TAGS
You can create a web project to test the above example. You can add a servlet component to invoke the Client.java methods along with a JSP page to upload and download images.
As we mentioned in the beginning of the article, since the username and password is being sent as plain text ensure that the endpoint URL is using HTTPS/SSL to encrypt the messages if deployed in production.
Hi George, We tried your code with Metro version 2.2.1 on the Winstone Servlet Container. While the test works with the correct user credentials, when we provide a wrong password to the WS-Security protected Service we get the following error:
SEVERE: WSS1408: UsernameToken Authentication Failed giu 14, 2013 3:20:37 PM com.sun.xml.wss.jaxws.impl.SecurityServerTube processRequest SEVERE: WSSTUBE0025: Error in Verifying Security in the Inbound Message. com.sun.xml.wss.impl.WssSoapFaultException: Authentication of Username Password Token Failed at com.sun.xml.ws.security.opt.impl.util.SOAPUtil.newSOAPFaultException(SOAPUtil.java:133) at com.sun.xml.ws.security.opt.impl.incoming.UsernameTokenHeader.validate(UsernameTokenHeader.java:173) at com.sun.xml.ws.security.opt.impl.incoming.SecurityRecipient.handleSecurityHeader(SecurityRecipient.java:348) at com.sun.xml.ws.security.opt.impl.incoming.SecurityRecipient.cacheHeaders(SecurityRecipient.java:283) at com.sun.xml.ws.security.opt.impl.incoming.SecurityRecipient.validateMessage(SecurityRecipient.java:225) at com.sun.xml.wss.jaxws.impl.SecurityTubeBase.verifyInboundMessage(SecurityTubeBase.java:452) at com.sun.xml.wss.jaxws.impl.SecurityServerTube.processRequest(SecurityServerTube.java:206) at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:629) at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:588) at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:573) at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:470) at com.sun.xml.ws.server.WSEndpointImpl$2.process(WSEndpointImpl.java:243) at com.sun.xml.ws.transport.http.HttpAdapter$HttpToolkit.handle(HttpAdapter.java:471) at com.sun.xml.ws.transport.http.HttpAdapter.handle(HttpAdapter.java:244) at com.sun.xml.ws.transport.http.servlet.ServletAdapter.handle(ServletAdapter.java:135) at com.sun.xml.ws.transport.http.servlet.WSServletDelegate.doGet(WSServletDelegate.java:129) at com.sun.xml.ws.transport.http.servlet.WSServletDelegate.doPost(WSServletDelegate.java:160) at com.sun.xml.ws.transport.http.servlet.WSServlet.doPost(WSServlet.java:75) at javax.servlet.http.HttpServlet.service(HttpServlet.java:121) at javax.servlet.http.HttpServlet.service(HttpServlet.java:45) at winstone.ServletConfiguration.execute(ServletConfiguration.java:249) at winstone.RequestDispatcher.forward(RequestDispatcher.java:335) at winstone.RequestHandlerThread.processRequest(RequestHandlerThread.java:244) at winstone.RequestHandlerThread.run(RequestHandlerThread.java:150) at java.lang.Thread.run(Thread.java:722)
Did you try your code with a wrong username/password? We also tried to run the code with previous versions of the Metro libraries, but to no avail.
We suspect that the WS-Security fault processing may be broken. Could you help us in this matter? Thanks in advance.
Alessandro.
Hi George, We tried your code with Metro version 2.2.1 on the Winstone Servlet Container. While the test works with the correct user credentials, when we provide a wrong password to the WS-Security protected Service we get the following error:
SEVERE: WSS1408: UsernameToken Authentication Failed giu 14, 2013 3:20:37 PM com.sun.xml.wss.jaxws.impl.SecurityServerTube processRequest SEVERE: WSSTUBE0025: Error in Verifying Security in the Inbound Message. com.sun.xml.wss.impl.WssSoapFaultException: Authentication of Username Password Token Failed at com.sun.xml.ws.security.opt.impl.util.SOAPUtil.newSOAPFaultException(SOAPUtil.java:133) at com.sun.xml.ws.security.opt.impl.incoming.UsernameTokenHeader.validate(UsernameTokenHeader.java:173) at com.sun.xml.ws.security.opt.impl.incoming.SecurityRecipient.handleSecurityHeader(SecurityRecipient.java:348) at com.sun.xml.ws.security.opt.impl.incoming.SecurityRecipient.cacheHeaders(SecurityRecipient.java:283) at com.sun.xml.ws.security.opt.impl.incoming.SecurityRecipient.validateMessage(SecurityRecipient.java:225) at com.sun.xml.wss.jaxws.impl.SecurityTubeBase.verifyInboundMessage(SecurityTubeBase.java:452) at com.sun.xml.wss.jaxws.impl.SecurityServerTube.processRequest(SecurityServerTube.java:206) at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:629) at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:588) at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:573) at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:470) at com.sun.xml.ws.server.WSEndpointImpl$2.process(WSEndpointImpl.java:243) at com.sun.xml.ws.transport.http.HttpAdapter$HttpToolkit.handle(HttpAdapter.java:471) at com.sun.xml.ws.transport.http.HttpAdapter.handle(HttpAdapter.java:244) at com.sun.xml.ws.transport.http.servlet.ServletAdapter.handle(ServletAdapter.java:135) at com.sun.xml.ws.transport.http.servlet.WSServletDelegate.doGet(WSServletDelegate.java:129) at com.sun.xml.ws.transport.http.servlet.WSServletDelegate.doPost(WSServletDelegate.java:160) at com.sun.xml.ws.transport.http.servlet.WSServlet.doPost(WSServlet.java:75) at javax.servlet.http.HttpServlet.service(HttpServlet.java:121) at javax.servlet.http.HttpServlet.service(HttpServlet.java:45) at winstone.ServletConfiguration.execute(ServletConfiguration.java:249) at winstone.RequestDispatcher.forward(RequestDispatcher.java:335) at winstone.RequestHandlerThread.processRequest(RequestHandlerThread.java:244) at winstone.RequestHandlerThread.run(RequestHandlerThread.java:150) at java.lang.Thread.run(Thread.java:722)
Did you try your code with a wrong username/password? We also tried to run the code with previous versions of the Metro libraries, but to no avail.
We suspect that the WS-Security fault processing may be broken. Could you help us in this matter? Thanks in advance.
Alessandro.
Hi Mancini, Could you please check your validator class? Is it typecasting the request properly?
Hi Mancini, Could you please check your validator class? Is it typecasting the request properly?
Hi, George. This is my Validator Class. It is the same that you wrote.
package com.globinch.service;
import com.sun.xml.wss.impl.callback.PasswordValidationCallback; /** * The plain text password validation class. * @author Binu George * @since 2013 * @version 1.0 */ public class MyServicePasswordValidator implements PasswordValidationCallback.PasswordValidator {
public boolean validate(PasswordValidationCallback.Request request) throws PasswordValidationCallback.PasswordValidationException {
System.err.println(“ccccc”);
PasswordValidationCallback.PlainTextPasswordRequest plainTextRequest = (PasswordValidationCallback.PlainTextPasswordRequest) request; if (“myuserid”.equals(plainTextRequest.getUsername()) && “mypassword”.equals(plainTextRequest.getPassword())) { return true;
}else{ //return false; throw new PasswordValidationCallback.PasswordValidationException(“Invalid credentials provided. Authentication failed”);
}
} }
Did you try your code with a wrong username/password? My app fail only when i put wrong credentials.
Thanks in advance.
Alessandro.
Hi, Can you share this application as downloadable file? I followed all the steps still my tomcat does not load WSIT configuration file while deploying web service.
Thanks,
Hey Joe, I am planning to add downloadable source code archives for each of the examples. I will update you as soon as it becomes available. Thanks Binu George
Hi George,
Thank you for the article. It’s been really helpful for me.
One question: From within my application (where I use JAX-WS RI) I log my messages through the org.apache.log4j.Logger. As you mentioned above, the PolicyConfigParser outputs certain messages about loading the WSIT configuration. My problem is that I can’t find a way to get rid of these logs or change the logging level to WARNING or ERROR. Creating a file named logging.properties on the classpath with the following line: com.sun.xml.ws.policy.parser.PolicyConfigParser.level=WARNING …as suggested here (), didn’t have any effect. I also tried to set the logging level at runtime with statements like:
com.sun.istack.logging.Logger.getLogger(PolicyConfigParser.class).setLevel(Level.WARNING); com.sun.istack.logging.Logger.getLogger(PolicyConfigParser.class).setLevel(Level.WARNING); java.util.logging.Logger.getLogger(PolicyConfigParser.class.getName()).setLevel(Level.WARNING);
But none of that seems to work. Do you have some idea as to what I’m missing here?
Thanx, Duir
Binu George,
would you please provide me the source code.
Nice. Thanks for sharing,
Could you please share the application code for download
This is the best example i saw after my finding of two weeks or more… I know understanding a ws-security topic is such a pain and i was not able to find how to implement it using jaxws, all examples I searched earlier are so confusing for me.. I really appriciate your work. thanks for sharing it.
Hi Binu,
Very nice article. Few things I noticed in your exacmple come would like to inform you that : 1. open and close quotaion is missing where you defined name space for xmlns:wsam=Hence XML validator is complaining .
2. element definition in the xml file should be prefixed with wsp like
Excellent blog you have here.. It’s hard to find good quality writing like yours these days. I seriously appreciate people like you! Take care!!
Thanks for the comments Surobinda
.
