[jboss-user] [JBoss Web Services] - Re: Implementing WS-Security Usename Token Profile Authentic

jayblanc54 do-not-reply at jboss.com
Fri Aug 21 06:55:50 EDT 2009 

Thanks alessio, setting StubExt.PROPERTY_AUTH_TYPE works fine.

I have also a problem with SoapUI Digest which always give me an Invalid User.

for exemple : using kermit/thefrog, the generated request for SoapUI is : 


  | <soapenv:Envelope xmlns:hel="http://org.qualipso.factory.ws/helloworld" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
  |    <soapenv:Header>
  |       <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
  |          <wsse:UsernameToken wsu:Id="UsernameToken-10666036" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
  |             <wsse:Username>kermit</wsse:Username>
  |             <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">a4QMImbwZWY5ofgqZQK7SqkWF9M=</wsse:Password>
  |             <wsse:Nonce>bEC2QeCam1oBnj+wpGBPQw==</wsse:Nonce>
  |             <wsu:Created>2009-08-21T10:47:42.580Z</wsu:Created>
  |          </wsse:UsernameToken>
  |       </wsse:Security>
  |    </soapenv:Header>
  |    <soapenv:Body>
  |       <hel:sayHelloWorld/>
  |    </soapenv:Body>
  | </soapenv:Envelope>
  | 

Whereas the generated request for the same credentials using the jboss endorsed JAX-WS 2.1 client is : 


  | <env:Envelope xmlns:env='http://schemas.xmlsoap.org/soap/envelope/'>
  |   <env:Header>
  |     <wsse:Security env:mustUnderstand='1' xmlns:wsse='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd' xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'>
  |      <wsu:Timestamp wsu:Id='timestamp'> 
  |       <wsu:Created>2009-08-21T10:49:48.298Z</wsu:Created>
  |       <wsu:Expires>2009-08-21T10:54:48.298Z</wsu:Expires>
  |      </wsu:Timestamp>
  |      <wsse:UsernameToken wsu:Id='token-1-1250851788299-24072801'>
  |       <wsse:Username>kermit</wsse:Username>
  |       <wsse:Password Type='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest'>oOxvxKABFwsUfCvOpjE+GfyrQJs=</wsse:Password>
  |       <wsse:Nonce EncodingType='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary'>NXS4XKiKBe9eaJdiAjtCG23A1e3w3wZ9j38POOu4Dvg=</wsse:Nonce>
  |       <wsse:Created>2009-08-21T10:49:48.289Z</wsse:Created>
  |      </wsse:UsernameToken>
  |     </wsse:Security>
  |   </env:Header>
  |   <env:Body>
  |      <ns1:sayHelloWorld xmlns:ns1='http://org.qualipso.factory.ws/helloworld'></ns1:sayHelloWorld>
  |   </env:Body>
  | </env:Envelope>
  | 

I don't understand why the SoapUI client is not able to authenticate using the same configuration...

View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4250851#4250851

Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4250851

More information about the jboss-user mailing list