All geek questions in one place

WS-Security UsernameToken with Apache CXF

I have a Java application that interacts with a SOAP service. I used WSDL to create a java client through CXF, but I need to authenticate my calls with ws-security. I am only looking for code for this, and I don't have any xml configurations. This is what I tried:

Map ctx = ((BindingProvider)port).getRequestContext(); ctx.put("ws-security.username", "joe"); ctx.put("ws-security.password", "joespassword"); port.makeSoapCall();

But I get a parsing error for an invalid WS-Security header. What is the right way to do this?

In SOAP UI, I can do this easily by right-clicking the soap bar, clicking "Add WSS Username" and choosing "Password Text"

+5
source share
2 answers

You are using WS-SecurityPolicy as per common code. How about using only WS-Security and sending via usernametoken using WSS4JOutInterceptor?

See the “ Adding Interceptors via API ” section of the apache cfx ws-security manual here: http://cxf.apache.org/docs/ws-security.html

This is what needs to be done in accordance with the above apac cxf documenation above. You may only need the interceptor path.

On the client side, you can get a link to the CXF endpoint using the ClientProxy assistant:

 import org.apache.cxf.frontend.ClientProxy; ... GreeterService gs = new GreeterService(); Greeter greeter = gs.getGreeterPort(); ... org.apache.cxf.endpoint.Client client = ClientProxy.getClient(greeter); org.apache.cxf.endpoint.Endpoint cxfEndpoint = client.getEndpoint();

Now you are ready to add the interceptors:

 import org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor; import org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor; ... Map<String,Object> inProps = new HashMap<String,Object>(); ... // how to configure the properties is outlined below; WSS4JInInterceptor wssIn = new WSS4JInInterceptor(inProps); cxfEndpoint.getInInterceptors().add(wssIn); Map<String,Object> outProps = new HashMap<String,Object>(); outProps.put("action", "UsernameToken Timestamp"); outProps.put("passwordType", "PasswordDigest"); //remove this line if want to use plain text password outProps.put("user", "abcd"); outProps.put("passwordCallbackClass", "demo.wssec.client.UTPasswordCallback"); WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(outProps); cxfEndpoint.getOutInterceptors().add(wssOut);

In the above example, you will need to write a password callback class (UTPasswordCallback).

Apache cxf has a full selection for the UserName token: http://svn.apache.org/repos/asf/cxf/trunk/distribution/src/main/release/samples/ws_security/ut/

From the link above, navigate to the client folder (src / main / java / demo / wssec / client) for the username token and UTPasswordCallback code.

EDIT: if your wsdl expects a password as plain text, just remove this line from the code: outProps.put ("passwordType", "PasswordDigest");

+4
source

You can take a look at the ws-security / ut demo that comes with CXF, this shows how to programmatically add a UsernameToken. Here is the client code:

https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=blob_plain;f=distribution/src/main/release/samples/ws_security/ut/src/main/java/ demo / wssec / client / Client.java; hb = HEAD

Colm

0
source

Source: https://habr.com/ru/post/1205655/

More articles:


All Articles