I have WCF service with basicHttpBinding:
<basicHttpBinding>
<binding name="DefaultBasic" closeTimeout="00:30:00" openTimeout="00:30:00"
receiveTimeout="05:00:00" sendTimeout="00:30:00" maxBufferSize="655360000"
maxBufferPoolSize="524288000" maxReceivedMessageSize="655360000">
<readerQuotas maxDepth="655320000" maxStringContentLength="655320000"
maxArrayLength="655320000" maxBytesPerRead="655320000" maxNameTableCharCount="655320000" />
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Basic" />
<message clientCredentialType="UserName" />
</security>
</binding>
</basicHttpBinding>
Does java clients can consume this service?
Colleagues told that this part of wsdl is a problem:
<wsp:Policy wsu:Id="Basic_policy">
<wsp:ExactlyOne>
<wsp:All>
<http:BasicAuthentication xmlns:http="http://schemas.microsoft.com/ws/06/2004/policy/http"/>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
EDIT: Does java clients can consume service with Windows authentication ?
The problem is that the service you want to invoke need basic http authentication, maybe this previous post can help you.
Related
We have a pretty big WCF service that we use for quite some time, but up until now we've been connecting to it only via c#. Now we have a need to connect to it from Java.
I found out quickly that if I use Eclipse and go to new/other/Web Service Client I can put the WSDL link there to auto generate the code.
Doing that straight away did not produce much though. I obtained two files, one of which had empty body.
This is my first issue with this auto generation tool - it creates something, but I don't see any log of what it succeeded and what failed in creating.
I searched and found out that i had to change the bindings to basicHttpBinding, and make sure that httpGetEnabled is set to "true". After this change, auto generation in Java produces a lot of code, i get the data contract schemas and so on. And I get 4 files under the 'org.tempuri' namespace:
BasicHttpBinding_IMyServiceStub.java
IMyServiceProxy.java
MyService.java
MyServiceLocator.java
However looking at some tutorials, it seems I should get a fifth one, IMyService.java - which I did not get. And, I do have errors in the generated code pointing out that indeed IMyService cannot be resolved, as its being used in a few places, but its definition was not auto-generated.
Since I have no logs of what has failed during auto generation, I'm kind of lost what to look for as a culprit.
Does anyone have any experience on either:
a) locating logs for auto generation that would tell me what went
wrong
b) directly know what causes the Interface class not to be generated?
I'm suspecting i have to change something more in webconfig file on the server. A second guess is that perhaps we use some c# construct not recognised by java...or something.
Anyway, completly lost here, as there is no feedback of what went wrong.
Here is a webconfig file from the IIS server.
<?xml version="1.0"?>
<configuration>
<connectionStrings>
<add name="XXX" connectionString="XXX" providerName="System.Data.SqlClient"/>
</connectionStrings>
<system.web>
<compilation targetFramework="4.0"/>
<customErrors mode="Off"/>
<httpRuntime executionTimeout="5400" requestValidationMode="2.0"/>
<identity impersonate="false"/>
</system.web>
<system.serviceModel>
<bindings>
<customBinding>
<binding name="bindingNetTcp" closeTimeout="01:00:00" openTimeout="01:00:00" receiveTimeout="01:00:00" sendTimeout="01:00:00">
<binaryMessageEncoding maxSessionSize="2147483647">
<readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647"/>
</binaryMessageEncoding>
<tcpTransport maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647" maxBufferSize="2147483647"/>
</binding>
<binding name="bindingHttps" closeTimeout="01:00:00" openTimeout="01:00:00" receiveTimeout="01:00:00" sendTimeout="01:00:00">
<binaryMessageEncoding maxReadPoolSize="2147483647" maxWritePoolSize="2147483647" maxSessionSize="2147483647">
<readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647"/>
</binaryMessageEncoding>
<httpsTransport manualAddressing="false" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647" allowCookies="true" authenticationScheme="Anonymous" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" keepAliveEnabled="true" maxBufferSize="2147483647" proxyAuthenticationScheme="Anonymous" realm="" transferMode="StreamedResponse" unsafeConnectionNtlmAuthentication="false" useDefaultWebProxy="true"/>
</binding>
<binding name="bindingHttp" closeTimeout="01:00:00" openTimeout="01:00:00" receiveTimeout="01:00:00" sendTimeout="01:00:00">
<binaryMessageEncoding maxReadPoolSize="2147483647" maxWritePoolSize="2147483647" maxSessionSize="2147483647">
<readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647"/>
</binaryMessageEncoding>
<httpTransport manualAddressing="false" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647" allowCookies="true" authenticationScheme="Anonymous" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" keepAliveEnabled="true" maxBufferSize="2147483647" proxyAuthenticationScheme="Anonymous" realm="" transferMode="StreamedResponse" unsafeConnectionNtlmAuthentication="false" useDefaultWebProxy="true"/>
</binding>
</customBinding>
<netTcpBinding>
<binding name="NetTcpBinding_IGodService" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" transactionFlow="false" transferMode="Buffered" transactionProtocol="OleTransactions" hostNameComparisonMode="StrongWildcard" listenBacklog="10" maxBufferPoolSize="524288" maxBufferSize="65536" maxConnections="10" maxReceivedMessageSize="65536">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384"/>
<reliableSession ordered="true" inactivityTimeout="00:10:00" enabled="false"/>
<security mode="Transport">
<transport clientCredentialType="Certificate" protectionLevel="EncryptAndSign"/>
<message clientCredentialType="Windows"/>
</security>
</binding>
<binding name="NetTcpBinding_IGodService1" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" transactionFlow="false" transferMode="Buffered" transactionProtocol="OleTransactions" hostNameComparisonMode="StrongWildcard" listenBacklog="10" maxBufferPoolSize="524288" maxBufferSize="65536" maxConnections="10" maxReceivedMessageSize="65536">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384"/>
<reliableSession ordered="true" inactivityTimeout="00:10:00" enabled="false"/>
<security mode="Transport">
<transport clientCredentialType="Certificate" protectionLevel="EncryptAndSign"/>
<message clientCredentialType="Windows"/>
</security>
</binding>
<binding name="CustomBinding_IDQMServer">
<security mode="None"/>
</binding>
</netTcpBinding>
</bindings>
<services>
<service name="XXX.XXX" behaviorConfiguration="XXXBehavior">
<host>
<baseAddresses>
<add baseAddress="net.tcp://example.com:4502/xxx/xxx/"/>
<add baseAddress="http://example.com/xxx/xxx/"/>
</baseAddresses>
</host>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
<endpoint address="" binding="customBinding" bindingConfiguration="bindingHttps" contract="xxx.Ixxx"/>
<endpoint address="" binding="basicHttpBinding" contract="xxx.Ixxx"/>
<endpoint address="" binding="customBinding" bindingConfiguration="bindingNetTcp" contract="xxx.Ixxx"/>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="xxxBehavior">
<dataContractSerializer maxItemsInObjectGraph="2147483647"/>
<serviceThrottling maxConcurrentCalls="2500" maxConcurrentInstances="2147483647" maxConcurrentSessions="2147483647"/>
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="true"/>
</behavior>
</serviceBehaviors>
<endpointBehaviors>
<behavior name="SrvBehavior">
<clientCredentials>
<clientCertificate findValue="xxx" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName"/>
<serviceCertificate>
<authentication certificateValidationMode="PeerTrust"/>
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true"/>
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
<defaultDocument>
<files>
<add value="xxx.svc"/>
</files>
</defaultDocument>
</system.webServer>
</configuration>
Please note that im using basicHttpBinding there, previously it was "bindingHttp" like the https one, but it didnt work at all.
EDIT: As pointed out in the comment section, we're using Lists in the service quite a lot, an example of the c# wcf interface:
public class ListResults<T>//our own custom return class
{
public List<T> Result { get; set; }
public long? ID { get; set; }
public int? Error { get; set; }
}
[SecurityOperationBehavior]
[OperationContract]
ListResults<SomeDataType> SomeListFunction(string param1, long? param2, bool? param3);
What controls if a web service method can be invoked from a browser via a URL or not?
The platform (among other things) on which the service is authored (java vs .net vs xxx)?
I know .net based web services provide a nice interface to invoke the methods.
Why does it not happen for java based ones?
Since in both cases it is soap, should they not behave identically?
What is .net implementation doing extra that java doesn't?
What are the necessary config settings/properties that control if a soap webservice is browser invokeable?
I have seen plenty of online examples where for simple arguments, the web service methods seem to be browser invokeable, via a URL.
But in my case, it doesn't seem to work.
I have a working web service (JAX-WS), wsdl as below:
<?xml version="1.0" encoding="UTF-8" ?>
<!-- Published by JAX-WS RI at http://jax-ws.dev.java.net. RI's version is JAX-WS RI 2.1.6 in JDK 6.
-->
<!-- Generated by JAX-WS RI at http://jax-ws.dev.java.net. RI's version is JAX-WS RI 2.1.6 in JDK 6.
-->
<definitions xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:tns="http://services/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://schemas.xmlsoap.org/wsdl/" targetNamespace="http://services/" name="MYServiceService">
<types>
<xsd:schema>
<xsd:import namespace="http://services/" schemaLocation="http://example.com:8888/myservice?xsd=1" />
</xsd:schema>
</types>
<message name="getToken">
<part name="parameters" element="tns:getToken" />
</message>
<message name="getTokenResponse">
<part name="parameters" element="tns:getTokenResponse" />
</message>
<portType name="MYService">
<operation name="getToken">
<input message="tns:getToken" />
<output message="tns:getTokenResponse" />
</operation>
</portType>
<binding name="MYServicePortBinding" type="tns:MYService">
<soap:binding transport="http://schemas.xmlsoap.org/soap/http" style="document" />
<operation name="getToken">
<soap:operation soapAction="" />
<input>
<soap:body use="literal" />
</input>
<output>
<soap:body use="literal" />
</output>
</operation>
</binding>
<service name="MYServiceService">
<port name="MYServicePort" binding="tns:MYServicePortBinding">
<soap:address location="http://example.com:8888/myservice" />
</port>
</service>
</definitions>
Works fine (if consumed via client app, I get the method output successfully).
But when I try using via browser, I get a "No JAX-WS context information available" message.
http://example.com:8888/myservice?wsdl works fine, but
http://example.com:8888/myservice/getToken?param0=xxx¶m1=yyy gives me the above message. param0,param1 are the same names I used in the implementation, and they are both of type String.
I am hosting the web service in a JRE 1.6 environment, as a stand alone Java program.
I'm attempting to configure a Java client using Axis2 client stubs(WSDL2Java). The application consumes a WCF service that requires client certificates. The only way I've been able to get the application to work is by changing the system properties as in this code:
System.setProperty("javax.net.ssl.keyStoreType", "JKS");
System.setProperty("javax.net.ssl.keyStore","path/to/my/keystore");
System.setProperty("javax.net.ssl.keyStorePassword", "changeit");
However, I would like to use a different keystore for different applications on the same Tomcat server. I have looked into using an SSLContext based on some of the research I've done, but I haven't found any examples that use client stubs created with WSDL2Java. Does anyone have an example or have any idea how to do this?
Thanks!
I would like to add that we are using WS-Policy and use a ConfigurationContext to engage Rampart. I was thinking that I could edit our policy.xml file to indicate the keystore. Would this work? I'm getting a SocketException when I attempt to run the application: SocketException: Unconnected sockets not implemented. Here is the policy.xml file in its current form.
<?xml version="1.0" encoding="UTF-8"?>
<wsp:Policy wsu:Id="BasicHttpBinding"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wsecurity-secext-1.1.xsd"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://schemas.xmlsoap.org/ws/2004/09/policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:TransportToken>
<wsp:Policy>
<sp:HttpsToken RequireClientCertificate="true" />
</wsp:Policy>
</sp:TransportToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic256 />
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict />
</wsp:Policy>
</sp:Layout>
</wsp:Policy>
</sp:TransportBinding>
<ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
<ramp:user>myapplication</ramp:user>
<ramp:passwordCallbackClass>com.myproject.classes.PWCBHandler</ramp:passwordCallbackClass>
<ramp:sslConfig>
<ramp:property name="javax.net.ssl.keyStoreType">JKS</ramp:property>
<ramp:property name="javax.net.ssl.keyStore">path/to/my/keystore</ramp:property>
<ramp:property name="javax.net.ssl.keyStorePassword">changeit</ramp:property>
<ramp:property name="javax.net.ssl.trustStoreType">JKS</ramp:property>
<ramp:property name="javax.net.ssl.trustStore">path/to/my/truststore</ramp:property>
<ramp:property name="javax.net.ssl.trustStorePassword">changeit</ramp:property>
</ramp:sslConfig>
</ramp:RampartConfig>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
First of all, sorry for this long post but I am brushing my mind on this since days without success. I really seek your help.
I am trying to invoke a webservice which is secured by OWSM. Below are the policy assertions specified in the WSDL.
*************************************
<wsp:Policy wsu:Id="service.BindingQSPort_Fault_Policy" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"/>
<sp:SignedElements xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"/>
<sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"/>
<sp:EncryptedElements xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"/>
</wsp:Policy>
<wsp:Policy wsu:Id="service.BindingQSPort_Input_Policy" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<sp:Body/>
<sp:Header Name="fmw-context" Namespace="http://xmlns.oracle.com/fmw/context/1.0"/>
<sp:Header Name="" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="" Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"/>
</sp:SignedParts>
<sp:SignedElements xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"/>
<sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<sp:Header Name="fmw-context" Namespace="http://xmlns.oracle.com/fmw/context/1.0"/>
</sp:EncryptedParts>
<sp:EncryptedElements xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"/>
</wsp:Policy>
<wsp:Policy wsu:Id="service.BindingQSPort_Output_Policy" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<sp:Body/>
</sp:SignedParts>
<sp:SignedElements xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"/>
<sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"/>
<sp:EncryptedElements xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"/>
</wsp:Policy>
<wsp:Policy wsu:Id="wss10_x509_token_over_ssl_service_policy" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:InitiatorToken>
<wsp:Policy>
<sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always">
<wsp:Policy>
<sp:WssX509V3Token10/>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:InitiatorToken>
<sp:RecipientToken>
<wsp:Policy>
<sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always">
<wsp:Policy>
<sp:WssX509V3Token10/>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Lax/>
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp/>
<sp:OnlySignEntireHeadersAndBody/>
<sp:ProtectTokens/>
</wsp:Policy>
</sp:AsymmetricBinding>
<sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy/>
</sp:Wss10>
</wsp:Policy>
<wsdl:message name="svcFault">
<wsdl:part name="payload" element="WL5G3N2:fault"/>
</wsdl:message>
<wsdl:message name="sendSMS">
<wsdl:part name="payload" element="WL5G3N1:sendSMS"/>
</wsdl:message>
<wsdl:message name="sendSMSResponse">
<wsdl:part name="payload" element="WL5G3N1:sendSMSResponse"/>
</wsdl:message>
<wsdl:portType name="service">
<wsdl:operation name="sendSMS">
<wsdl:input message="WL5G3N1:sendSMS"/>
<wsdl:output message="WL5G3N1:sendSMSResponse"/>
<wsdl:fault name="svcFault" message="WL5G3N1:svcFault"/>
</wsdl:operation>
</wsdl:portType>
<wsdl:binding name="service.Binding" type="WL5G3N1:service">
<WL5G3N3:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>
<wsp:PolicyReference URI="#wss10_x509_token_over_ssl_service_policy" wsdl:required="false" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"/>
<wsdl:operation name="sendEmail">
<WL5G3N3:operation style="document" soapAction="sendEmail"/>
<wsdl:input>
<WL5G3N3:body use="literal"/>
<wsp:PolicyReference URI="#service.BindingQSPort_Input_Policy" wsdl:required="false" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"/>
</wsdl:input>
<wsdl:output>
<WL5G3N3:body use="literal"/>
<wsp:PolicyReference URI="#service.BindingQSPort_Output_Policy" wsdl:required="false" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"/>
</wsdl:output>
<wsdl:fault name="svcFault">
<WL5G3N3:fault name="svcFault" use="literal"/>
<wsp:PolicyReference URI="#service.BindingQSPort_Fault_Policy" wsdl:required="false" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"/>
</wsdl:fault>
</wsdl:operation>
</wsdl:binding>
*************************************
I have written a JAX-RPC client which is using "weblogic.wsee.security.bst.ClientBSTCredentialProvider" to provide client credential as required by the service. Below is the security related code.
*************************************
serverCert.checkValidity();
cp = new ClientBSTCredentialProvider(
clientKeyStore, clientKeyStorePass,
clientKeyAlias, clientKeyPass,
"JKS", serverCert);
l_credproviders.add(cp);
Stub stub = (Stub)port;
stub._setProperty(WSSecurityContext.CREDENTIAL_PROVIDER_LIST
, l_credproviders
);
stub._setProperty(WSSecurityContext.TRUST_MANAGER
, new TrustManager() {
public boolean certificateCallback(
X509Certificate[] chain,
int validateErr) {
// Check that the server cert matches
boolean result = true;//chain[0].equals(serverCert);
return result;
}
}
);
*************************************
I am testing my client using SOAPUI. However above client code is giving me below Exceptions.
**************************************
java.rmi.RemoteException: SOAPFaultException - FaultCode [{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}InvalidSecurity] FaultString [Error on verifying message against security policy Error code:4206] FaultActor [null]No Detail; nested exception is:
**************************************
Can someone please help me to understand what my WSDL is specifying and why "ClientBSTCredentialProvider" is not able to attach the required policy? Or is is happening that since I am testing with SOAPUI, SOAPResponse is not as per the WSDL policy? Below are the SOAP requests and response for this.
***************************************
~~SOAP REQUEST~~
<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"><env:Header xmlns:wsa="http://www.w3.org/2005/08/addressing"><wsa:MessageID wsu:Id="MessageID_HUf02VXDqusotArv" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">uuid:c7404e48f626d447:-246df928:14183ec2b7f:-8000</wsa:MessageID><wsa:Action wsu:Id="Action_CcS8Hy0hmQ2wVKHH" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">sendSMS</wsa:Action><wsa:To wsu:Id="To_bb3aIWjwG1Got1IZ" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">http://domainname:8090/sendSMS</wsa:To><wsa:ReplyTo wsu:Id="ReplyTo_w1ZItNbfV8se2kbF" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><wsa:Address>http://www.w3.org/2005/08/addressing/anonymous</wsa:Address></wsa:ReplyTo><wsse:Security env:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="bst_zM6y3VGAX9jZAaiV" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">MIICQTCCAaqgAwIBAgIEUixN4TANBgkqhkiG9w0BAQUFADBlMQswCQYDVQQGEwJMQjEPMA0GA1UECBMGQmVpcnV0MRAwDgYDVQQHEwdMZWJhbm9uMQ0wCwYDVQQKEwRNRFNMMQ0wCwYDVQQLEwRNRFNMMRUwEwYDVQQDEwxNYXl1ciBDbGllbnQwHhcNMTMwOTA4MTAxMzUzWhcNMTMxMjA3MTAxMzUzWjBlMQswCQYDVQQGEwJMQjEPMA0GA1UECBMGQmVpcnV0MRAwDgYDVQQHEwdMZWJhbm9uMQ0wCwYDVQQKEwRNRFNMMQ0wCwYDVQQLEwRNRFNMMRUwEwYDVQQDEwxNYXl1ciBDbGllbnQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMeT5uG9IJFxUE8SP2eXxrW7Lvo0ZlEiv8NS2OzLHe4e4T1gZC6NZhsDk6G3GKt8z6yj8MlfIPzYTrXxNSgnW34WYZ2kFw6TrjakUr99i4sH5yi1Z0Bmm3nNq9/2WWrdMXVjeI5EwEdU/UUogb2Wdgh1HPZgGUuWhkLoDmVR36y1AgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAlvFZVLJ2h0BNe7EFGDUtBmEPF8EkdQn1R2AyK5AQONLM2RwNJYhVdVGLI13y+XJbACiyrFz5Sxsgu46hk6Bk6P+K/ZAUWQwDiV0pLhLg7LuR/K33o2EGkXiUnwOdcScG040n2sUnbi7ed/5mPcNuOGlYMQL/PHHZ2QGGTLEOe2U=</wsse:BinarySecurityToken><dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference URI="#MessageID_HUf02VXDqusotArv"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>oG0PCOutUmUrhIhjsHB2G9Nu7Qc=</dsig:DigestValue></dsig:Reference><dsig:Reference URI="#Action_CcS8Hy0hmQ2wVKHH"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>jwnM3Pu8lEpk7WLokAfW/LcR8bM=</dsig:DigestValue></dsig:Reference><dsig:Reference URI="#To_bb3aIWjwG1Got1IZ"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>9RzmvWQQJG853YKPzwoWDUjWze8=</dsig:DigestValue></dsig:Reference><dsig:Reference URI="#ReplyTo_w1ZItNbfV8se2kbF"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>FPYcJ1NcK6nX5nx5cF+Jj5I2PZE=</dsig:DigestValue></dsig:Reference><dsig:Reference URI="#Timestamp_H75m9X5C1O9rNV2E"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>ZAoaTp1B5yQv/ZGM6Pd8dfmNyPg=</dsig:DigestValue></dsig:Reference><dsig:Reference URI="#Body_q8jxTBg8ZRE0VjRO"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>tnn+BbvQz/kuDBocU8Po24hn8W4=</dsig:DigestValue></dsig:Reference><dsig:Reference URI="#bst_zM6y3VGAX9jZAaiV"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>IG2FZBY/Oqtsu4H6sl/6f2iHJx8=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>LaXCIcrxyatPzcAsKJGK28TEgaEOUdoXUrcmucjHrZDuErfGPS5fa9LrIX7irGYYDoYjJ5uQLq7a7nSRcazfNPznf03nISgr6Voc+23HON2E+fyRmHkKJzWe6OxHRPyHYmxbYQzgXkwGCKqLOZVLJsQLQykMiNV8YK3vuacDAdU=</dsig:SignatureValue><dsig:KeyInfo><wsse:SecurityTokenReference wsse11:TokenType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="str_gp0ybJxTKkZntAn1" xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><wsse:Reference URI="#bst_zM6y3VGAX9jZAaiV" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/></wsse:SecurityTokenReference></dsig:KeyInfo></dsig:Signature><wsu:Timestamp wsu:Id="Timestamp_H75m9X5C1O9rNV2E" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><wsu:Created>2013-10-04T14:43:16Z</wsu:Created><wsu:Expires>2013-10-04T14:44:16Z</wsu:Expires></wsu:Timestamp></wsse:Security></env:Header><env:Body wsu:Id="Body_q8jxTBg8ZRE0VjRO" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><ent:sendSMS xmlns:ent="http://www.banqueaudi.com/evs/ent.msg.Notification"><util:header xmlns:util="http://www.banqueaudi.com/ebo/util.cmn.EBMHeader"><util:ebmSID>FCDB</util:ebmSID></util:header><ent:body><msg:smsNotification xmlns:msg="http://www.banqueaudi.com/ebo/msg.Notification"><msg:sender>98989898</msg:sender><msg:recipients><msg:recipient>78831471</msg:recipient></msg:recipients><msg:subject>SUBJECT</msg:subject><msg:message>My message</msg:message></msg:smsNotification></ent:body></ent:sendSMS></env:Body></env:Envelope>
***************************************
***************************************
~~SOAP RESONSE~~
<soapenv:Envelope xmlns:ent="http://www.banqueaudi.com/evs/ent.msg.Notification" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:util="http://www.banqueaudi.com/ebo/util.cmn.EBMHeader" xmlns:util1="http://www.banqueaudi.com/ebo/util.cmn.Basic">
<soapenv:Header><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"/></soapenv:Header>
<soapenv:Body wsu:Id="id-45" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><xenc:EncryptedData Id="ED-2" Type="http://www.w3.org/2001/04/xmlenc#Content" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><wsse:SecurityTokenReference wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"><wsse:Reference URI="#EK-B692F44E26CFCF96A613807927256684"/></wsse:SecurityTokenReference></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>x6T1pLtqpeAyg8SNuQQi23Ok6ceQikgVKyj80ylEdecdZoNOs2tUwhaO+irKXYy0XbMrmM+t3mMHsi2nNX5fps/camDpP9yOlN8Hosd+vUWsI4RA/8mnJVePitR3pf2dLgJD44vBowH5bQZ8R8B1vxDDjUpU2DOpfIxaPaSMApXvYfmPOMiDNtM/tXRCHrbHcljTAFvRZG9ShUZM6419i0JtpSCr77EkxJiWcVu9NIVwkHZoXpS8zY+pjjaatKi2EMzB9zPMXhtEvCER5pnEXWzUdhb5s9mWJAGaTd8h0j5o93LY/Mnw/mWBlzhFlk6b8cyJw1IrDAl5Tar8isuCqR2FbFs0aWqS8ng1QPnnc4xtBmCdgViifiXP0877LmFEqW74vDXtEDZniAfiixWt0u0gVsSYurJdwCWdZrfON12jAW35j6fWtgmGprsb6yE2cwg+J2BJaODdxTMOwyBAswygdjJw+RPLOXxCcYddyKJiFb/K+U0WiDj41yl/v8dmkYX1g9f6/CzpHMz8zpDdb+ecp2WNu3ry3z7fksMzp/LLsC5x2eVdgchOdtNZqufgLv8WQ+Ae/Hmuw/zgQ2l+xjxP4gYWanOphJ92H1Lk5KC/VsB3VdR2uz6b+rQZl0fJnY45HL7mx9uGKwQeQB9FWO1LNwcSQZw2yq7CeqUgspyvNMvwu1EXlUiIkYTu9EU0yVC9OGsXnspD9J4AG1m4IwFAL9iFHy7tJfnn5P0pSuSAoa4HeI0zO73H2zyrxEvi7eurXABxo1fk+gtXKDHl+elDtbwC1eJSYpwWZKBcpJSDATa0RCn28YKVVXZVZf0WOA3pTZ9NQNPCNVF/FC9SW8rrQ/777CFcuSlYIsexqL2+D6/TWStLvhrZLZ3K/3CsY/mwsnLwh2aFql8RZCunLSAK2a91y7Z044VO5598KERgBw8gO5RJrmwnSixmPrBjPo1yLkYcmzquHMlqS0CpWpypt5iyDJuF91P39eqYcJHZnwjG7ni8S8RFr2H5Hi3JFNm/k+A4mH5YvtyBqqTfN4+QjJMDBZkVTGFYs6JiRRUJoUK17okXxs8Pq6VYW3iSwEB85CFiVHZlt1eWppveVSHZfQsZsUr+A/QrTdRMZIx+ChRuqmXYdXiYQ35TDPveYWhiIQcWeOXvumtIZRTqYMoA34KuB/9GaH0P+7HUNfeROw6knj5y1DO1w/uIC8x6Uuhr5gMyZSuuzSEfZGUhQ6aWFtSCmnJaoVq18hdAnxNG31Oqi2gy7daCLWDRleow25xGYI2Or+dxhal3khe9+37OceJEWhgmB8gTD2nGBvp7VWLptsoGBgXgqnXs6ab8mG9lLmXbO4ef2ECq84BN//oIiV570qY6OWTQwL1yjNDQ3+1h2bKQ4DE51xq5N1UcTRoGA9DycotHmrOzyhedAMQTndlaNMJr87cC+cRVHYE=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></soapenv:Body>
</soapenv:Envelope>
***************************************
I found resolution to my problem, which I successfully tested with SOAP-UI. Will keep posted once it works on live though.
There are following points that first we should know before writing a client for OWSM secured webservice.
It is feasible to call JAX-WS service using JAX-RPC client and vice-versa.
It is feasible to invoke a OWSM secured webservice, with JAX-RPC client without installing/ configuring OWSM at client side.
Following is the client code (only related to security) for referecnce.
ist l_credproviders = new ArrayList();
CredentialProvider cp = null;
cp = new ClientBSTCredentialProvider(MyClientKeystore.pubCertAlias, MyClientKeystore.prvKeyAlias, MyClientKeystore.serverPubCertAlias);
l_credproviders.add(cp);
Stub stub = (Stub)port;
stub._setProperty(WSSecurityContext.CREDENTIAL_PROVIDER_LIST
, l_credproviders
);
stub._setProperty(WLStub.POLICY_COMPATIBILITY_PREFERENCE
, JFProperties.getProperty(
"POLICY.COMPATIBILITY.PREFERENCE")
);
stub._setProperty(WSSecurityContext.TRUST_MANAGER
, new TrustManager() {
public boolean certificateCallback(
X509Certificate[] chain,
int validateErr) {
// Check that the server cert matches
return true;
}
}
);
How client credential provider API wotrks to secure a client:
a) It connects to the URL and parse the WSDL.
b) Get the policy assertions from the WSDL.
c) create SOAP request message considering the client policy assertions.
d) send and receive the response from the server.
e) validate response from server against the policy assertions of server response from already parsed WSDL, If server response is not valid against policy throws SecurityExceptions.
Hope this help and someone gets benefited from my exhausted experience :)
I new to Java, and thought it'd be a nice learning exercise to implement a client application on top of a .NET WCF service I'm already familiar with.
I ran wsimport.bat from the latest JAX-WS (https://jax-ws.java.net/) to generate the client proxies, However I'm stuck with the authentication part. The WCF service uses Application level Username/Password to authenticate. I don't know where to supply the credentials.
In C#, for this WCF Service I just need to add a service reference, and do the following:
var client = new ServiceClient();
client.ClientCredentials.UserName.UserName = "username";
client.ClientCredentials.UserName.Password = "password";
client.DoSomething();
From Fiddler, calling client.DoSomething() produces the following request:
<?xml version="1.0"?>
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<s:Header>
<o:Security xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" s:mustUnderstand="1">
<u:Timestamp u:Id="_0">
<u:Created>2013-05-20T01:34:28.353Z</u:Created>
<u:Expires>2013-05-20T01:39:28.353Z</u:Expires>
</u:Timestamp>
<o:UsernameToken u:Id="uuid-da5b7b57-dbb4-4c54-b529-f5b41fc728b4-1">
<o:Username>username</o:Username>
<o:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password</o:Password>
</o:UsernameToken>
</o:Security>
</s:Header>
<s:Body>
<DoSomething xmlns="http://tempuri.org/"/>
</s:Body>
</s:Envelope>
Here is the Java I'm currently using:
SomeService service = new SomeService();
ISomeService port = service.getBasicHttpBindingISomeService();
DoSomethingResponse response = port.getDoSomething();
This produces the following request:
<?xml version="1.0"?>
<S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/">
<S:Body>
<ns6:DoSomething xmlns="http://schemas.microsoft.com/2003/10/Serialization/Arrays" xmlns:ns6="http://tempuri.org/" xmlns:ns7="http://schemas.microsoft.com/2003/10/Serialization/"/>
</S:Body>
</S:Envelope>
It's missing the Security node, so I'm not sure how to set that up on the Java side. What am I missing?
I'm not 100% bound to using JAX-WS, if there is a better alternative out there for my needs. However, the WCF service can not be modified to reconfigured, as it's out of my reach.
WSDL:
<wsdl:definitions xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap12="http://schemas.xmlsoap.org/wsdl/soap12/" xmlns:tns="http://tempuri.org/" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsap="http://schemas.xmlsoap.org/ws/2004/08/addressing/policy" xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl" xmlns:msc="http://schemas.microsoft.com/ws/2005/12/wsdl/contract" xmlns:wsa10="http://www.w3.org/2005/08/addressing" xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex" xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata" name="SomeService" targetNamespace="http://tempuri.org/">
<wsp:Policy wsu:Id="BasicHttpBinding_ISomeService_policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:TransportToken>
<wsp:Policy>
<sp:HttpsToken RequireClientCertificate="false"/>
</wsp:Policy>
</sp:TransportToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic256/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Lax/>
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp/>
</wsp:Policy>
</sp:TransportBinding>
<sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
<sp:WssUsernameToken10/>
</wsp:Policy>
</sp:UsernameToken>
</wsp:Policy>
</sp:SignedSupportingTokens>
<sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy/>
</sp:Wss10>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
<wsdl:types>
<xsd:schema targetNamespace="http://tempuri.org/Imports">
<xsd:import schemaLocation="https://someservice.com/service.svc?xsd=xsd0" namespace="http://tempuri.org/"/>
<xsd:import schemaLocation="https://someservice.com/service.svc?xsd=xsd1" namespace="http://schemas.microsoft.com/2003/10/Serialization/"/>
<xsd:import schemaLocation="https://someservice.com/service.svc?xsd=xsd6" namespace="http://schemas.microsoft.com/2003/10/Serialization/Arrays"/>
</xsd:schema>
</wsdl:types>
<wsdl:message name="ISomeService_DoSomething_OutputMessage">
<wsdl:part name="parameters" element="tns:DoSomethingResponse"/>
</wsdl:message>
<wsdl:portType name="ISomeService">
<wsdl:operation name="DoSomething">
<wsdl:input wsaw:Action="http://tempuri.org/ISomeService/DoSomething" message="tns:ISomeService_DoSomething_InputMessage"/>
<wsdl:output wsaw:Action="http://tempuri.org/ISomeService/DoSomethingResponse" message="tns:ISomeService_DoSomething_OutputMessage"/>
</wsdl:operation>
</wsdl:portType>
<wsdl:binding name="BasicHttpBinding_ISomeService" type="tns:ISomeService">
<wsp:PolicyReference URI="#BasicHttpBinding_ISomeService_policy"/>
<soap:binding transport="http://schemas.xmlsoap.org/soap/http"/>
<wsdl:operation name="DoSomething">
<soap:operation soapAction="http://tempuri.org/ISomeService/DoSomething" style="document"/>
<wsdl:input>
<soap:body use="literal"/>
</wsdl:input>
<wsdl:output>
<soap:body use="literal"/>
</wsdl:output>
</wsdl:operation>
</wsdl:binding>
<wsdl:service name="SomeService">
<wsdl:port name="BasicHttpBinding_ISomeService" binding="tns:BasicHttpBinding_ISomeService">
<soap:address location="https://someservice.com/service.svc"/>
</wsdl:port>
</wsdl:service>
</wsdl:definitions>
I'm using the latest JDK on Windows 8 x64
You need to create a custom CallbackHandler from your Java client. I am not an expert in Java but I know that some of my clients use Metro libraries to communicate with my WCF web services.
Try searching for creating a CallbackHandler with/without Metro library.
You can download Metro library from here.
An example of what I am suggesting.