Łukasz Marczuk [http://community.jboss.org/people/lmarczuk] created the discussion "Problem with securing web service with ws security ( username token )" To view the discussion, visit: http://community.jboss.org/message/560597#560597 -------------------------------------------------------------- Hello, I'am trying to secure web service ( from ejb 3.0 stateless bean) and it is not working. here is my code : Bean : @Stateless @SOAPBinding(style=SOAPBinding.Style.RPC) @SecurityDomain("JBossWS") @EndpointConfig(configName = "Standard WSSecurity Endpoint") @WebService(name="Hello",targetNamespace = " http://test http://test",serviceName = "HelloWSSService") public class HelloBean implements IHello { @WebMethod public String sayHello(String aName) { return "siemanko " + aName; } } // ... some imports   @Stateless @SOAPBinding(style=SOAPBinding.Style.RPC) @SecurityDomain("JBossWS") @EndpointConfig(configName = "Standard WSSecurity Endpoint") @WebService(name="Hello",targetNamespace = "http://test",serviceName = "HelloWSSService") public class HelloBean implements IHello {        @WebMethod      public String sayHello(String aName) {           return "siemanko " + aName;      }   } interface : @SOAPBinding(style = SOAPBinding.Style.DOCUMENT) @EndpointConfig(configName = "Standard WSSecurity Endpoint") @WebService(name="Hello",targetNamespace = "http://test",serviceName = "HelloWSSService") public interface IHello  {                  String sayHello( String name); } In my META-INF folder i put jboss-wsse-server.xml file : <jboss-ws-security xmlns="http://www.jboss.com/ws-security/config"      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"      xsi:schemaLocation="http://www.jboss.com/ws-security/config                       http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">      <config>           <timestamp ttl="300"/>           <requires/>      </config> </jboss-ws-security> Now i deploy my app on server and i test it from SoapUI. <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:test="http://test">    <soapenv:Header/>    <soapenv:Body>       <test:sayHello>          <arg0>?</arg0>       </test:sayHello>    </soapenv:Body> </soapenv:Envelope> And anser : <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">    <env:Header>       <wsse:Security env:mustUnderstand="1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-... xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-w...          <wsu:Timestamp wsu:Id="timestamp">             <wsu:Created>2010-09-06T11:41:38.621Z</wsu:Created>             <wsu:Expires>2010-09-06T11:46:38.621Z</wsu:Expires>          </wsu:Timestamp>       </wsse:Security>    </env:Header>    <env:Body>       <test:sayHelloResponse xmlns:test="http://test">          <return>siemanko ?</return>       </test:sayHelloResponse>    </env:Body> </env:Envelope> Got any idea why i can't secure my web service like that? i tryid it on jboss 4.2.3  , 5.01, 5.1, and 6 actually i work on 5.0.1 with JBoss Web Services - Native Server 3.3.1.GA. Mayby i'm skipping some step or jboss-wsse-server.xml is incorect ? when i put to jboss-wsse-server.xml this : <jboss-ws-security xmlns="http://www.jboss.com/ws-security/config"   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"   xsi:schemaLocation="http://www.jboss.com/ws-security/config                       http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">   <config>     <username/>     <authenticate>       <usernameAuth/>     </authenticate>   </config> </jboss-ws-security>       Also nothing happend and i'am albe to get response without puting principals in header. JBossWS is good configured in login-config.xml Please help. -------------------------------------------------------------- Reply to this message by going to Community [http://community.jboss.org/message/560597#560597] Start a new discussion in JBoss Web Services at Community [http://community.jboss.org/choose-container!input.jspa?contentType=1&...]