2 Replies Latest reply on Dec 4, 2018 9:53 AM by cqmcris

Web service client with Username token authentication problem

sreedhar_45 Nov 5, 2012 10:16 AM

Hi,

We have got a webservice with the following security policy from the client.

<wsp:Policy orawsp:provides="{http://docs.oasis-open.org/ns/opencsa/sca/200903}authentication, {http://docs.oasis-open.org/ns/opencsa/sca/200903}clientAuthentication, {http://docs.oasis-open.org/ns/opencsa/sca/200903}clientAuthentication.message, {http://schemas.oracle.com/ws/2006/01/policy}token.usernamePassword" wsu:Id="wss_username_token_service_policy" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:orawsp="http://schemas.oracle.com/ws/2006/01/policy" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

<sp:SupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">

<wsp:Policy>

<sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">

<wsp:Policy>

<sp:WssUsernameToken10/>

</wsp:Policy>

</sp:UsernameToken>

</wsp:Policy>

</sp:SupportingTokens>

</wsp:Policy>

We generated client classes using the Java JAX-WS tool from the wsdl(used the wsimport command).Afer that used the SecurityHandler class( attached the file) which incorporates the securtiy information in the handleMessage() method.

When i called the web service method from a standlone client class ,security authentication is done and got the webservice response.

But when accessing the webservice from the application deployed from JBoss7.1.0,Security Handler's handleMessage() method is not invoked due to this i am getting the excetion as

org.apache.cxf.ws.policy.PolicyException: No username available
at org.apache.cxf.ws.security.wss4j.UsernameTokenInterceptor.policyNotAsserted(UsernameTokenInterceptor.java:398)
at org.apache.cxf.ws.security.wss4j.UsernameTokenInterceptor.addUsernameToken(UsernameTokenInterceptor.java:341)
at org.apache.cxf.ws.security.wss4j.UsernameTokenInterceptor.addUsernameToken(UsernameTokenInterceptor.java:267)
at org.apache.cxf.ws.security.wss4j.UsernameTokenInterceptor.handleMessage(UsernameTokenInterceptor.java:112)
at org.apache.cxf.ws.security.wss4j.UsernameTokenInterceptor.handleMessage(UsernameTokenInterceptor.java:76)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:263)
at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:531)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:461)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:364)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:317)
at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:88)

00:05:21,350 ERROR [stderr] (http--192.168.172.142-8080-1) Caused by: org.apache.cxf.ws.policy.PolicyException: No username available

Please let me know where is the issue?

Thanks in advance,

Sridhar

SecurityHandler.java.zip 1.0 KB

1. Re: Web service client with Username token authentication problem

cqmcris Nov 29, 2018 9:32 PM (in response to sreedhar_45)

I have the same exception.
I added some namespaces to Sridhar's class:
@Override
public boolean handleMessage(final SOAPMessageContext msgCtx) {
final Boolean outInd = (Boolean) msgCtx.get(MessageContext.MESSAGE_OUTBOUND_PROPERTY);
SOAPMessage message = msgCtx.getMessage();
if (outInd) {
try {
   final SOAPEnvelope envelope = msgCtx.getMessage().getSOAPPart().getEnvelope();
SOAPHeader header = envelope.getHeader();
   if (header == null)
header = envelope.addHeader();
   final SOAPElement security = header.addChildElement("Security", "wsse",
   "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
   final SOAPElement userToken = security.addChildElement("UsernameToken", "wsse");
userToken.addAttribute(new QName("xmlns:wsu"), "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
userToken.addChildElement("Username", "wsse").addTextNode(this.getUser());
SOAPElement password = userToken.addChildElement("Password", "wsse");
password.setAttribute("Type", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText");
password.addTextNode(this.getPassword());
message.writeTo(System.out);
System.out.println("");
} catch (final Exception e) {
e.printStackTrace();
   return false;
}
}
return true;
}

In logs show this (I formatted):
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
   <wsse:UsernameToken>
   <wsse:Username>BUNWEBSERVICE2</wsse:Username>
   <wsse:Password
   Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">8uni0nWS2
   </wsse:Password>
   </wsse:UsernameToken>
</wsse:Security>
</soap:Header>
<soap:Body>
<GetIndividualReport5 xmlns="http://tempuri.org/">
   <titular>
   <TipoDocumento>1001</TipoDocumento>
   <Documento>2696504</Documento>
   </titular>
   <usuario>
   <Documento>35555553</Documento>
   <NombreCompleto>Mauricio Limarino Alcazar</NombreCompleto>
   </usuario>
</GetIndividualReport5>
</soap:Body>
</soap:Envelope>

Note.- It works If I send this XML using soapUI.

Please help me.
Actions
2. Re: Web service client with Username token authentication problem

cqmcris Dec 4, 2018 9:53 AM (in response to cqmcris)

I solved this issue.
I realized that is not necessary to handle the soap message, I only added the next two lines in WebserviceCaller.configureService method.
bindingProvider.getRequestContext().put("ws-security.username", "username");
bindingProvider.getRequestContext().put("ws-security.password", "password");
Actions

Go to original post