0

I have a WSDL that includes the documentation:

<?xml version="1.0" encoding="UTF-8">
<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:enc="http://schemas.xmlsoap.org/soap/encoding/"
       xmlns:ns0="http://www.openlandsw.com/PlatformServices/"
       xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
       <env:Header>
               <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" env:mustUnderstand="1"
                       <wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="username-token">
                               <wsse:Username>{}user1</wsse:Username>
                               <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">user1</wsse:Password>
                               <wsu:Created>2007-01-16T08:17:39Z</wsu:Created>
                       </wsse:UsernameToken>
               </wsse:Security>
       </env:Header>
       <env:Body>
               ......
       </env:Body>
</env:Envelope>

I have created an Apache CXF client, and I am using it this way:


        Custody custody = new Custody();
        CustodyPort custodyPort = custody.getCustodyService();
        ((BindingProvider) custodyPort).getRequestContext().put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, "http://redacted.example:8080/tspCustody/services");
        Client custodyClient = ClientProxy.getClient(custodyPort);
        Endpoint custodyEndpoint = custodyClient.getEndpoint();
        Map<String, Object> outProps = new HashMap<String, Object>();
        outProps.put(WSHandlerConstants.ACTION, WSHandlerConstants.USERNAME_TOKEN);
        outProps.put(WSHandlerConstants.USER, "REDACTED");
        // Password type : plain text
        outProps.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT);
        // for hashed password use:
        //properties.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_DIGEST);
        // Callback used to retrieve password for given user.
        outProps.put(WSHandlerConstants.PW_CALLBACK_REF, 
            new CallbackHandler() {
                public void handle(Callback[] callbacks)
                    throws IOException, UnsupportedCallbackException {
                    ((WSPasswordCallback) callbacks[0]).setPassword("REDACTED");
                }
            });     
        WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(outProps);
        custodyEndpoint.getOutInterceptors().add(wssOut);

But when I capture the request, it does not have the wsu:Created element at wsse:UsernameToken:

<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
  <soap:Header>
    <wsse:Security
      xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" 
      xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" 
      soap:mustUnderstand="1">
      <wsse:UsernameToken wsu:Id="UsernameToken-ecc4838c-615d-40c4-b8d4-e9f11bff515a">
        <wsse:Username>REDACTED</wsse:Username>
        <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">REDACTED</wsse:Password>
      </wsse:UsernameToken>
    </wsse:Security>
  </soap:Header>
  <soap:Body>
     ...

I have tried appending the WsHandlerConstants.TIMESTAMP to the action, but that only adds a wsu:Timestamp element outside wsse:UsernameToken

I am using Apache CXF 3.3.9 and org.apache.wss4j:wss4j:2.3.1.

Note: This is the same setup than my other question, but that question is with an Axis2 client

SJuan76
  • 24,532
  • 6
  • 47
  • 87

0 Answers0