0 Replies Latest reply on Nov 5, 2012 10:16 AM by sreedhar y

    Web service client with Username token authentication problem

    sreedhar y Newbie

      Hi,

       

      We have got a  webservice with the following security policy from the client.

       

      <wsp:Policy orawsp:provides="{http://docs.oasis-open.org/ns/opencsa/sca/200903}authentication, {http://docs.oasis-open.org/ns/opencsa/sca/200903}clientAuthentication, {http://docs.oasis-open.org/ns/opencsa/sca/200903}clientAuthentication.message, {http://schemas.oracle.com/ws/2006/01/policy}token.usernamePassword" wsu:Id="wss_username_token_service_policy" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:orawsp="http://schemas.oracle.com/ws/2006/01/policy" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

      <sp:SupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">

      <wsp:Policy>

      <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">

      <wsp:Policy>

      <sp:WssUsernameToken10/>

      </wsp:Policy>

      </sp:UsernameToken>

      </wsp:Policy>

      </sp:SupportingTokens>

      </wsp:Policy>

       

      We generated client classes using the Java JAX-WS tool from the wsdl(used the wsimport command).Afer that used the SecurityHandler  class( attached the file)  which incorporates the securtiy information in the handleMessage() method.

       

      When i called the web service method from a standlone client class ,security authentication is done and got the webservice response.

      But when accessing the webservice from the application deployed from JBoss7.1.0,Security Handler's handleMessage() method is not invoked due to this i am getting the excetion as

       

      org.apache.cxf.ws.policy.PolicyException: No username available
      at org.apache.cxf.ws.security.wss4j.UsernameTokenInterceptor.policyNotAsserted(UsernameTokenInterceptor.java:398)
      at org.apache.cxf.ws.security.wss4j.UsernameTokenInterceptor.addUsernameToken(UsernameTokenInterceptor.java:341)
      at org.apache.cxf.ws.security.wss4j.UsernameTokenInterceptor.addUsernameToken(UsernameTokenInterceptor.java:267)
      at org.apache.cxf.ws.security.wss4j.UsernameTokenInterceptor.handleMessage(UsernameTokenInterceptor.java:112)
      at org.apache.cxf.ws.security.wss4j.UsernameTokenInterceptor.handleMessage(UsernameTokenInterceptor.java:76)
      at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:263)
      at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:531)
      at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:461)
      at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:364)
      at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:317)
      at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:88)

      00:05:21,350 ERROR [stderr] (http--192.168.172.142-8080-1) Caused by: org.apache.cxf.ws.policy.PolicyException: No username available

       

       

      Please let me know where is the issue?

       

       

      Thanks in advance,

      Sridhar