HELP simple http authentication

[kanonmicke]

Hi!

Have been struggling for a loong time to get the most simple example with http authentincation to work, my purpose is to make a webservice available for customers to call.
Im pretty sure I have my config correct sat:

<bean id="wsSecurityInterceptor" class="org.springframework.ws.soap.security.xwss.X wsSecurityInterceptor">
<property name="secureResponse" value="false"/>
<property name="policyConfiguration" value="/WEB-INF/securityPolicy.xml"/>
<property name="callbackHandlers">
<ref bean="passwordValidationHandler"/>
</property>
</bean>

<bean id="passwordValidationHandler" class="org.springframework.ws.soap.security.xwss.c allback.SimplePasswordValidationCallbackHandler">
<property name="users">
<props>
<prop key="Jimmy">Henrix</prop>
</props>
</property>
</bean>
<bean class="org.springframework.ws.server.endpoint.mapp ing.PayloadRootQNameEndpointMapping">
<property name="defaultEndpoint" ref="newCustomerEndpoint" />
<property name="interceptors">
<list>
<ref local="validatingInterceptor" />
<ref local="loggingInterceptor" />
<ref local="wsSecurityInterceptor"/>
</list>
</property>
</bean>


I have a securityPolicy looking like this:
<xwss:SecurityConfiguration xmlns:xwss="http://java.sun.com/xml/ns/xwss/config">
<xwss:RequireUsernameToken passwordDigestRequired="false" nonceRequired="false"/>
</xwss:SecurityConfiguration>

My problem is probably how I set up my .xsd file and the way I call it from soupUI.
My xsd looks like this:

<?xml version="1.0" encoding="UTF-8"?>
<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:hr="http://mycompany.com/ws/schemas"
elementFormDefault="qualified"
targetNamespace="http://mycompany.com/ws/schemas">
<xs:element name="NewCustomerRequest">
<xs:complexType>
<xs:all>
<xs:element name="UsernameToken" type="hr:UsernameToken_T"/>
<xs:element name="Customer" type="hr:CustomerType"/>
</xs:all>
</xs:complexType>
</xs:element>
<xs:complexType name="CustomerType">
<xs:sequence>
<xs:element name="ResellerId" type="xs:string"/>
<xs:element name="IdentificationNumber" type="xs:string"/>
</xs:sequence>
</xs:complexType>
<xs:complexType name="UsernameToken_T">
<xs:attribute name="name" type="xs:string" use="optional"/>
<xs:attribute name="password" type="xs:string" use="optional"/>
</xs:complexType>
<xs:element name="NewCustomerResponse" type="xs:string"/>
</xs:schema>


And the code in my soupUI looks like this:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:sch="http://mycompany.com/ws/schemas" xmlns:xwss="http://java.sun.com/xml/ns/xwss/config">
<soapenv:Header/>
<soapenv:Body>
<sch:NewCustomerRequest>
<UsernameToken name="Jimmy" password="Henrix"/>
<sch:Customer>
<sch:ResellerId>11some_reseller111</sch:ResellerId>
<sch:IdentificationNumber>111some_idnum111</sch:IdentificationNumber>
</sch:Customer>
</sch:NewCustomerRequest>
</soapenv:Body>
</soapenv:Envelope>

The reply from soupUI says....
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-ENV:Header/>
<SOAP-ENV:Body>
<SOAP-ENV:Fault>
<faultcode>SOAP-ENV:Client</faultcode>
<faultstring xml:lang="en">Validation error</faultstring>
<detail>
<spring-ws:ValidationError xmlns:spring-ws="http://springframework.org/spring-ws">cvc-complex-type.2.4.a: Invalid content was found starting with element 'UsernameToken'. One of '{"http://mycompany.com/ws/schemas":UsernameToken, "http://mycompany.com/ws/schemas":Customer}' is expected.</spring-ws:ValidationError>
</detail>
</SOAP-ENV:Fault>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>

// a doubtfull spring-ws user.

[kanonmicke]

I changed my soupUI call to look like this...

Code:

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:sch="http://minuc.se/ws/schemas">
<soapenv:Header>
<wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="HTTPdocs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken wsu:Id="UsernameToken-27777511" xmlns:wsu="HTTPdocs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:Username>Jimmy</wsse:Username>
<wsse:Password Type="HTTPdocs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">Henrix</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
   <soapenv:Body>
      <sch:NewCustomerRequest>
        <sch:Customer>
            <sch:ResellerId>112</sch:ResellerId>
            <sch:IdentificationNumber>196807020570</sch:IdentificationNumber>
         </sch:Customer>
      </sch:NewCustomerRequest>
   </soapenv:Body>
</soapenv:Envelope>

This will only produce the reply:

Code:

<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
   <SOAP-ENV:Header/>
   <SOAP-ENV:Body>
      <SOAP-ENV:Fault>
         <faultcode>SOAP-ENV:MustUnderstand</faultcode>
         <faultstring xml:lang="en">One or more mandatory SOAP header blocks not understood</faultstring>
      </SOAP-ENV:Fault>
   </SOAP-ENV:Body>
</SOAP-ENV:Envelope>

[kanonmicke]

The coin fell down...
My request from soupUI looks like this

Code:

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:sch="http://mycompany.com/ws/schemas">
<soapenv:Header>
<wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken wsu:Id="UsernameToken-27777511" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
	<wsse:Username>Jimmy</wsse:Username>
	<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">Henrix</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
   <soapenv:Body>
      <sch:NewCustomerRequest>
        <sch:Customer>
            <sch:ResellerId>112783</sch:ResellerId>
            <sch:IdentificationNumber>123ID456</sch:IdentificationNumber>
         </sch:Customer>
      </sch:NewCustomerRequest>
   </soapenv:Body>
</soapenv:Envelope>

My security policy:

Code:

<xwss:SecurityConfiguration dumpMessages="true" xmlns:xwss="http://java.sun.com/xml/ns/xwss/config">
<xwss:UsernameToken name="Jimmy" password="Henrix"/>
<xwss:RequireUsernameToken passwordDigestRequired="false" nonceRequired="false"/>
</xwss:SecurityConfiguration>

my x-servlet.xml file:

Code:

<bean class="org.springframework.ws.server.endpoint.mapping.PayloadRootQNameEndpointMapping">
		<property name="defaultEndpoint" ref="newCustomerEndpoint" />
		<property name="interceptors">
			<list>
				<ref local="validatingInterceptor" />
				<ref local="loggingInterceptor" />
				<ref local="wsSecurityInterceptor" />
			</list>
		</property>
	</bean>

	<bean id="wsSecurityInterceptor" class="org.springframework.ws.soap.security.xwss.XwsSecurityInterceptor">
        <property name="secureResponse" value="false"/>
        <property name="policyConfiguration" value="/WEB-INF/securityPolicy.xml"/>
        <property name="callbackHandlers">
                <ref bean="passwordValidationHandler"/>
        </property>
    </bean>

	<bean id="passwordValidationHandler" class="org.springframework.ws.soap.security.xwss.callback.SimplePasswordValidationCallbackHandler">
    <property name="users">
    	<props>
            <prop key="Jimmy">Henrix</prop>
        </props>
    </property>
	</bean>

[kenti]

Thank's for following up this one, kanonmicke. One may wonder why Spring doesn't describe it as simple as your last post (yes, I've read 'Chapter 7. Securing your Web services with Spring-WS').