(any intellij-firefox users get bitten by ctrl-w closing windows in firefox? This is literally the 3rd time I try to write this post. Need to figure out how to change that key binding)
So I'm having some issue getting wss authentication working from a client using JaxPortProxyFactoryBean. Most of the forum posts and search results seem to indicate that setting the username and password fields in the FactoryBean would solve the problem but that doesn't seem to be the case. I get:
when I try invoking an authenticated service and I've checked the state of the class and verified correct setting of the username and password fields before the delegated call.invoke to the axis call implementation.
nested exception is WSDoAllReceiver: Request does not contain required Security header
the midtier is expecting something in this form:
but sniffing the soap post it's clear that no header is being sent at all. I've tried coding a handler myself and registering it into the service proxy with a post processor. Which works, but I seem to be having trouble manually building a security header that would satisfy my web service.
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1">
<wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-7691763">
<wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="UsernameToken-1364036">
I'm guessing the lack of wsu:Id doesn't help, and I'm not exactly sure how I would go about building the correct timestamp programmatically. In fact finding information on how these things should be put together is tricky.
public void handleRequest(...
SOAPEnvelope envelope = msg.getSOAPPart().getEnvelope();
SOAPHeader header = envelope.getHeader();
SOAPElement securityHeader = header.addChildElement("wsse:Security", "wsse", securityHeaderUri);
SOAPElement usernameToken = securityHeader.addChildElement("wsse:UsernameToken", "wsu", usernameTokenUri);
SOAPElement passwordToken = usernameToken.addChildElement("wsse:Passord");
So I'm thinking there must be an easier way. Surely most people need to use WSS authentication when they use this proxy factory bean. So does anybody have any pointers on how to get this working? I've spent way too long on what seems like such a trivial thing as putting credentials into a soap header.