ansaurus

Question

Looking for Tutorial/How To for JAX-WS Client Security

Answer 1

A:

Not an answer, but more information/questions. Perhaps I should have edited the original question, but there's a lot of information...

I have since discovered the need for a MyService.xml file and wsit-client.xml files. The policy in the MyService.xml file looks like:

<wsp:Policy wsu:Id="MyServicePortBindingPolicy">
    <wsp:ExactlyOne>
        <wsp:All>
            <sc:CallbackHandlerConfiguration
                wspp:visibility="private">
                <sc:CallbackHandler default="testUser"
                    name="usernameHandler" />
                <sc:CallbackHandler default="testPW"
                    name="passwordHandler" />
            </sc:CallbackHandlerConfiguration>
        </wsp:All>
    </wsp:ExactlyOne>
</wsp:Policy>

I have created a MyServiceCallbackHandler class:

package my.service.client;

import java.io.IOException;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;

public class MyServiceCallbackHandler implements CallbackHandler
{

    public void handle(Callback[] callbacks) throws IOException,
            UnsupportedCallbackException
    {
        for (Callback callback : callbacks)
        {
            if (callback instanceof NameCallback)
            {
                ((NameCallback) callback).setName("testUser");
            }
            else if (callback instanceof PasswordCallback)
            {
                ((PasswordCallback) callback).setPassword("testPW".toCharArray());
            }
            else
            {
                throw new UnsupportedCallbackException(callback,
                        "Unrecognized Callback");
            }
        }
    }
}

My wsit-client.xml looks like this:

<?xml version="1.0" encoding="UTF-8"?> 
 <definitions xmlns="http://schemas.xmlsoap.org/wsdl/" 
        xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" 
        xmlns:xsd="http://www.w3.org/2001/XMLSchema" 
        xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" name="mainclientconfig">
    <import location="MyService.xml" namespace="http://my.service/"/&gt;
</definitions>

Both the wsit-client.xml and MyService.xml files are located in my src/main/resources/meta-info folder.

I am trying to test the client by running a main method in my client class, but get this exception:

Caught Exception: javax.xml.ws.soap.SOAPFaultException: Security Requirements not met - No Security header in message
javax.xml.ws.soap.SOAPFaultException: Security Requirements not met - No Security header in message

This isn't unexpected because I have no idea how to configure the client to use the handler/xml files. I have searched for how to do this, but to no avail.

My intent was to create a jar file that can be used as a library in other web applications that need to access the web service. Can I do this or do I need to package it as a war file? Do I need to configure the handler class in a web.xml file?

If anyone can point me to a resource on how to deploy a web services client with this type of security policy it would be greatly appreciated.

sdoca 2010-07-12 17:10:04

ansaurus

tags:

views:

answers:

Looking for Tutorial/How To for JAX-WS Client Security

related questions