Hi,

I am trying to use Spring WebService security using Wss4jSecurityInterceptor with SimplePasswordValidationCallbackHandler. When I send the request through Soap UI, I am getting the below response. Please help me to resolve the issue.

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Body>
<soapenv:Fault>
<faultcode>soapenv:Client</faultcode>
<faultstring xml:lang="en">The security token could not be authenticated or authorized; nested exception is org.apache.ws.security.WSSecurityException: The security token could not be authenticated or authorized</faultstring>
</soapenv:Fault>
</soapenv:Body>
</soapenv:Envelope>

Here is my Soap UI request

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:mes="http://rewardsnetwork.com/service/merchant/integration/messages">
<soapenv:Header>
<wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken wsu:Id="UsernameToken-26993204" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:Username>Temp</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">User</wsse:Password>
<wsse:Nonce>MW7JmYsaQIrM8DD63cdN3Q==</wsse:Nonce>
<wsu:Created>2011-11-05T19:34:47Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
<soapenv:Body>
<mes:GetBonusMerchantsByChildMupRequest>
<mes:childMup>z</mes:childMup>
<mesrofile>WEB</mesrofile>
</mes:GetBonusMerchantsByChildMupRequest>
</soapenv:Body>
</soapenv:Envelope>

Here is server configuration for Interceptor and callback handler

<!-- Interceptors -->

<bean id="callbackHandler" class="org.springframework.ws.soap.security.wss4j. callback.SimplePasswordValidationCallbackHandler">
<property name="users">
<props>
<prop key="Temp">User</prop>
<prop key="Temp2">User2</prop>
</props>
</property>
</bean>


<!-- Endpoint -->
<bean id="annotationPayloadRootEndpointMapping"
class="org.springframework.ws.server.endpoint.mapp ing.PayloadRootAnnotationMethodEndpointMapping">
<description>Detects @PayloadRoot annotations on @Endpoint bean methods.</description>
<property name="interceptors">
<list>
<bean class="org.springframework.ws.server.endpoint.inte rceptor.PayloadLoggingInterceptor"/>
<bean class="org.springframework.ws.soap.server.endpoint .interceptor.PayloadValidatingInterceptor">
<property name="xsdSchemaCollection" ref="schemaCollection"/>
<property name="validateRequest" value="true"/>
<property name="validateResponse" value="true"/>
</bean>
<bean class="org.springframework.ws.soap.security.wss4j. Wss4jSecurityInterceptor">
<property name="validateRequest" value="true"/>
<property name="secureResponse" value="false"/>
<property name="securementActions" value="NoSecurity"/>

<property name="validationActions" value="UsernameToken" />
<property name="validationCallbackHandler" ref="callbackHandler" />
</bean>
</list>
</property>
<property name="order" value="1"/>
</bean>

I could see the error in tomcat server console as below:

2011-11-03 11:28:24,004 WARN [org.springframework.ws.soap.security.wss4j.Wss4jSe curityInterceptor] - Could not validate request: The security token could not be authenticated or authorized; nested exception is org.apache.ws.security.WSSecurityException: The security token could not be authenticated or authorized


Thanks
Satya