Missing username in ws-security using marshaller
Hi,
I am setting up ws-security using wss4j, but the client drops the username from the request.
Here is my dump of soap message:
If I copy it to soapui and populate the username field, it works.Code:<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"> <SOAP-ENV:Header> <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" SOAP-ENV:mustUnderstand="1"> <wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="UsernameToken-27799186" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <wsse:Username xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"/> <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">foobar</wsse:Password> </wsse:UsernameToken> </wsse:Security> </SOAP-ENV:Header> <SOAP-ENV:Body> <ns3:RegisterPersonRequest xmlns:ns3="http://blah/server/schema" xmlns=""> </ns3:RegisterPersonRequest> </SOAP-ENV:Body> </SOAP-ENV:Envelope>
Here is my client side configuration:
And this is the code bit:Code:<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:tx="http://www.springframework.org/schema/tx" xmlns:oxm="http://www.springframework.org/schema/oxm" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd http://www.springframework.org/schema/oxm http://www.springframework.org/schema/oxm/spring-oxm-1.5.xsd"> <bean id="securityInterceptor" class="org.springframework.ws.soap.security.wss4j.Wss4jSecurityInterceptor"> <property name="securementActions" value="UsernameToken"/> <property name="securementPasswordType" value="PasswordText"/> <property name="securementUsername" value="donald-duck"/> <property name="securementPassword" value="foobar"/> </bean> <oxm:jaxb2-marshaller id="marshaller" contextPath="blah.server.schema"/> <bean id="service" abstract="true"> <property name="marshaller" ref="marshaller" /> <property name="defaultUri" value="http://localhost:8820/services/"/> <property name="interceptors"> <list> <ref local="securityInterceptor"/> </list> </property> </bean> </beans>
Code:import org.apache.commons.logging.*; import org.springframework.oxm.jaxb.Jaxb2Marshaller; import org.springframework.ws.client.core.WebServiceTemplate; import org.springframework.ws.client.core.support.WebServiceGatewaySupport; import org.springframework.xml.transform.StringResult; public abstract class AbstractClientWebservice extends WebServiceGatewaySupport { protected final Log log = LogFactory.getLog(this.getClass()); protected static final ObjectFactory objectFactory = new ObjectFactory(); protected Object send(Object message) { long startTime= System.currentTimeMillis(); try { // StringResult result = new StringResult(); // getMarshaller().marshal(message, result); Object response = getWebServiceTemplate().marshalSendAndReceive(message); return response; } catch (Exception ex) { ex.printStackTrace(); throw new RuntimeException(ex); } finally { long endTime = System.currentTimeMillis(); // this.serviceCallTime = endTime - startTime; } } }
So it seems to me that using the marshaller to send and receive drops the username form the soap message?
(Usually when I am convinced the framework is to blame, I realise a day later that I missed something crucial...)
I am using Spring WS 1.5.3. But maybe I got a buggy transative dependency?
Not really relevant, as it is the sent message that is wrong, but here is my server side:
Code:<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:security="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:tx="http://www.springframework.org/schema/tx" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.2.xsd"> <bean id="securityInterceptor" class="org.springframework.ws.soap.security.wss4j.Wss4jSecurityInterceptor"> <property name="validationActions" value="UsernameToken"/> <property name="securementActions" value="Timestamp"/> <property name="timestampPrecisionInMilliseconds" value="true"/> <property name="validationCallbackHandler" ref="acegiHandler" /> </bean> <bean id="acegiHandler" class="org.springframework.ws.soap.security.wss4j.callback.SpringPlainTextPasswordValidationCallbackHandler"> <property name="authenticationManager" ref="authenticationManager"/> </bean> <!-- <bean id="acegiHandler" class="org.springframework.ws.soap.security.wss4j.callback.SpringDigestPasswordValidationCallbackHandler"> <property name="userDetailsService" ref="userDetailsService"/> </bean> --> <bean id="authenticationManager" class="org.springframework.security.providers.ProviderManager"> <property name="providers"> <bean class="org.springframework.security.providers.dao.DaoAuthenticationProvider"> <property name="userDetailsService" ref="userDetailsService"/> </bean> </property> </bean> <security:user-service id="userDetailsService"> <security:user name="donald-duck" password="foobar" authorities="ROLE_CLIENT" /> </security:user-service> Any ideas? Anyone experienced the same? </beans>
Reply With Quote
