[jboss-user] [JBossWS] - Re: Implementing WS-Security Usename Token Profile Authentic

[PedroSena]

Hi,

I'm trying to implement this solution, but for some reason, the authentication mecanism is not reading correctly my Soap Header.

I saw in log:

2009-06-01 11:09:24,265 DEBUG [org.jboss.security.auth.spi.UsersRolesLoginModule] Bad password for username=null
  | 2009-06-01 11:09:24,265 DEBUG [org.jboss.ejb3.security.Ejb3AuthenticationInterceptor] Authentication failure
  | javax.security.auth.login.FailedLoginException: Password Incorrect/Password Required
  | 	at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:213)
  | 

And I'm sending:

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ns1="http://www.netsar.com.br/tnw/bus">
  |    <soapenv:Header>
  |       <wsse:Security soapenv:mustUnderstand="1" 
  | 	xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
  |  xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
  |          <wsse:UsernameToken wsu:Id="token-1-1236072936329-25515818">
  |             <wsse:Username>submarino</wsse:Username>
  |             <wsse:Password
  | Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">subm4r1n0</wsse:Password>
  |          </wsse:UsernameToken>
  |       </wsse:Security>
  |    </soapenv:Header>
  |    <soapenv:Body>
  |    </soapenv:Body>
  | </soapenv:Envelope>

I'm testing it from SoapUI, the message was made manually.

I created a new login entry on login-config.xml, its loading properly the users, but its not authenticating.

Would appreciate some help here,

Regards,

PS

View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4234486#4234486

Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4234486