I was successfully able to write a simple web service using Spring. Now, I am trying to add the most basic kind of authentication to the web service. The documentation says the following about Plain Text Username Authentication.
My server side securityPolicy.xml is very simple. Here it is
The simplest form of username authentication uses plain text passwords. In this scenario, the SOAP message will contain a UsernameToken element, which itself contains a Username element and a Password element which contains the plain text password
I dont want to write a client to test this web service. Instead, I am using soapUI to send the SOAP XML to the web service.
<?xml version="1.0" encoding="UTF-8"?>
<xwss:RequireUsernameToken passwordDigestRequired="false" nonceRequired="false"/>
Can someone tell me where the UsernameToken element should be present in the SOAP message for the server to successfully read it and let the web service call go thru successfully. In other words, should the UsernameToken element be present inside the <soapenv:Header> or the <soapenv:Body> tags? I had the following inside the soapHeader and that did not work (got a com.sun.xml.wss.XWSSecurityException: Message does not conform to configured policy)
Here is my complete soap envelope
I read the java doc of the org.springframework.ws.soap.security.xwss.XwsSecur ityInterceptor and it says
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:sch="http://abc.com/target/schemas">
Does this mean that I cannot test this web service using soapUI? (since it says that you must use a SaajSoapMessageFactory to create the SOAP messages)
Note that this interceptor depends on SAAJ, and thus requires SaajSoapMessages to operate.
This means that you must use a SaajSoapMessageFactory to create the SOAP messages.