I have configured a service deployed on Weblogic which uses WSSE security header authentication. The security headers (username and password) are used to pass on to LDAP to check for the client's authentication.
The security header are embedded as follows in the SOAP envelop of my request.
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:UsernameToken>
<wsse:Username>iam-uid=xxx,ou=zzz,dc=ccc,dc=vvv,dc=qqq</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">heeey</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
However, the request does not even reach my service. It fails to process on Weblogic itself. Following exception is received.
<Sep 6, 2018 5:29:46 PM CEST> <Error> <com.sun.xml.ws.transport.http.HttpAdapter> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <> <BEA-000000> <null
java.lang.AbstractMethodError
at com.sun.xml.ws.util.xml.XmlUtil.newTransformerFactory(XmlUtil.java:392)
at com.sun.xml.ws.util.xml.XmlUtil.newTransformerFactory(XmlUtil.java:400)
at com.sun.xml.ws.message.stream.StreamHeader.writeTo(StreamHeader.java:212)
at weblogic.wsee.jaxws.security.SCTIDRoutingInfoFinder.findRoutingInfo(SCTIDRoutingInfoFinder.java:63)
at weblogic.wsee.jaxws.cluster.BaseSOAPRouter.route(BaseSOAPRouter.java:153)
at weblogic.wsee.jaxws.cluster.InPlaceSOAPRouter.route(InPlaceSOAPRouter.java:190)
at weblogic.wsee.jaxws.cluster.ClusterRoutingTubeUtils.handleInboundMessage(ClusterRoutingTubeUtils.java:110)
at weblogic.wsee.jaxws.cluster.ClusterRoutingServerTube.processRequest(ClusterRoutingServerTube.java:82)
at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:1136)
at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:1050)
at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:1019)
at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:877)
at com.sun.xml.ws.server.WSEndpointImpl$2.process(WSEndpointImpl.java:419)
at com.sun.xml.ws.transport.http.HttpAdapter$HttpToolkit.handle(HttpAdapter.java:868)
at com.sun.xml.ws.transport.http.HttpAdapter.handle(HttpAdapter.java:422)
at com.sun.xml.ws.transport.http.servlet.ServletAdapter.handle(ServletAdapter.java:169)
at weblogic.wsee.jaxws.WLSServletAdapter.handle(WLSServletAdapter.java:199)
at weblogic.wsee.jaxws.HttpServletAdapter$AuthorizedInvoke.run(HttpServletAdapter.java:640)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:146)
at weblogic.wsee.util.ServerSecurityHelper.authenticatedInvoke(ServerSecurityHelper.java:108)
at weblogic.wsee.jaxws.HttpServletAdapter$3.run(HttpServletAdapter.java:284)
at weblogic.wsee.jaxws.HttpServletAdapter.post(HttpServletAdapter.java:293)
at weblogic.wsee.jaxws.JAXWSServlet.doRequest(JAXWSServlet.java:128)
at weblogic.servlet.http.AbstractAsyncServlet.service(AbstractAsyncServlet.java:99)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:844)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:280)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:254)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:136)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:346)
at
weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:243)
