JBoss Community

Re: Problem with securing web service with ws security ( username token )

created by Ɓukasz Marczuk in JBoss Web Services - View the full discussion

ok so now i've got anwser :

 

<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">
   <env:Header/>
   <env:Body>
      <env:Fault>
         <faultcode xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">wsse:InvalidSecurity</faultcode>
         <faultstring>This service requires &lt;wsse:Security>, which is missing.</faultstring>
      </env:Fault>
   </env:Body>
</env:Envelope>

<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">

   <env:Header/>

   <env:Body>

      <env:Fault>

         <faultcode xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">wsse:InvalidSecurity</faultcode>

         <faultstring>This service requires &lt;wsse:Security>, which is missing.</faultstring>

      </env:Fault>

   </env:Body>

</env:Envelope>

 

 

 

 

so i insert only timestamp to my soap request :

 

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:test="http://test">

   <soapenv:Header>

      <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">

         <wsu:Timestamp wsu:Id="Timestamp-59" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">

            <wsu:Created>2010-09-13T07:49:59.635Z</wsu:Created>

            <wsu:Expires>2010-09-13T07:50:59.635Z</wsu:Expires>

         </wsu:Timestamp>

      </wsse:Security>

   </soapenv:Header>

   <soapenv:Body>

      <test:sayHello>

         <arg0>?</arg0>

      </test:sayHello>

   </soapenv:Body>

</soapenv:Envelope>

 

 

and i got anwser :

 

<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">

   <env:Header>

      <wsse:Security env:mustUnderstand="1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">

         <wsu:Timestamp wsu:Id="timestamp">

            <wsu:Created>2010-09-13T07:50:19.788Z</wsu:Created>

            <wsu:Expires>2010-09-13T07:55:19.788Z</wsu:Expires>

         </wsu:Timestamp>

      </wsse:Security>

   </env:Header>

   <env:Body>

      <test:sayHelloResponse xmlns:test="http://test">

         <return>siemanko ?</return>

      </test:sayHelloResponse>

   </env:Body>

</env:Envelope>

 

 

So in my request there is no username token, only timestamp and a got answer. But i need to secure it with username. Any idea?

Reply to this message by going to Community

Start a new discussion in JBoss Web Services at Community