You need to sign in to do that
Don't have an account?

Ws Security : sending username, password, passwordtype, timestamp as part of soap header
Hi,
My webservice expects the security header to have username, password, password type and timestamp.
I am stuck with an issue and would like some assistance.
My Webservice code is
public static void setupSecurity(Object service) {
org.apache.cxf.endpoint.Client client = org.apache.cxf.frontend.ClientProxy.getClient(service);
org.apache.cxf.endpoint.Endpoint cxfEndpoint = client.getEndpoint();
Map<String, Object> outProps= new HashMap<String, Object>();
outProps.put(WSHandlerConstants.ACTION,
WSHandlerConstants.USERNAME_TOKEN + ' ' + WSHandlerConstants.TIMESTAMP);
outProps.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT);
outProps.put(WSHandlerConstants.PW_CALLBACK_CLASS, ClientPasswordHandler.class.getName());
outProps.put(WSHandlerConstants.USER, "Admin");
PhaseInterceptor<SoapMessage> wssOut = new WSS4JOutInterceptor(outProps);
cxfEndpoint.getOutInterceptors().add(wssOut);
cxfEndpoint.getOutInterceptors().add(new SAAJOutInterceptor());
}
As PasswordType also has to be sent as part of SOAP header i updated the WSDL.
Below is partial WSDL
<xsd:schema elementFormDefault="qualified" targetNamespace="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" >
<xsd:element name="Security" type="s3:SecurityHeaderType"/>
<xsd:complexType name="SecurityHeaderType">
<xsd:sequence>
<xsd:element minOccurs="1" maxOccurs="1" name="UsernameToken" type="s3:UsernameToken"/>
<xsd:element minOccurs="1" maxOccurs="1" name="TimeStamp" type="s3:TimeStamp"/>
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="UsernameToken">
<xsd:sequence>
<xsd:element minOccurs="0" maxOccurs="1" name="Username" type="xsd:string"/>
<xsd:element minOccurs="1" maxOccurs="1" name="Password">
<xsd:complexType>
<xsd:simpleContent>
<xsd:extension base="xsd:string">
<xsd:attribute name="Type" type="xsd:string"/>
</xsd:extension>
</xsd:simpleContent>
</xsd:complexType>
</xsd:element>
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="TimeStamp">
<xsd:sequence>
<xsd:element minOccurs="0" maxOccurs="1" name="Created" type="xsd:dateTime"/>
<xsd:element minOccurs="0" maxOccurs="1" name="Expires" type="xsd:dateTime"/>
</xsd:sequence>
</xsd:complexType>
</xsd:schema>
I added attribute Type for the Password element in WSDL. The Webservice is using PasswordText as the type.
Below is the generated code of the security class
public class OasisSecurity {
public class Password_element {
public String Type_x;
private String[] Type_x_att_info = new String[]{'Type'};
private String[] apex_schema_type_info = new String[]{'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd','true','false'};
private String[] field_order_type_info = new String[]{};
}
public class TimeStamp {
public DateTime Created;
public DateTime Expires;
private String[] Created_type_info = new String[]{'Created','http://www.w3.org/2001/XMLSchema','dateTime','0','1','false'};
private String[] Expires_type_info = new String[]{'Expires','http://www.w3.org/2001/XMLSchema','dateTime','0','1','false'};
private String[] apex_schema_type_info = new String[]{'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd','true','false'};
private String[] field_order_type_info = new String[]{'Created','Expires'};
}
public class UsernameToken {
public String Username;
public OasisSecurity.Password_element Password;
private String[] Username_type_info = new String[]{'Username','http://www.w3.org/2001/XMLSchema','string','0','1','false'};
private String[] Password_type_info = new String[]{'Password','http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd','Password_element','1','1','false'};
private String[] apex_schema_type_info = new String[]{'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd','true','false'};
private String[] field_order_type_info = new String[]{'Username','Password'};
}
public class SecurityHeaderType {
public OasisSecurity.UsernameToken UsernameToken;
public OasisSecurity.TimeStamp TimeStamp;
private String[] UsernameToken_type_info = new String[]{'UsernameToken','http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd','UsernameToken','1','1','false'};
private String[] TimeStamp_type_info = new String[]{'TimeStamp','http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd','TimeStamp','1','1','false'};
private String[] apex_schema_type_info = new String[]{'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd','true','false'};
private String[] field_order_type_info = new String[]{'UsernameToken','TimeStamp'};
}
}
The problem i am facing is, i am able to assign value to the Type_x of the Password_element class.
But i am unable to set the value to the Password .
This is how the header part of my request looks like
<?xml version="1.0" encoding="UTF-8"?><env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><env:Header><Security xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><UsernameToken><Username>Administrator</Username><Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText" /></UsernameToken><TimeStamp><Created>2010-07-28T17:42:25.966Z</Created><Expires>2010-11-25T17:42:25.966Z</Expires></TimeStamp></Security></env:Header>
And it can be seen in header that i am just able to pass the attribute Type of Password tag and unable to set Value for Password.
I am getting the below error message after the webservice callout.
System.CalloutException: Web service callout failed: WebService returned a SOAP Fault: Fault occurred while processing. faultcode=ns1:client faultactor=
Any help on this will be highly appreciated.
Experiencing a similar issue. Hope the SF experts reply.
Sanjeev
Did you ever figure this out?
Hi, have someone figured it out. Please post the solution i am facing the same issue.
I was never able to set the passwordtype parameter, but I was able to generate the following SOAP Header which worked for my implementation:
Security Class:
Add the lines of code between the comments to your class generated by apex2wsdl: