I have implemented a Spring WS using XWSS for security. I have added a security configuration policy file into my application.
<xwss:SecurityConfiguration xmlns:xwss="http://java.sun.com/xml/ns/xwss/config"
dumpMessages="true">
<xwss:RequireTimestamp
id="tsp"
maxClockSkew="60"
timestampFreshnessLimit="300">
</xwss:RequireTimestamp>
<xwss:RequireUsernameToken
id="token"
passwordDigestRequired="false"
nonceRequired="false"/>
<xwss:Timestamp></xwss:Timestamp>
<xwss:UsernameToken
name="service"
password="service"
id="uToken"
digestPassword="true"
useNonce="true"/>
</xwss:SecurityConfiguration>
Now I am developing a client to access the WS. The security works fine. But I am unable to test the SUCCESS case in which the client can successfully get a response from my service. The problem is I don't know how to make my client send the usernametoken and timestamp along with the request. I am using NetBeans IDE and I am implementing a JAX-WS client to access the Spring WS using this tutorial.
Please let me know what needs to be done.
For Spring WSS there is not much difference between adding a security header to the ingoing soap messages or to the outgoing ones. The process is very similar.
In both cases, you should create a interceptor for adding the security header. It is described here. So, if you create the WS client using Spring you should not have problems, especially if you have already developed the server side, but the tutorial you referenced doesn't look like using Spring for implementing the client.
You can do this by adding the following code in you client class / class extending the webservicetgatewaysupport.
SoapHeader header = msg.getSoapHeader();
StringSource headerSource = new StringSource("<wsse:Security xmlns:wsse=\"http://docs.oasis-
open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\" mustUnderstand=\"1\"> <wsse:UsernameToken>
<wsse:Username>"+userName+"</wsse:Username> <wsse:Password Type=\"http://docs.oasis-open.org/wss/2004/01/
oasis-200401-wss-username-token-profile-1.0#PasswordText\">"+password+"</wsse:Password> </wsse:UsernameToken>"
+"</wsse:Security>");
Transformer transformer = TransformerFactory.newInstance().newTransformer();
transformer.transform(headerSource, header.getResult());
The above has to go in the message call back handler of the marshalSendANDRecieve metho of the webserviceTemplate
Check this sample for client.
And you could use SoapUI to test your server. Import WSDL, then select any request and open "Properties" window in left-bottom corner. You would see "Username", "Password" and "WSS-Password Type" related settings.
Related
This is critical to my current project. I have written a client in C++ using Windows web services. This client talks to the Clickatell SMS SOAP web service. I have tested the request using the SOAPUI tool and get correct response. I also receive the SMS message. Now, when I do this programmatically it fails because the WsCall() [in the code generated from WSDL via wsutil.exe) inserts even though the SOAP request I have already includes Envelope and Body. I cannot take out my Envelope since I have namespace specified in it like this:
http://schemas.xmlsoap.org/soap/encoding/\" xmlns:s=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns:SOAP-ENC=\"http://schemas.xmlsoap.org/soap/encoding/\" xmlns:tns=\"soap.clickatell.com\">
I know that the additional Envelope and Body are inserted since I see it in the Fiddler tool.
Any help I can get is highly appreciated!
Looks like you are using the older type rpc/encoded soap api.
Have you tried using the document/literal service?
(http://api.clickatell.com/soap/document_literal/webservice.php?wsdl)
I'm refering to the following article
http://wso2.com/library/articles/2010/10/using-xacml-fine-grained-authorization-wso2-platform/
I would like to use the sample echoService from the WSO2 AS over a secured proxy in WSO2 ESB in combination with the Identity Server for fine-grained authorization. All the settings mentioned on this page seem to work, however I am stuck concerning the client part. I use NetBeans and the given client code, but the .jars in the classpath there have older versions then the ones in the current version of WSO2 IS, so I started to exchange them manually. Now I get some exceptions like
Exception in thread "main" java.lang.NoSuchMethodError: org.apache.xml.security.transforms.Transform.init()V
and I am stuck again. I just want to test the echoService in this constellation and send some string over the ESB via IS and receive the response(if I have the appropriate role) from the AS, is there not another client or how could I test it else?
Thank you!
I can suggest you 3 options:
Use SoapUI to test the service which is the easiest way to test a web service.
Generate the stub for the service and have stub as the dependency in your client. You can use the WSDL2Java tool that ship with AS. Loging to AS --> Tools in left pane --> WSDL2Java --> Provide the wsdl URL and generate the stub jar.
Generate correct dependency libs. Go to [IS-Home]/bin folder, and issue that command "ant" to run the build.xml, this will copy all required libs to [IS-HOME]/repository/lib/ folder. Have them in your class path.
I'm working with gSOAP 2.8.15 and I'm trying to implement the HTTP Authentication by following the instructions in section 19.14 of gsoap documentation (http://www.cs.fsu.edu/~engelen/soapdoc2.html#tth_sEc19.14).
The only difference is that the codes introduced in the documentation is written in C but I'am coding in C++.
Here is my codes for client side of the web service
// The variable wsp is a instance of web service proxy generated by soapcpp2.
// The proxy is a sub-class of the class soap
wsp.userid = "user";
wsp.passwd = "password";
// call the function of web service
wsp.get_version(&result);
In the server side, I use these codes to check the authentication:
// The variable wss is the a instance of web service service generated by soapcpp2.
if (wss.userid == NULL || wss.passwd == NULL)
//......
The problem is when I call the function of web service using the client-side code, the userid and passwd is always NULL in server-side. But when I call the same function using soapUI by passing the userid and passwd with preemptive authorisation mode, the server will get the information without problem.
I appreciate if anyone can help me work out the problem. Thanks for your attention.
I have used tcpdump to catch the package sent between web service server and client and I found that there is no http header sent when the client call the function of the web service. So I have done some search in the documentation of gSOAP and found this sentence:
A client may use the http:// prefix. When absent, no HTTP header is
sent and no HTTP-based information will be communicated to the
service.
It solves my problem...
in MULE CE 3.3.0 I want to implement this process:
1- Post- office has a service for giving postal-code to clients. So post-office creates a WSDL-file for its service.
2- Here, our company is a connector between post-office and clients. Our company using mule and create another WSDL file based on post-office’s WSDL file and published out the WSDL for client usage.
3- Company-A and Company-B, get the WSDL-file URL and for instance in My-eclipse IDE or any other IDEs create a portlet and deploy it in a liferay portal as a web-service for displaying postal-code to its clients.
During this process I want to have a log file of ip-addresses. It means, I want to after each request that Company-A’s client or Company-B’s client sent to the server(Our company), it’s Ip-address insert into a database or in a file.
I illustrated my position in the image by a red Arrow. Now I want to put an script in MULE server that and gather all the ip addresses that Company-A's and Company-B's customers who use post-code webservice.
Can I use cxf-interceptor for this issuse ? and how? guide me?
As genjosanzo has suggested in https://stackoverflow.com/a/15993127/387927, you can access all the Mule headers in a CXF interceptor. This means that yes, you can achieve your goal with a CXF interceptor.
Here is an example of such an interceptor: https://github.com/mulesoft/mule/blob/mule-3.3.1/modules/cxf/src/main/java/org/mule/module/cxf/support/MuleHeadersInInterceptor.java
Here is a configuration sample that shows how to use Spring to instantiate and configure CXF interceptors: https://github.com/mulesoft/mule/blob/mule-3.3.1/modules/cxf/src/test/resources/header-conf.xml
The gist of it is:
<cxf:inInterceptors>
<spring:bean id="foo1" class="org.apache.cxf.interceptor.LoggingInInterceptor"/>
</cxf:inInterceptors>
I have a .WSDL file from our client company, for which I need to use to call a web service. Their system is SAP (SAP PI). My application is a C# .NET 3.5 client developed in VS 2008. I added a Service Reference in Visual Studio using their provided .WSDL file. This created a reference class for me to use to call their service, and set up several bindings in the app.config file for me.
I did not change anything in the app.config file, but did create code to call their web service. However, when I call their webservice, I receive the following exception:
The HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from the server was 'Basic realm="SAP NetWeaver Application Server ..."'.
(I modified slightly the string used in the 'Basic realm' section so as to not give it out.)
Did the app.config not get built correctly from the WSDL? Am I supposed to modify the app.config file somehow?
Things I've tried:
changed authenticationScheme in app.config from Anonymous to Basic
(as well as all the other authentication types)
changed realm string in app.config to match the realm in the exception message
set username/pw fields in the ClientCredentials.Username object in my code
Any pointers or help would be appreciated.
Edit: After some more investigation, I found that Visual Studio has several warnings about the extension element Policy and Policy assertions:
Custom tool warning: The optional WSDL extension element 'Policy'
from namespace 'http://schemas.xmlsoap.org/ws/2004/09/policy' was not
handled.
Custom tool warning: The following Policy Assertions were not Imported:
XPath://wsdl:definitions[#targetNamespace='urn:sap-com:document:sap:rfc:functions']/wsdl:binding[#name='Binding_FieldValidation']
Assertions: ...
I wasnt able to find out if this was related or not to my current issue with the authentication scheme. It does seem to be related, but I havent been able to find any solutions to getting these policy warnings resolved either. It seems WCF doesnt handle the statements in the wsdl very well.
Most SAP services dont support anonymous.
So pass some form of authentication data with the call.
User and password / X.509 Ticket...
If you are sending auth data with the call the try this
Ask the SAP guy to regenerate the WSDL with
No SAP assertions, No policy, SOAP 1.1.
You can also try and edit the WSDL by hand to remove the extra guff...
As a starting point, I'd verify that you can call the service successfully with the provided username and password. Use something like SoapUI to test that everything works correctly - just create a new project, import the WSDL provided by SAP PI, set the username and password and execute the call. You'll probably get some form of exception with an empty payload, but at least that'll verify that the username and password are correct.
Once you've verified that's working, check that your application is calling the service correctly and that the http basic authentication headers are being sent. You can confirm this by using a network monitoring tool and checking that the http request is being generated correctly. Something like netcat for Windows can do it - just make it listen to a port on your local machine and then specify localhost and the port as your SOAP endpoint.
Once you've verified both of those are correct, your call should succeed.
There must be the Basic authentication header missing or something wrong
with the credentials.
SAP PI always defaults to Basic Authentication if a Service is published via it's SOAP Adapter. I would investigate if WCF really does send out that header (e.g. Point your client endpoint to TCP Gateway and let TCP Gateway point to the SAP PI Endpoint from the WSDL).
About the Warnings: AFAIK the WSDL generated by SAP PI will always contain these Policy Tags, you can't really ommit it. What you can do is simply throw them out as they are not really validated