[jboss-user] [JBoss Web Services] - Re: Problem with securing web service with ws security ( username token )
Łukasz Marczuk
do-not-reply at jboss.com
Wed Sep 15 06:11:36 EDT 2010
Łukasz Marczuk [http://community.jboss.org/people/lmarczuk] created the discussion
"Re: Problem with securing web service with ws security ( username token )"
To view the discussion, visit: http://community.jboss.org/message/561535#561535
--------------------------------------------------------------
ok so now i've got anwser :
<env:Envelope xmlns:env=" http://schemas.xmlsoap.org/soap/envelope/ http://schemas.xmlsoap.org/soap/envelope/">
<env:Header/>
<env:Body>
<env:Fault>
<faultcode xmlns:wsse=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">wsse:InvalidSecurity</faultcode>
<faultstring>This service requires <wsse:Security>, which is missing.</faultstring>
</env:Fault>
</env:Body>
</env:Envelope>
<env:Envelope xmlns:env=" http://schemas.xmlsoap.org/soap/envelope/ http://schemas.xmlsoap.org/soap/envelope/">
<env:Header/>
<env:Body>
<env:Fault>
<faultcode xmlns:wsse=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">wsse:InvalidSecurity</faultcode>
<faultstring>This service requires <wsse:Security>, which is missing.</faultstring>
</env:Fault>
</env:Body>
</env:Envelope>
so i insert only timestamp to my soap request :
<soapenv:Envelope xmlns:soapenv=" http://schemas.xmlsoap.org/soap/envelope/ http://schemas.xmlsoap.org/soap/envelope/" xmlns:test=" http://test http://test">
<soapenv:Header>
<wsse:Security soapenv:mustUnderstand="1" xmlns:wsse=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsu:Timestamp wsu:Id="Timestamp-59" xmlns:wsu=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsu:Created>2010-09-13T07:49:59.635Z</wsu:Created>
<wsu:Expires>2010-09-13T07:50:59.635Z</wsu:Expires>
</wsu:Timestamp>
</wsse:Security>
</soapenv:Header>
<soapenv:Body>
<test:sayHello>
<arg0>?</arg0>
</test:sayHello>
</soapenv:Body>
</soapenv:Envelope>
and i got anwser :
<env:Envelope xmlns:env=" http://schemas.xmlsoap.org/soap/envelope/ http://schemas.xmlsoap.org/soap/envelope/">
<env:Header>
<wsse:Security env:mustUnderstand="1" xmlns:ds=" http://www.w3.org/2000/09/xmldsig# http://www.w3.org/2000/09/xmldsig#" xmlns:wsse=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsu:Timestamp wsu:Id="timestamp">
<wsu:Created>2010-09-13T07:50:19.788Z</wsu:Created>
<wsu:Expires>2010-09-13T07:55:19.788Z</wsu:Expires>
</wsu:Timestamp>
</wsse:Security>
</env:Header>
<env:Body>
<test:sayHelloResponse xmlns:test=" http://test http://test">
<return>siemanko ?</return>
</test:sayHelloResponse>
</env:Body>
</env:Envelope>
So in my request there is no username token, only timestamp and a got answer. But i need to secure it with username. Any idea?
--------------------------------------------------------------
Reply to this message by going to Community
[http://community.jboss.org/message/561535#561535]
Start a new discussion in JBoss Web Services at Community
[http://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2044]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jboss-user/attachments/20100915/55e2d731/attachment-0001.html
More information about the jboss-user
mailing list