TechQA.

Axis Webservice Header Security Password Text

5.4k views Asked by At

I am new to security headers and I need your help. I can do axis webservices call with authentication, thats easy but struggling with security. I have the following security header which is failing to authentic and i know it is becuase of the username token becuase i get exception: org.apache.ws.security.WSSecurityException: An invalid security token was provided (An error happened processing a Username Token).

this is a working request from soapui:

<wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <wsse:UsernameToken wsu:Id="UsernameToken-1"> <wsse:Username>tibco-admin</wsse:Username> <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">secret</wsse:Password> <wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">d6zrRrsSdfulAUmTq6VFtQ==</wsse:Nonce> <wsu:Created>2014-01-07T15:55:58.816Z</wsu:Created> </wsse:UsernameToken> </wsse:Security>

This is a request that is failing from java:

<wsse:Security xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
 <wsse:UsernameToken wsu:Id="UsernameToken-2">
     <wsse:Username xsi:type="xsd:string" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">tibco-admin</wsse:Username>
     <wsse:Password EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText" xsi:type="xsd:string" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">secret</wsse:Password>
     <wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" xsi:type="xsd:string" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">XY7Kb6UcEhloWOlmcbDlGg==</wsse:Nonce>
     <wsse:Created xsi:type="xsd:string" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">2014-01-07T17:48:39Z</wsse:Created>
 </wsse:UsernameToken>

My java code is:

            //set header
            SOAPHeaderElement wsseSecurity =  new SOAPHeaderElement(new PrefixedQName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd","Security", "wsse"));
            wsseSecurity.setMustUnderstand(true);
            wsseSecurity.setAttribute("xmlns:wsu", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
            wsseSecurity.setActor(null);

            //set userNameToken
            SOAPElement userNameToken = wsseSecurity.addChildElement("UsernameToken", "wsse");
            userNameToken.setAttribute("wsu:Id", "UsernameToken-1");

            //set username
            SOAPElement userName = userNameToken.addChildElement("Username", "wsse");
            userName.setValue("tibco-admin");

            //set password
            SOAPElement password = userNameToken.addChildElement("Password", "wsse");
            password.setAttribute("EncodingType", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText");
            password.setValue("secret");

            //set nonce
            SOAPElement nonce = userNameToken.addChildElement("Nonce", "wsse");
            nonce.setValue("XY7Kb6UcEhloWOlmcbDlGg==");
            nonce.setAttribute("EncodingType", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary");

            //set created
            Calendar c = Calendar.getInstance();
            c.setTime(new Date());
    String timestamp = DatatypeConverter.printDateTime(c);
    timestamp = timestamp.substring(0, 19);
    timestamp = timestamp+"Z";
            SOAPElement created = userNameToken.addChildElement("Created", "wsse");
            created.setValue(timestamp);

            stub.setHeader(wsseSecurity);

            System.out.println(wsseSecurity);
    stub.setUsername("tibco-admin");
    stub.setPassword("secret");

I hardcoded the value for nonce for testing.

Any help or pointers would greatly be appreciated.

security axis usernametoken
Original Q&A
3

There are 3 answers

0
Ken On

I found the issue, i made a silly typo in my code,

I set the attribute name for the following as EncodingType which failed it. It should be:

password.setAttribute("Type", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText");
0
Javier Aguilar Herrera On

The Error is in password,

try to

"password.setAttribute("Type", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText"); password.setValue("secret");"

1
user2170642 On

SOAPElement created = userNameToken.addChildElement("Created", "wsu","http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");

Related Questions in SECURITY

Related Questions in AXIS

Related Questions in USERNAMETOKEN

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions