Skip to main content
Summary How to configure WS-Security UsernameToken values within configuration file for Artix 5.5 JAX-WS
Article Number 18718
Environment Artix 5.5 Artix JAX-WS Runtime All Supported Operating Systems
Question/Problem Description How to configure WS-Security UsernameToken values within configuration file for Artix 5.5 JAX-WS
How to specify username/password values for WS-Security UsernameToken in configuration
How to configure Artix 5.5 JAX-WS WS-Security credentials
Clarifying Information
Error Message
Defect/Enhancement Number
Cause
Resolution

Artix 5.5  JAX-WS uses the org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor for inserting the WS-Security Token into the SOAP message. Below is an example of how to specify the user name and password directly in the configuration file that are used to populate the header values. The xml snippet can be used with the sample located in <ARTIX_JAVA_HOME>\\samples\\basic\\wsdl_first

...

 <jaxws:client name="{http://apache.org/hello_world_soap_http}SoapPort"
        createdFromAPI="true">
        <jaxws:properties>
            <entry key="schema-validation-enabled" value="true" />
   <entry key="password" value="Extraspecialpassword" />
        </jaxws:properties>
  <jaxws:outInterceptors>
            <bean class="org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor"/>
            <ref bean="UPHeader"/>
        </jaxws:outInterceptors>
    </jaxws:client>
    
  
  <bean
        class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor"
        id="UPHeader">
        <constructor-arg>
            <map>
                <entry key="action" value="UsernameToken"/>
                <entry key="user" value="alice"/>
                <entry key="passwordType" value="PasswordText" />
            </map>
        </constructor-arg>
    </bean>

...

The above configuration will  result in the following message that contains the WS-Security UsernameToken.

    [java] INFO: Outbound Messag.e
     [java] ---------------------------
     [java] Encoding: UTF-8
     [java] Headers: {SOAPAction=[""], Accept=[*/*]}
     [java] Payload:
  <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
  <soap:Header>
   <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
   soap:mustUnderstand="1">
    <wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
      xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" wsu:Id="UsernameToken-1">
        <wsse:Username>alice</wsse:Username>
        <wsse:Password Type="Extraspecialpasswordhttp://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">Extraspecialpassword</wsse:Password>
       </wsse:UsernameToken>
   </wsse:Security>
  </soap:Header>
  <soap:Body>
   <greetMe xmlns="http://apache.org/hello_world_soap_http/types">
    <requestType>John Doe</requestType>
   </greetMe>
  </soap:Body>
 </soap:Envelope>

Please be aware, that by specifying the password in clear text within a configuration file could introduces a possible security weakness.

Further details on how to specify the credentials programmatically can be found in the Artix Guide "Artix Security Guide, Java Runtime" under the section "Programming Authentication".

.
Workaround
Notes
Attachment
Created date: 06 September 2011
Last Modified: 13 February 2013
Last Published: 23 June 2012
First Published date: 10 September 2011

#KnowledgeDocs
#Orbix
Terms & ConditionsAccessibility statement