
>>> Mayank
>>>
>>> Many Thanks in advance.
>>>
>>>
>>>> Best Regards,
>>>> Rahul
>>>>
>
>
Re: Security header wsse:Security is missing in Response
Posted by Mayank Mishra <ma...@gmail.com>.
Daniel Kulp wrote:
> On Wed July 8 2009 5:29:16 pm rahul.soa wrote:
>
>> Thanks Mayank for the response. So that means Client should have
>> WSS4JOutInterceptor configured to send the secured SOAP Request and should
>> also be configured with WSS4JInInterceptor to receive the secured Response
>> from Server. And contrary applies to Server.
>>
>
> That's right.
>
> This is partially why using the WS-SecurityPolicy stuff makes it a bit easier.
> You don't need to mess with interceptors as the Policy framework handles that.
> You just need to add a little configuration to the endpoint or client (via
> standard JAX-WS context property mechanisms) and the policy framework does the
> rest.
>
> Dan
>
>
True. You can provide the WS-SecurityPolicy for input and output
elements (if you want to configure them differently), or operation
level/binding level (they applies to all input and output messages for
all operations inside Binding).
You can write an external policy file or can embed the policy element
inside using the PolicyReference element of WS-Policy. It's quite neat
and compatible with all WS Engines (ofcourse a few asserations for
configuring keystore, callbacks etc which are not there is
WS-SecurityPolicy specification.
With Regards,
Mayakn
>
>> Best Regards,
>> Rahul
>>
>>
>> So that means
>>
>> On Wed, Jul 8, 2009 at 7:51 PM, Mayank Mishra <ma...@gmail.com> wrote:
>>
>>> rahul.soa wrote:
>>>
>>>> Hello CXF Devs,
>>>>
>>>> I am trying to access the secured (usernameToken) webservice deployed on
>>>> tomcat by the java client. I intercepted the exchanged messages via
>>>> tcpmon,
>>>> which are following:
>>>>
>>>> Request:
>>>> ----------
>>>>
>>>> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/
>>>> "><soap:Header><wsse:Security
>>>> xmlns:wsse="
>>>>
>>>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secex
>>>> t-1.0.xsd "
>>>> soap:mustUnderstand="1"><wsse:UsernameToken xmlns:wsse="
>>>>
>>>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secex
>>>> t-1.0.xsd "
>>>> xmlns:wsu="
>>>>
>>>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utili
>>>> ty-1.0.xsd "
>>>>
>>>> wsu:Id="UsernameToken-1"><wsse:Username>ws-client</wsse:Username><wsse:P
>>>> assword Type="
>>>>
>>>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-p
>>>> rofile-1.0#PasswordText
>>>> ">password</wsse:Password></wsse:UsernameToken></wsse:Security></soap:He
>>>> ader><soap:Body><ns2:processOrder xmlns:ns2="http://order.demo/"><arg0
>>>> /></ns2:processOrder></soap:Body></soap:Envelope>
>>>>
>>>>
>>>> Response:
>>>> -------------
>>>>
>>>> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/
>>>> "><soap:Body><ns2:processOrderResponse
>>>> xmlns:ns2="http://order.demo/
>>>>
>>>> "><return>ORD1234</return></ns2:processOrderResponse></soap:Body></soap:
>>>> Envelope>
>>>>
>>>>
>>>> Unlike the Request, response does not have the security header. I want
>>>> to know why **security header** (wsse:Security) is missing in the
>>>> response. Am
>>>> I missing something in the configurations?
>>>>
>>>> Can you please suggest what should I do to solve this problem?
>>>>
>>>> Here are the client and service side configurations:
>>>>
>>>> client-beans.xml
>>>> ---------------------
>>>>
>>>> <beans xmlns="http://www.springframework.org/schema/beans"
>>>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>>>> xmlns:jaxws="http://cxf.apache.org/jaxws"
>>>> xsi:schemaLocation="
>>>> http://www.springframework.org/schema/beans
>>>> http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
>>>> http://cxf.apache.org/jaxws http://cxf.apache.org/schema/jaxws.xsd">
>>>>
>>>> <bean id="client" class="demo.order.OrderProcess"
>>>> factory-bean="clientFactory" factory-method="create"/>
>>>>
>>>> <bean id="logIn"
>>>> class="org.apache.cxf.interceptor.LoggingInInterceptor" />
>>>> <bean id="logOut"
>>>> class="org.apache.cxf.interceptor.LoggingOutInterceptor"
>>>> />
>>>> <bean id="saajOut"
>>>> class="org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor" />
>>>> <bean id="wss4jOut"
>>>> class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
>>>> <constructor-arg>
>>>> <map>
>>>> <entry key="action" value="UsernameToken" />
>>>> <entry key="user" value="ws-client" />
>>>> <entry key="passwordType" value="PasswordText" />
>>>> <entry key="passwordCallbackClass"
>>>> value="demo.order.client.ClientPasswordCallback" />
>>>> </map>
>>>> </constructor-arg>
>>>> </bean>
>>>>
>>>> <bean id="clientFactory"
>>>> class="org.apache.cxf.jaxws.JaxWsProxyFactoryBean">
>>>> <property name="serviceClass" value="demo.order.OrderProcess"/>
>>>> <property name="address" value="
>>>> http://localhost:8080/neworderapp/OrderProcess"/>
>>>> <property name="inInterceptors">
>>>> <list>
>>>> <ref bean="logIn" />
>>>> </list>
>>>> </property>
>>>> <property name="outInterceptors">
>>>> <list>
>>>> <ref bean="logOut" />
>>>> <ref bean="saajOut" />
>>>> <ref bean="wss4jOut" />
>>>> </list>
>>>> </property>
>>>> </bean>
>>>>
>>>> </beans>
>>>>
>>>>
>>>>
>>>> beans.xml
>>>> -------------
>>>>
>>>> <beans xmlns="http://www.springframework.org/schema/beans"
>>>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>>>> xmlns:jaxws="http://cxf.apache.org/jaxws"
>>>> xsi:schemaLocation="
>>>> http://www.springframework.org/schema/beans
>>>> http://www.springframework.org/schema/beans/spring-beans.xsd
>>>> http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd">
>>>>
>>>> <import resource="classpath:META-INF/cxf/cxf.xml" />
>>>> <import resource="classpath:META-INF/cxf/cxf-extension-soap.xml" />
>>>> <import resource="classpath:META-INF/cxf/cxf-servlet.xml" />
>>>>
>>>> <jaxws:endpoint
>>>> id="orderProcess"
>>>> implementor="demo.order.OrderProcessImpl"
>>>> address="/OrderProcess">
>>>> <jaxws:inInterceptors>
>>>> <bean class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor" />
>>>> <bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
>>>> <constructor-arg>
>>>> <map>
>>>> <entry key="action" value="UsernameToken" />
>>>> <entry key="passwordType" value="PasswordText" />
>>>> <entry key="passwordCallbackClass"
>>>> value="demo.order.ServerPasswordCallback" />
>>>> </map>
>>>> </constructor-arg>
>>>> </bean>
>>>> </jaxws:inInterceptors>
>>>> </jaxws:endpoint>
>>>> </beans>
>>>>
>>> I am unable to see ServerOut-ClientIn WSS4J Interceptor configuration.
>>> For each way you require to configure.
>>>
>>> With Regards,
>>> Mayank
>>>
>>> Many Thanks in advance.
>>>
>>>
>>>> Best Regards,
>>>> Rahul
>>>>
>
>
Re: Security header wsse:Security is missing in Response
Posted by Daniel Kulp <dk...@apache.org>.
On Wed July 8 2009 5:29:16 pm rahul.soa wrote:
> Thanks Mayank for the response. So that means Client should have
> WSS4JOutInterceptor configured to send the secured SOAP Request and should
> also be configured with WSS4JInInterceptor to receive the secured Response
> from Server. And contrary applies to Server.
That's right.
This is partially why using the WS-SecurityPolicy stuff makes it a bit easier.
You don't need to mess with interceptors as the Policy framework handles that.
You just need to add a little configuration to the endpoint or client (via
standard JAX-WS context property mechanisms) and the policy framework does the
rest.
Dan
> Best Regards,
> Rahul
>
>
> So that means
>
> On Wed, Jul 8, 2009 at 7:51 PM, Mayank Mishra <ma...@gmail.com> wrote:
> > rahul.soa wrote:
> >> Hello CXF Devs,
> >>
> >> I am trying to access the secured (usernameToken) webservice deployed on
> >> tomcat by the java client. I intercepted the exchanged messages via
> >> tcpmon,
> >> which are following:
> >>
> >> Request:
> >> ----------
> >>
> >> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/
> >> "><soap:Header><wsse:Security
> >> xmlns:wsse="
> >>
> >> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secex
> >>t-1.0.xsd "
> >> soap:mustUnderstand="1"><wsse:UsernameToken xmlns:wsse="
> >>
> >> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secex
> >>t-1.0.xsd "
> >> xmlns:wsu="
> >>
> >> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utili
> >>ty-1.0.xsd "
> >>
> >> wsu:Id="UsernameToken-1"><wsse:Username>ws-client</wsse:Username><wsse:P
> >>assword Type="
> >>
> >> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-p
> >>rofile-1.0#PasswordText
> >> ">password</wsse:Password></wsse:UsernameToken></wsse:Security></soap:He
> >>ader><soap:Body><ns2:processOrder xmlns:ns2="http://order.demo/"><arg0
> >> /></ns2:processOrder></soap:Body></soap:Envelope>
> >>
> >>
> >> Response:
> >> -------------
> >>
> >> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/
> >> "><soap:Body><ns2:processOrderResponse
> >> xmlns:ns2="http://order.demo/
> >>
> >> "><return>ORD1234</return></ns2:processOrderResponse></soap:Body></soap:
> >>Envelope>
> >>
> >>
> >> Unlike the Request, response does not have the security header. I want
> >> to know why **security header** (wsse:Security) is missing in the
> >> response. Am
> >> I missing something in the configurations?
> >>
> >> Can you please suggest what should I do to solve this problem?
> >>
> >> Here are the client and service side configurations:
> >>
> >> client-beans.xml
> >> ---------------------
> >>
> >> <beans xmlns="http://www.springframework.org/schema/beans"
> >> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> >> xmlns:jaxws="http://cxf.apache.org/jaxws"
> >> xsi:schemaLocation="
> >> http://www.springframework.org/schema/beans
> >> http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
> >> http://cxf.apache.org/jaxws http://cxf.apache.org/schema/jaxws.xsd">
> >>
> >> <bean id="client" class="demo.order.OrderProcess"
> >> factory-bean="clientFactory" factory-method="create"/>
> >>
> >> <bean id="logIn"
> >> class="org.apache.cxf.interceptor.LoggingInInterceptor" />
> >> <bean id="logOut"
> >> class="org.apache.cxf.interceptor.LoggingOutInterceptor"
> >> />
> >> <bean id="saajOut"
> >> class="org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor" />
> >> <bean id="wss4jOut"
> >> class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
> >> <constructor-arg>
> >> <map>
> >> <entry key="action" value="UsernameToken" />
> >> <entry key="user" value="ws-client" />
> >> <entry key="passwordType" value="PasswordText" />
> >> <entry key="passwordCallbackClass"
> >> value="demo.order.client.ClientPasswordCallback" />
> >> </map>
> >> </constructor-arg>
> >> </bean>
> >>
> >> <bean id="clientFactory"
> >> class="org.apache.cxf.jaxws.JaxWsProxyFactoryBean">
> >> <property name="serviceClass" value="demo.order.OrderProcess"/>
> >> <property name="address" value="
> >> http://localhost:8080/neworderapp/OrderProcess"/>
> >> <property name="inInterceptors">
> >> <list>
> >> <ref bean="logIn" />
> >> </list>
> >> </property>
> >> <property name="outInterceptors">
> >> <list>
> >> <ref bean="logOut" />
> >> <ref bean="saajOut" />
> >> <ref bean="wss4jOut" />
> >> </list>
> >> </property>
> >> </bean>
> >>
> >> </beans>
> >>
> >>
> >>
> >> beans.xml
> >> -------------
> >>
> >> <beans xmlns="http://www.springframework.org/schema/beans"
> >> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> >> xmlns:jaxws="http://cxf.apache.org/jaxws"
> >> xsi:schemaLocation="
> >> http://www.springframework.org/schema/beans
> >> http://www.springframework.org/schema/beans/spring-beans.xsd
> >> http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd">
> >>
> >> <import resource="classpath:META-INF/cxf/cxf.xml" />
> >> <import resource="classpath:META-INF/cxf/cxf-extension-soap.xml" />
> >> <import resource="classpath:META-INF/cxf/cxf-servlet.xml" />
> >>
> >> <jaxws:endpoint
> >> id="orderProcess"
> >> implementor="demo.order.OrderProcessImpl"
> >> address="/OrderProcess">
> >> <jaxws:inInterceptors>
> >> <bean class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor" />
> >> <bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
> >> <constructor-arg>
> >> <map>
> >> <entry key="action" value="UsernameToken" />
> >> <entry key="passwordType" value="PasswordText" />
> >> <entry key="passwordCallbackClass"
> >> value="demo.order.ServerPasswordCallback" />
> >> </map>
> >> </constructor-arg>
> >> </bean>
> >> </jaxws:inInterceptors>
> >> </jaxws:endpoint>
> >> </beans>
> >
> > I am unable to see ServerOut-ClientIn WSS4J Interceptor configuration.
> > For each way you require to configure.
> >
> > With Regards,
> > Mayank
> >
> > Many Thanks in advance.
> >
> >> Best Regards,
> >> Rahul
--
Daniel Kulp
dkulp@apache.org
http://www.dankulp.com/blog
Re: Security header wsse:Security is missing in Response
Posted by "rahul.soa" <ra...@googlemail.com>.
Thanks Mayank for the response. So that means Client should have
WSS4JOutInterceptor configured to send the secured SOAP Request and should
also be configured with WSS4JInInterceptor to receive the secured Response
from Server. And contrary applies to Server.
Best Regards,
Rahul
So that means
On Wed, Jul 8, 2009 at 7:51 PM, Mayank Mishra <ma...@gmail.com> wrote:
> rahul.soa wrote:
>
>> Hello CXF Devs,
>>
>> I am trying to access the secured (usernameToken) webservice deployed on
>> tomcat by the java client. I intercepted the exchanged messages via
>> tcpmon,
>> which are following:
>>
>> Request:
>> ----------
>>
>> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/
>> "><soap:Header><wsse:Security
>> xmlns:wsse="
>>
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
>> "
>> soap:mustUnderstand="1"><wsse:UsernameToken xmlns:wsse="
>>
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
>> "
>> xmlns:wsu="
>>
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
>> "
>>
>> wsu:Id="UsernameToken-1"><wsse:Username>ws-client</wsse:Username><wsse:Password
>> Type="
>>
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText
>> ">password</wsse:Password></wsse:UsernameToken></wsse:Security></soap:Header><soap:Body><ns2:processOrder
>> xmlns:ns2="http://order.demo/"><arg0
>> /></ns2:processOrder></soap:Body></soap:Envelope>
>>
>>
>> Response:
>> -------------
>>
>> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/
>> "><soap:Body><ns2:processOrderResponse
>> xmlns:ns2="http://order.demo/
>>
>> "><return>ORD1234</return></ns2:processOrderResponse></soap:Body></soap:Envelope>
>>
>>
>> Unlike the Request, response does not have the security header. I want to
>> know why **security header** (wsse:Security) is missing in the response.
>> Am
>> I missing something in the configurations?
>>
>> Can you please suggest what should I do to solve this problem?
>>
>> Here are the client and service side configurations:
>>
>> client-beans.xml
>> ---------------------
>>
>> <beans xmlns="http://www.springframework.org/schema/beans"
>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>> xmlns:jaxws="http://cxf.apache.org/jaxws"
>> xsi:schemaLocation="
>> http://www.springframework.org/schema/beans
>> http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
>> http://cxf.apache.org/jaxws http://cxf.apache.org/schema/jaxws.xsd">
>>
>> <bean id="client" class="demo.order.OrderProcess"
>> factory-bean="clientFactory" factory-method="create"/>
>>
>> <bean id="logIn" class="org.apache.cxf.interceptor.LoggingInInterceptor"
>> />
>> <bean id="logOut"
>> class="org.apache.cxf.interceptor.LoggingOutInterceptor"
>> />
>> <bean id="saajOut"
>> class="org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor" />
>> <bean id="wss4jOut"
>> class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
>> <constructor-arg>
>> <map>
>> <entry key="action" value="UsernameToken" />
>> <entry key="user" value="ws-client" />
>> <entry key="passwordType" value="PasswordText" />
>> <entry key="passwordCallbackClass"
>> value="demo.order.client.ClientPasswordCallback" />
>> </map>
>> </constructor-arg>
>> </bean>
>>
>> <bean id="clientFactory"
>> class="org.apache.cxf.jaxws.JaxWsProxyFactoryBean">
>> <property name="serviceClass" value="demo.order.OrderProcess"/>
>> <property name="address" value="
>> http://localhost:8080/neworderapp/OrderProcess"/>
>> <property name="inInterceptors">
>> <list>
>> <ref bean="logIn" />
>> </list>
>> </property>
>> <property name="outInterceptors">
>> <list>
>> <ref bean="logOut" />
>> <ref bean="saajOut" />
>> <ref bean="wss4jOut" />
>> </list>
>> </property>
>> </bean>
>>
>> </beans>
>>
>>
>>
>> beans.xml
>> -------------
>>
>> <beans xmlns="http://www.springframework.org/schema/beans"
>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>> xmlns:jaxws="http://cxf.apache.org/jaxws"
>> xsi:schemaLocation="
>> http://www.springframework.org/schema/beans
>> http://www.springframework.org/schema/beans/spring-beans.xsd
>> http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd">
>>
>> <import resource="classpath:META-INF/cxf/cxf.xml" />
>> <import resource="classpath:META-INF/cxf/cxf-extension-soap.xml" />
>> <import resource="classpath:META-INF/cxf/cxf-servlet.xml" />
>>
>> <jaxws:endpoint
>> id="orderProcess"
>> implementor="demo.order.OrderProcessImpl"
>> address="/OrderProcess">
>> <jaxws:inInterceptors>
>> <bean class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor" />
>> <bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
>> <constructor-arg>
>> <map>
>> <entry key="action" value="UsernameToken" />
>> <entry key="passwordType" value="PasswordText" />
>> <entry key="passwordCallbackClass"
>> value="demo.order.ServerPasswordCallback" />
>> </map>
>> </constructor-arg>
>> </bean>
>> </jaxws:inInterceptors>
>> </jaxws:endpoint>
>> </beans>
>>
>>
>>
>
> I am unable to see ServerOut-ClientIn WSS4J Interceptor configuration. For
> each way you require to configure.
>
> With Regards,
> Mayank
>
> Many Thanks in advance.
>>
>> Best Regards,
>> Rahul
>>
>>
>>
>
>
Re: Security header wsse:Security is missing in Response
Posted by Mayank Mishra <ma...@gmail.com>.
rahul.soa wrote:
> Hello CXF Devs,
>
> I am trying to access the secured (usernameToken) webservice deployed on
> tomcat by the java client. I intercepted the exchanged messages via tcpmon,
> which are following:
>
> Request:
> ----------
>
> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Header><wsse:Security
> xmlns:wsse="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
> soap:mustUnderstand="1"><wsse:UsernameToken xmlns:wsse="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
> xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
> wsu:Id="UsernameToken-1"><wsse:Username>ws-client</wsse:Username><wsse:Password
> Type="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password</wsse:Password></wsse:UsernameToken></wsse:Security></soap:Header><soap:Body><ns2:processOrder
> xmlns:ns2="http://order.demo/"><arg0
> /></ns2:processOrder></soap:Body></soap:Envelope>
>
>
> Response:
> -------------
>
> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><ns2:processOrderResponse
> xmlns:ns2="http://order.demo/
> "><return>ORD1234</return></ns2:processOrderResponse></soap:Body></soap:Envelope>
>
>
> Unlike the Request, response does not have the security header. I want to
> know why **security header** (wsse:Security) is missing in the response. Am
> I missing something in the configurations?
>
> Can you please suggest what should I do to solve this problem?
>
> Here are the client and service side configurations:
>
> client-beans.xml
> ---------------------
>
> <beans xmlns="http://www.springframework.org/schema/beans"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> xmlns:jaxws="http://cxf.apache.org/jaxws"
> xsi:schemaLocation="
> http://www.springframework.org/schema/beans
> http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
> http://cxf.apache.org/jaxws http://cxf.apache.org/schema/jaxws.xsd">
>
> <bean id="client" class="demo.order.OrderProcess"
> factory-bean="clientFactory" factory-method="create"/>
>
> <bean id="logIn" class="org.apache.cxf.interceptor.LoggingInInterceptor"
> />
> <bean id="logOut" class="org.apache.cxf.interceptor.LoggingOutInterceptor"
> />
> <bean id="saajOut"
> class="org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor" />
> <bean id="wss4jOut"
> class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
> <constructor-arg>
> <map>
> <entry key="action" value="UsernameToken" />
> <entry key="user" value="ws-client" />
> <entry key="passwordType" value="PasswordText" />
> <entry key="passwordCallbackClass"
> value="demo.order.client.ClientPasswordCallback" />
> </map>
> </constructor-arg>
> </bean>
>
> <bean id="clientFactory"
> class="org.apache.cxf.jaxws.JaxWsProxyFactoryBean">
> <property name="serviceClass" value="demo.order.OrderProcess"/>
> <property name="address" value="
> http://localhost:8080/neworderapp/OrderProcess"/>
> <property name="inInterceptors">
> <list>
> <ref bean="logIn" />
> </list>
> </property>
> <property name="outInterceptors">
> <list>
> <ref bean="logOut" />
> <ref bean="saajOut" />
> <ref bean="wss4jOut" />
> </list>
> </property>
> </bean>
>
> </beans>
>
>
>
> beans.xml
> -------------
>
> <beans xmlns="http://www.springframework.org/schema/beans"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> xmlns:jaxws="http://cxf.apache.org/jaxws"
> xsi:schemaLocation="
> http://www.springframework.org/schema/beans
> http://www.springframework.org/schema/beans/spring-beans.xsd
> http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd">
>
> <import resource="classpath:META-INF/cxf/cxf.xml" />
> <import resource="classpath:META-INF/cxf/cxf-extension-soap.xml" />
> <import resource="classpath:META-INF/cxf/cxf-servlet.xml" />
>
> <jaxws:endpoint
> id="orderProcess"
> implementor="demo.order.OrderProcessImpl"
> address="/OrderProcess">
> <jaxws:inInterceptors>
> <bean class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor" />
> <bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
> <constructor-arg>
> <map>
> <entry key="action" value="UsernameToken" />
> <entry key="passwordType" value="PasswordText" />
> <entry key="passwordCallbackClass"
> value="demo.order.ServerPasswordCallback" />
> </map>
> </constructor-arg>
> </bean>
> </jaxws:inInterceptors>
> </jaxws:endpoint>
> </beans>
>
>
I am unable to see ServerOut-ClientIn WSS4J Interceptor configuration.
For each way you require to configure.
With Regards,
Mayank
> Many Thanks in advance.
>
> Best Regards,
> Rahul
>
>