Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


WSS4J WSSecUsernameToken problem

Posted on 2007-08-08
Medium Priority
Last Modified: 2013-11-05
I'm having trouble adding a Username Token header to an existing SOAP message. My code looks like this:

            MessageFactory mf = MessageFactory.newInstance();
            SOAPMessage sm = mf.createMessage();
            SOAPPart soappart = sm.getSOAPPart();
            SOAPEnvelope se = soappart.getEnvelope();
            SOAPHeader header = se.getHeader();
            String username = "wss4j";
            String password = "security";        
            WSSecHeader wsheader = new WSSecHeader();
            WSSecUsernameToken  token = new WSSecUsernameToken();
            token.setUserInfo(username, password);
            token.build(soappart, wsheader);

What it produces is this:

<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
    <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="0"/>
    <soapenv:client-session-id soapenv:actor="http://schemas.xmlsoap.org/soap/actor/next" soapenv:mustUnderstand="0">876351D116F8A209E609BAA99683CF71</soapenv:client-session-id>

As you can see, the wsse:Security element does not contain the Username Token as it should. What I'm trying to produce is something like this:

<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:actor="test" soapenv:mustUnderstand="1">
  <wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="UsernameToken-32699917">
    <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">this is a lot of foobar </wsse:Password>

A co-worker ran the code and it produced the right SOAP. But when I run it, the Username Token isn't there.
Question by:FeralCTO
  • 2
LVL 23

Accepted Solution

Siva Prasanna Kumar earned 2000 total points
ID: 19655874
Are you using the article  link


check the sample code or Listing 2 thats what you are suppose to do.

Any way just try this

Replace the following lines
WSSecUsernameToken  token = new WSSecUsernameToken();
            token.setUserInfo(username, password);
            token.build(soappart, wsheader);


WSSAddUsernameToken token=  new WSSAddUsernameToken("", false);
//as your example shows password is text.
token.build(doc, username, password);

Actually i don't see any major mistake in your code. any way try the above code and let me know whats the result.


Author Comment

ID: 19656313
I get the same result. It's odd. I can step through code, into the wss4j source, and see that the Username Token gets created and looks the way it should. I can even see it get added to the security header. But once I come out of that code and back into mine, the security header doesn't contain the Username Token.

Author Comment

ID: 19657735
I got this working by moving the Username Token code further down to just before the SOAPConnection.call method is invoked. I don't know why that made a difference, but it did.

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For beginner Java programmers or at least those new to the Eclipse IDE, the following tutorial will show some (four) ways in which you can import your Java projects to your Eclipse workbench. Introduction While learning Java can be done with…
Introduction This article is the second of three articles that explain why and how the Experts Exchange QA Team does test automation for our web site. This article covers the basic installation and configuration of the test automation tools used by…
Viewers learn about the third conditional statement “else if” and use it in an example program. Then additional information about conditional statements is provided, covering the topic thoroughly. Viewers learn about the third conditional statement …
How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…
Suggested Courses
Course of the Month13 days, 19 hours left to enroll

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question