I am using WSS4J 1.6 and Axis 1.4.
I am creating the UsernameToken using org.apache.ws.security.message.WSSecUsernameToken.
What I do not understand is the wsu:Id attribute. According to the web service specs it has to be in the form of "SecurityToken-24ada6f8-4626-4269-b786-a22361bfde78".
No matter what I do the wsu:Id attribute contains "UsernameToken-123" but, according to the web service specs it has to be on the form "SecurityToken-24ada6f8-4626-4269-b786-a22361bfde78".
I have absolutely no idea how to achieve this and Google has run dry.
So, can anyone tell me what I need to do?
The UsernameToken xml as it comes is now.
<wsse:UsernameToken wsu:Id="UsernameToken-133"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:Username>stan</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">secrit</wsse:Password>
</wsse:UsernameToken>
The UsernameToken xml as I want it to come out.
<wsse:UsernameToken wsu:Id="SecurityToken-24ada6f8-4626-4269-b786-a22361bfde78"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:Username>stan</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">secrit</wsse:Password>
</wsse:UsernameToken>
Here is the code I use to create the soap message.
public String soapTest() throws Exception {
MessageFactoryImpl messageFactory = new MessageFactoryImpl();
SOAPMessage soapMessage = null;
soapMessage = messageFactory.createMessage();
Message message = (Message)soapMessage;
SOAPEnvelope unsignedEnvelope = message.getSOAPEnvelope();
unsignedEnvelope.addNamespaceDeclaration( "xsd", "http://www.w3.org/2001/XMLSchema" );
unsignedEnvelope.addNamespaceDeclaration( "xsi", "http://www.w3.org/2001/XMLSchema-instance" );
unsignedEnvelope.addNamespaceDeclaration( "enc", "http://schemas.xmlsoap.org/soap/encoding/" );
unsignedEnvelope.addNamespaceDeclaration( "env", "http://schemas.xmlsoap.org/soap/envelop/" );
unsignedEnvelope.addNamespaceDeclaration( "wsa", "http://schemas.xmlsoap.org/ws/2004/03/addressing" );
unsignedEnvelope.addNamespaceDeclaration( "wsse", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" );
unsignedEnvelope.addNamespaceDeclaration( "wsu", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" );
unsignedEnvelope.addNamespaceDeclaration( "ws", "http://ws.stupidsoap.com" );
SOAPBody soapMsgBody = (SOAPBody)soapMessage.getSOAPBody();
org.apache.axis.message.SOAPEnvelope soapMsgEnvelope = ((Message)soapMessage).getSOAPEnvelope();
SOAPBodyElement be = (SOAPBodyElement)soapMsgBody.addChildElement( soapMsgEnvelope.createName( "addTwoNumbers", "", "http://ws.stupidsoap.com" ) );
be.addChildElement( "number1" ).addTextNode( "5" );
be.addChildElement( "number2" ).addTextNode( "10" );
org.w3c.dom.Document doc = (org.w3c.dom.Document)soapMsgEnvelope.getAsDocument();
WSSecHeader secHeader = new WSSecHeader();
secHeader.insertSecurityHeader( doc );
WSSecUsernameToken utBuilder = new WSSecUsernameToken();
utBuilder.setPasswordType( WSConstants.PASSWORD_TEXT );
utBuilder.setUserInfo( "stan", "secrit" );
utBuilder.addNonce();
utBuilder.addCreated();
utBuilder.build( doc, secHeader );
return org.apache.ws.security.util.XMLUtils.PrettyDocumentToString( doc );
}
