Apache CXF - javax.xml.ws.soap.SOAPFaultException: No security action was defined

Question

Despite I have set the username, password, action, and WS Security Password Type (which is PasswordText), getting this exception when I try to call a service of the web service: No security action was defined. The web service I try to communicate uses Basic Authentication with using PasswordText WS Security Password Type.

Here is what I have tried:

    Map<String, Object> ctx = ((BindingProvider) basicHttpBindingIDeneme).getRequestContext();
    ctx.put("ws-security.username", USERNAME);
    ctx.put("ws-security.password", PASSWORD);

    Map<String,Object> inProps = new HashMap<String,Object>();
    inProps.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT);
    inProps.put(WSHandlerConstants.ACTION, "UsernameToken");
    WSS4JInInterceptor wssIn = new WSS4JInInterceptor(inProps);

    org.apache.cxf.endpoint.Client client = ClientProxy.getClient(basicHttpBindingIDeneme);
    org.apache.cxf.endpoint.Endpoint cxfEndpoint = client.getEndpoint();
    cxfEndpoint.getInInterceptors().add(wssIn);

    Map<String,Object> outProps = new HashMap<String,Object>();
    // how to configure the properties is outlined below;

    WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(outProps);
    cxfEndpoint.getOutInterceptors().add(wssOut);

What else do I need to configure in order to define security action?

p.s. Using Apache CXF 3.1.12 which is the latest version available.

Can you post wsdl? Are you sure server uses WS-Security? – user1516873 Jul 24 '17 at 11:35 — user1516873, Jul 24 '17 at 11:35

score 1 · Answer 1 · answered Mar 22 '18 at 01:07

The problem in the code is that you are trying to invoke a webservice and the properties you add are getting set in the WSS4JInInterceptor instead of setting them in the WSS4JOutInterceptor.

The properties should be defined similar to this.

 Map<String, Object> outProps = new HashMap<String, Object>();
            outProps.put("action", "UsernameToken");
            outProps.put("user", "yourUser");
            outProps.put("passwordCallbackClass","com.example.PasswordCallback");

You can find a full code example here.

what was the problem @talha06? – Carlos Jun 05 '19 at 18:37 — Carlos, Jun 05 '19 at 18:37

score 0 · Answer 2 · answered Jul 24 '17 at 11:29

0

Did you add the security interceptor to bean.xml?

<bean id="securityInterceptor" class="...BasicAuthAuthorizationInterceptor">
</bean>

    <jaxrs:server id="..." address="/">
        <jaxrs:serviceBeans>
            <ref bean="bean" />
        </jaxrs:serviceBeans>

        <jaxrs:inInterceptors>
            <ref bean="securityInterceptor" />
        </jaxrs:inInterceptors>

    </jaxrs:server>

answered Jul 24 '17 at 11:29

Tanu

24
7

No, it is a standalone Java application which is not built on any frameworks. – talha06 Jul 24 '17 at 11:30
Ohh.. but you might be using bean.xml or cxf.xml since its a cxf application – Tanu Jul 24 '17 at 11:33

Apache CXF - javax.xml.ws.soap.SOAPFaultException: No security action was defined

2 Answers2