Https WebService message: Message did not contain a valid Security Element

Question

I am using axis 2 webservice client.

The first https call to the webservice throws a exception with the message: "Message did not contain a valid Security Element".

I think that the problem could be the security mode: maybe it has to be message level security. In this case, how can I configure it in axis?.

The code:

System.setProperty("javax.net.ssl.keyStore", jksFile);
System.setProperty("javax.net.ssl.keyStorePassword", jksPassword);

MyServicePortProxy proxy = new MyServicePortProxy();
Stub stub = (Stub) proxy.getMyServicePort();

proxy.setEndpoint(endpoint);
stub.setUsername(username);
stub.setPassword(password);

// throws exception with the above message:
proxy.serviceMethod(...);

Answer 1

Take a look at http://ws.apache.org/wss4j/package.html we had to define a client-config.wsdd that told axis to include username/password (if it is ws-security you are using). I am a little bit weak on the different standards and what separates them.

Answer 2

It's possible that in your XML service definition you need to create a service policy -[http://schemas.xmlsoap.org/ws/2004/09/policy/]

Take a look at these articles:

http://www.javaranch.com/journal/200603/Journal200603.jsp#a2 http://www.javaranch.com/journal/200709/web-services-authentication-axis2.html

Answer 3

Watch your clock-skew. If the timestamp in the security element provided by the client is too far into the past or the future from the server's perspective, it may reject it with exactly this message.