WSS4J WSSecUsernameToken problem

I'm having trouble adding a Username Token header to an existing SOAP message. My code looks like this:

            MessageFactory mf = MessageFactory.newInstance();
            SOAPMessage sm = mf.createMessage();
            SOAPPart soappart = sm.getSOAPPart();
            SOAPEnvelope se = soappart.getEnvelope();
            SOAPHeader header = se.getHeader();
            String username = "wss4j";
            String password = "security";        
            WSSecHeader wsheader = new WSSecHeader();
            wsheader.insertSecurityHeader(soappart);
            WSSecUsernameToken  token = new WSSecUsernameToken();
            token.setPasswordType(WSConstants.PASSWORD_DIGEST);
            token.setUserInfo(username, password);
            token.build(soappart, wsheader);

What it produces is this:

<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  <soapenv:Header>
    <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="0"/>
    <soapenv:client-session-id soapenv:actor="http://schemas.xmlsoap.org/soap/actor/next" soapenv:mustUnderstand="0">876351D116F8A209E609BAA99683CF71</soapenv:client-session-id>
  </soapenv:Header>
  <soapenv:Body>
    <powerball>
      <number-of-tickets>1</number-of-tickets>
      <numbers-to-avoid>13</numbers-to-avoid>
    </powerball>
  </soapenv:Body>
</soapenv:Envelope>

As you can see, the wsse:Security element does not contain the Username Token as it should. What I'm trying to produce is something like this:

<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:actor="test" soapenv:mustUnderstand="1">
  <wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="UsernameToken-32699917">
    <wsse:Username>joedoe</wsse:Username>
    <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">this is a lot of foobar </wsse:Password>
  </wsse:UsernameToken>
</wsse:Security>

A co-worker ran the code and it produced the right SOAP. But when I run it, the Username Token isn't there.
LVL 1
FeralCTOAsked:
Who is Participating?
 
Siva Prasanna KumarPrincipal Solutions ArchitectCommented:
Are you using the article  link

http://www.devx.com/Java/Article/28816/1954?pf=true

check the sample code or Listing 2 thats what you are suppose to do.

Any way just try this

Replace the following lines
--------------------------------------------------------------
WSSecUsernameToken  token = new WSSecUsernameToken();
            token.setPasswordType(WSConstants.PASSWORD_DIGEST);
            token.setUserInfo(username, password);
            token.build(soappart, wsheader);
-----------------------------------------------------------------

to

--------------------------------------------------------------
WSSAddUsernameToken token=  new WSSAddUsernameToken("", false);
//as your example shows password is text.
token.setPasswordType(WSConstants.PASSWORD_TEXT);
token.build(doc, username, password);
-----------------------------------------------------------------

Actually i don't see any major mistake in your code. any way try the above code and let me know whats the result.

0
 
FeralCTOAuthor Commented:
I get the same result. It's odd. I can step through code, into the wss4j source, and see that the Username Token gets created and looks the way it should. I can even see it get added to the security header. But once I come out of that code and back into mine, the security header doesn't contain the Username Token.
0
 
FeralCTOAuthor Commented:
I got this working by moving the Username Token code further down to just before the SOAPConnection.call method is invoked. I don't know why that made a difference, but it did.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.