stackoom
  简体   繁体   中英

Failed to assert identity with UsernameToken when connecting to weblogic web service using wss4j

 原文  2014-07-04 12:06:45       java/ web-services/ weblogic/ ws-security/ wss4j

Question

I'm trying to connect to a web service using wss4j in order to wrap my xml with a username token security with password in digest form, below is my request output: 

<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:UsernameToken wsu:Id="UsernameToken-C53A9DE4F384C9293314044748291431">
<wsse:Username>weblogicdev</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">cfxACgO/wSzJSIjd9r8119BURWY=</wsse:Password>
<wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">76O2tFwe2NQLw/ZOiTgtyA==</wsse:Nonce>
<wsu:Created>2014-07-04T11:53:49.141Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
<soapenv:Body>
<mdsl:CustomerRequest xmlns:mdsl="www.mdsl.eft.cms.com">
<mdsl:Institution>1
</mdsl:Institution>
<mdsl:Customer_ID>00236615
</mdsl:Customer_ID>
<mdsl:Data_Level>A
</mdsl:Data_Level>
</mdsl:CustomerRequest>   
</soapenv:Body>
</soapenv:Envelope>

I can't seem to figure out why this request is giving me a: 

<?xml version='1.0' encoding='UTF-8'?>
<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">
<env:Body>
<env:Fault xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<faultcode>wsse:FailedAuthentication</faultcode>
<faultstring>Failed to assert identity with UsernameToken.</faultstring>
</env:Fault>
</env:Body>
</env:Envelope>

But when I implement ws security on jdev with password digest the request works.(jax-ws implementation with weblogic api)

The username weblogicdev and password weblogic123 are valid and the request worked when the policy I put on the web service was a username password token plain (clear text password)

Does oracle process the digest password differently than the one made with wss4j ? and if it does, does anyone have an algorithm I can use in order to replicate this password digest generation ?

1 answers

solution1
 0  2015-02-27 14:58:44

根据您为Web服务选择的身份验证方法,您可能必须将此用户/密码添加到Weblogic管理控制台中的SecurityRealm。

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Wss4j and soaphandler error when calling a web service twice How to validate UsernameToken without password in wss4j 1.6? UsernameToken WS-Security with Apache CXF Annotations (WSS4J) Apache CXF web service security issue with wss4j SoapFault: Failed to assert identity with UsernameToken Secure web service calls using WSS4J return “An error was discovered processing the <wsse:Security> header” How to get authenticated user in web service methods using WSS4J interceptors Authenticating selective spring web serrvices using wss4j SimplePasswordValidationCallbackHandler Signing SOAP messages using WSS4J Error in WS-Secured header validation(WSS4j) with UsernameToken TimeStamp for different time zone
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM