Uploaded image for project: 'JBoss Web Services'
  1. JBoss Web Services
  2. JBWS-2379

Using a custom HandlerResolver on client while using WS-Security does not add ws-security header to soap envelope

    XMLWordPrintable

Details

    • Hide

      Workaround seems to be to :
      1. get the HandlerChain list from the BInding
      2. add your own Handlers to the list
      3. and then set the HandlerChain list back in the Binding object

      List<Handler> chain = ((BindingProvider)port).getBinding().getHandlerChain();
      chain.add(new CustomHandler());
      ((BindingProvider)port).getBinding().setHandlerChain(chain);

      Show
      Workaround seems to be to : 1. get the HandlerChain list from the BInding 2. add your own Handlers to the list 3. and then set the HandlerChain list back in the Binding object List<Handler> chain = ((BindingProvider)port).getBinding().getHandlerChain(); chain.add(new CustomHandler()); ((BindingProvider)port).getBinding().setHandlerChain(chain);

    Description

      I have a webservice deployed as an EJB endpoint with the correct WS-Security Configuration (using UsernameToken)

      My standalone java client code looks like this:

      ReflectorEjbWsseApi port = null;
      Service service = (Service) Service.create(wsdlURL, serviceQName);
      service.setHandlerResolver(new CustomHandlerResolver);

      port = service.getPort(ReflectorEjbWsseApi.class);
      HandlerResolver hr = new HandlerResolver();
      ((BindingProvider)port).getRequestContext().put(BindingProvider.USERNAME_PROPERTY, WebServiceConstants.USERNAME);
      ((BindingProvider)port).getRequestContext().put(BindingProvider.PASSWORD_PROPERTY, WebServiceConstants.PASSWORD);

      URL securityURL = new File("jboss-wsse-client.xml").toURL();
      ((StubExt)port).setSecurityConfig(securityURL.toExternalForm());

      ((StubExt) port).setConfigName("Standard WSSecurity Client");
      ((BindingProvider)port).getRequestContext().put(StubExt.PROPERTY_AUTH_TYPE, StubExt.PROPERTY_AUTH_TYPE_WSSE);

      As you can see I am setting my own custom HandlerResolver. However by doing this I am somehow overriding the default HandlerChain which would have used the USERNAME_PROPERTY and PASSWORD_PROPERTY values and added the ws-security header to the soap message.

      When executing this code I get a SOAPFault from the server saying that the soap message does not contain a required header.

      javax.xml.ws.soap.SOAPFaultException: org.jboss.ws.core.CommonSOAPFaultException: This service requires <wsse:Security>, which is missing.

      If I don't set the handlerResolver by removing this line from my client:
      service.setHandlerResolver(new CustomHandlerResolver);

      the request goes through fine and I get a valid response.

      My own customhandlers do nothing but some logging activity. I should be able to use my own custom handlers with WS-Security.

      Attachments

        Activity

          People

            darran.lofthouse@redhat.com Darran Lofthouse
            yousuf.raza Yousuf Haider (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: