What are you trying to achieve? Is the target ws endpoint using WS-SecurityPolicy or not? If it is, you're most likely missing part of the configuration in the context (see https://docs.jboss.org/author/display/JBWS/WS-Security#WS-Security-Client ), if it's not then you're using wrong context properties (see "Use binding provider to set principal/credential" at https://docs.jboss.org/author/display/JBWS/Authentication)

Knowing what exception is actually being thrown on server side might help.

ok, if you're expected to use ws-security policy and you notice the username token is missing in the message going on the wire, then this is related to the fact you're not specifying all the required parameters into the message context; again please have a look at https://docs.jboss.org/author/display/JBWS/WS-Security#WS-Security-Client

Alessio,

I have the same problem and use the same code on my client:

Map<String, Object> ctx = ((BindingProvider) port).getRequestContext();
                              ctx.put("ws-security.username", userName);
                              ctx.put("ws-security.password", password)

Which by the way is the code provided as example from JBoss and CXF documentation you provided. They state that setting those properties should be enough for a client to send WS-Security UsernameToken headers. But they don't. And I can't find on the docs what else to do.

On google I find lots of posts telling to develop and install my own SOAP handler, but I expected CXF or JBoss AS should have those ready for use, it should be a simple matter of configuring System Properties somwhere.

Folks, you're setting wrong parameters in the message context, please have a look at the page I linked before, in particular section "Authentication and authorization" -> "Client".

The jbossws-cxf testsuite and binary distribution comes with example of this btw, see http://anonsvn.jboss.org/repos/jbossws/stack/cxf/tags/jbossws-cxf-4.1.0.Final/modules/testsuite/cxf-tests/src/test/java/org/jboss/test/ws/jaxws/samples/wsse/policy/basic/UsernameTestCase.java

Hi Carlo,

to be honest, I forgot about that scenario (no usage of callback handler), sorry. In any case, I've just tried it and it's working as expected, see the passing testcase I've just added to the jbossws-cxf testsuite: http://viewvc.jboss.org/cgi-bin/viewvc.cgi/jbossws?view=revision&revision=16997

Not sure I get what you mean... what's the question?

Hi Alessio,

I followed your hints, jboss-ws and cxf docs the best as I coud, and took a look to the testcases your provided the links. Nothing worked. My goal is getting the simpler working consumer for a WS-Security Username Token enabled service.

I'm using jboss as 7.1.1 and eclipse juno SR1 under Fedora 17 and with jboss-tools-4.0.0-beta1 and OpenJDK7.

Started from a working sample internet service, avaibable online as http://parabank.parasoft.com/parabank/services/store-wss-01?wsdl (info about the sampe at http://parabank.parasoft.com/parabank/services.htm).

It looks the WSDL from that service nas no WS-Policy definitions, but I can consume it using SoapUI and setting the request property WSS-Password Type to "PasswordText".

Used Eclipse/JBoss Tools wizzards to create a sample client. The client is a Java SE app, although it is inside a Dynamic Web Project. Added cfx and wss4j jars from jboss to the project classpath, so I can get CXF classes. It doesn't worked with or without the handler.

Here's the code:

package testwsse.bookstore.auth.clientsample;

import java.util.List;

import javax.xml.ws.BindingProvider;

import org.apache.cxf.ws.security.SecurityConstants;

import testwsse.bookstore.auth.*;

public class ClientSample {

    public static void main(String[] args) throws java.lang.Exception {

            System.out.println("***********************");

            System.out.println("Create Web Service Client...");

            Bookstore_Service service1 = new Bookstore_Service();

            System.out.println("Create Web Service...");

            Bookstore port1 = service1.getCartServicePort();

            System.out.println("Configuring WS-Security...");           

            //XXX won't work

            ((BindingProvider)port1).getRequestContext().put(SecurityConstants.USERNAME, "soatest");

            ((BindingProvider)port1).getRequestContext().put(SecurityConstants.PASSWORD, "soatest");

            //XXX won't work either, callback is never called

            //((BindingProvider)port1).getRequestContext().put(SecurityConstants.USERNAME, "soatest");

            //((BindingProvider)port1).getRequestContext().put(SecurityConstants.CALLBACK_HANDLER,

            //      "testws.bookstore.auth.clientsample.UsernamePasswordCallback");

            System.out.println("Call Web Service Operation...");

            List<Book> livros = port1.getItemByTitle("Java");

            System.out.println("Found: " + livros.size() + " books.");

            for (Book livro : livros) {

                System.out.println("Book Title: " + livro.getName());

                for (String autor: livro.getAuthors()) {

                    System.out.println("Author: " + autor);

                }

            }

            System.out.println("***********************");

            System.out.println("Call Over!");

    }

}

And here's the result:

***********************

Create Web Service Client...

Create Web Service...

Configuring WS-Security...

Call Web Service Operation...

Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: An error was discovered processing the <wsse:Security> header

    at com.sun.xml.internal.ws.fault.SOAP11Fault.getProtocolException(SOAP11Fault.java:178)

    at com.sun.xml.internal.ws.fault.SOAPFaultBuilder.createException(SOAPFaultBuilder.java:111)

    at com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:108)

    at com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:78)

    at com.sun.xml.internal.ws.client.sei.SEIStub.invoke(SEIStub.java:129)

    at $Proxy32.getItemByTitle(Unknown Source)

    at testwsse.bookstore.auth.clientsample.ClientSample.main(ClientSample.java:34)

Alessio,

You can download my Eclipse project from http://www.lozano.eti.br/TestWSSE.zip. What is missing?

Thanks in advance.

Ok, so basically you're trying to use WS-Security UT for invoking an endpoint whose wsdl contract does not advertise that. That's why the ws-security is not automatically configured. So you have 2 options:

A) produce a locally modified version of that wsdl with proper ws-security policy and consume that with your client

B) programmatically (or through jbossws-cxf spring integration) configure ws-security in your client; see e.g. http://anonsvn.jboss.org/repos/jbossws/stack/cxf/tags/jbossws-cxf-4.1.0.Final/modules/testsuite/cxf-spring-tests/src/test/java/org/jboss/test/ws/jaxws/samples/wsse/UsernameTestCase.java

Btw, please note that from the stacktrace above your client is currently using Metro (JAXWS RI) instead of jbossws-cxf JAXWS implementation.

Alessio,

Thanks for the hints, but:

1) I tried to programatically configure ws-security, following jbossws docs. It didn't worked. My code is the same as the samples in the docs. It looks to me the same as in UsernameTestCase, I had already read those sources.

2) My Eclipse project has just jboss as 7.1.1 configured as runtime and target server. I don't have any other server in the Eclipse workspace and have not downloaded Metro. How could Metro be used instead of the jboss-suplied Apache CXF?