Hi there,

I am trying to configure servicemix-http to use WS-Security UsernameToken based authentication. My http bc consumer reads:

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns:http="http://servicemix.apache.org/http/1.0"
       xmlns:greeter="http://apache.org/hello_world_soap_http"
       xmlns:soap="http://servicemix.apache.org/soap/1.0">
  <http:endpoint service="greeter:SOAPServiceWSSecurity"
    endpoint="TimestampSignEncrypt"
    role="consumer"
    targetService="greeter:SOAPServiceWSSecurity"
    targetEndpoint="TimestampSignEncrypt"
    targetInterfaceName="greeter:Greeter"
    defaultOperation ="greeter:greetMe"
    locationURI="http://localhost:9000/"
    defaultMep="http://www.w3.org/2004/08/wsdl/in-out"
    soap="false">
    <http:policies>
      <soap:ws-security receiveAction="UsernameToken" />
    </http:policies>
  </http:endpoint>
</beans>

My external client correctly sends a WS-Security header in the SOAP request with username and password digest information.

However, the http bc fails to process the message with an IllegalStateException.

I debugged through the code and noticed that ConsumerProcess.process() creates a SOAPMessage object and assignes the stream Source to the SOAPMessage correctly.

SoapMessage message = soapHelper.getSoapMarshaler().createReader().read(request.getInputStream(), request.getHeader(HEADER_CONTENT_TYPE));

It then calls

exchange = soapHelper.onReceive(ctx);

which iteratest through all policy handlers and calls WSSecurityHandler.onReceive(). That method tries to get the Document from the SOAPMessage object, however the Document has not been set yet (only the stream Source is set on the SOAPMessage object), so this returns null, causing the IllegalStateException.

Am I missing any essential configuration to get the authentication working?

By who and when is the document supposed to be set on the SoapMessage object?

Edited by: tmielke on May 8, 2008 11:09 AM