Secure WS client with UsernameToken(SOAP security header)

Posted by user79163 on Stack Overflow See other posts from Stack Overflow or by user79163
Published on 2011-01-04T12:41:01Z Indexed on 2011/01/04 12:54 UTC
Read the original article Hit count: 195

Filed under:
|
|

Hi, I'm trying to secure my WS client to be able to call the WS.
My code looks like this:

            SendSmsService smsService = new SendSmsService();
SendSms sendSMS = smsService.getSendSms();  
BindingProvider stub = (BindingProvider)sendSMS;

//Override endpoint with local copy of wsdl.
String URL ="";//here is the wsdl url
Map<String,Object> requestContext = stub.getRequestContext();
requestContext.put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, URL);

//Set usernametoken
URL fileURL = loader.getResource("client-config.xml");
File file = new File(fileURL.getFile());

FileInputStream clientConfig = null;
try {
 clientConfig = new FileInputStream(file);
} catch (FileNotFoundException e) {
 e.printStackTrace();
}

XWSSecurityConfiguration config = null;
try {
 config = SecurityConfigurationFactory.newXWSSecurityConfiguration(clientConfig);
} catch (Exception e) {
 e.printStackTrace();
 log.warn("Exception: "+e.getMessage());
}
requestContext.put(XWSSecurityConfiguration.MESSAGE_SECURITY_CONFIGURATION, config);

//Invoke the web service

 String requestId = null;
 try {
  requestId = sendSMS.sendSms(addresses, senderName, charging, message,   receiptRequest);
 } catch (PolicyException e) {
  // TODO Auto-generated catch block
  e.printStackTrace();
 } catch (ServiceException e) {
  // TODO Auto-generated catch block
  e.printStackTrace();
 }

and the config file looks like this:

<xwss:JAXRPCSecurity xmlns:xwss="http://java.sun.com/xml/ns/xwss/config"   optimize="true">
 <xwss:Service>
  <xwss:SecurityConfiguration dumpMessages="true"
   xmlns:xwss="http://java.sun.com/xml/ns/xwss/config">
    <xwss:UsernameToken name="username" password="password>
  </xwss:SecurityConfiguration>
 </xwss:Service>
 <xwss:SecurityEnvironmentHandler>
  util.SecurityEnvironmentHandler
</xwss:SecurityEnvironmentHandler>
</xwss:JAXRPCSecurity>

The SecurityEnviromentHandler is a dummy class that implements javax.security.auth.callback.CallbackHandler.

Authentication must be in compliance with Oasis Web Services Security Username Token Profile 1.0.
But I'm constantly getting "Security header not valid" error.
Where am I going wrong, can anyone tell me.
I used wsimport(JAX_WS 2.1 to generate classes for my client)
Note:Only thing I know about this WS is WSDL URL and user&pass for authentication

© Stack Overflow or respective owner

Related posts about java

Related posts about web-services