Issue Details (XML | Word | Printable)

Key: XWSS-25
Type: Bug Bug
Status: Closed Closed
Resolution: Incomplete
Priority: Major Major
Assignee: xwss-issues
Reporter: jbarnum
Votes: 0
Watchers: 0
Operations

If you were logged in you would be able to see more operations.
xwss

Sample code is useless

Created: 28/Feb/08 11:15 AM   Updated: 29/Feb/08 04:39 AM   Resolved: 29/Feb/08 04:39 AM
Component/s: www
Affects Version/s: current
Fix Version/s: milestone 1

Time Tracking:
Not Specified

Environment:

Operating System: All
Platform: Macintosh


Issuezilla Id: 25
Tags:
Participants: jbarnum, kumarjayanti and xwss-issues


 Description  « Hide

The readme file that comes with SecureXWSS20JDK6 claims that "The Sample Inserts a Username-
Password Token into SOAP Message. It also Signs and Encrypts the UsernameToken and the SOAP Body."

In actuality, the sample code does nothing other than insert basic HTTP auth headers:

((BindingProvider)port).getRequestContext().put(BindingProvider.USERNAME_PROPERTY, "Ron");
((BindingProvider)port).getRequestContext().put(BindingProvider.PASSWORD_PROPERTY, "noR");



kumarjayanti added a comment - 28/Feb/08 10:12 PM

Hi,

The sample has not been written very cleanly but if you follow the
instructions in the README file FaithFully it works. After i saw this bug i got
a doubt if there is something really wrong so i downloaded and tried the whole
thing again. Here is what i did :

For the Server :
---------------------------------------------
D:\>cd SecureXWSS20JDK6

D:\SecureXWSS20JDK6>cd src

D:\SecureXWSS20JDK6\src>copy E:\210307\wsit\wsit\dist\image\metro\lib\webservice
s-rt.jar .
1 file(s) copied.

D:\SecureXWSS20JDK6\src>copy E:\210307\wsit\wsit\dist\image\metro\lib\webservice
s-api.jar .
1 file(s) copied.

D:\SecureXWSS20JDK6\src>copy E:\210307\wsit\wsit\dist\image\metro\lib\webservice
s-tools.jar .
1 file(s) copied.

D:\SecureXWSS20JDK6\src>copy e:\210307\xwss\xwss-ri\lib\mail.jar .
1 file(s) copied.

D:\SecureXWSS20JDK6\src>dir
Volume in drive D is Data1
Volume Serial Number is D868-332E

Directory of D:\SecureXWSS20JDK6\src

02/29/2008 11:24 AM <DIR> .
02/29/2008 11:24 AM <DIR> ..
05/02/2006 09:26 PM 388,830 mail.jar
02/29/2008 11:15 AM <DIR> META-INF
02/29/2008 11:15 AM <DIR> simplejdk6ws
02/27/2008 05:22 PM 174,831 webservices-api.jar
02/27/2008 05:22 PM 12,049,131 webservices-rt.jar
02/27/2008 05:22 PM 3,633,406 webservices-tools.jar
4 File(s) 16,246,198 bytes
4 Dir(s) 29,850,988,544 bytes free

D:\SecureXWSS20JDK6\src>E:\jdk6skid\bin\apt.exe -cp .;webservices-api.jar;webser
vices-rt.jar;webservices-tools.jar simplejdk6ws/Main.java
warning: Annotation types without processors: [javax.annotation.Resource]
1 warning
warning: Annotation types without processors: [javax.xml.bind.annotation.XmlRoot
Element, javax.xml.bind.annotation.XmlAccessorType, javax.xml.bind.annotation.Xm
lType, javax.xml.bind.annotation.XmlElement]
1 warning

D:\SecureXWSS20JDK6\src>E:\jdk6skid\bin\javac -cp .;webservices-api.jar;webservi
ces-rt.jar;webservices-tools.jar simplejdk6ws/*.java
simplejdk6ws\ClientSecurityEnvironmentHandler.java:453: warning: sun.security.x5
09.KeyIdentifier is Sun proprietary API and may be removed in a future release
sun.security.x509.KeyIdentifier keyId = null;
^
simplejdk6ws\ClientSecurityEnvironmentHandler.java:455: warning: sun.security.ut
il.DerValue is Sun proprietary API and may be removed in a future release
sun.security.util.DerValue derVal = new sun.security.util.DerValue(
^
simplejdk6ws\ClientSecurityEnvironmentHandler.java:455: warning: sun.security.ut
il.DerValue is Sun proprietary API and may be removed in a future release
sun.security.util.DerValue derVal = new sun.security.util.DerValue(
^
simplejdk6ws\ClientSecurityEnvironmentHandler.java:456: warning: sun.security.ut
il.DerInputStream is Sun proprietary API and may be removed in a future release
new sun.security.util.DerInputStream(subjectKeyIdentifier).getO
ctetString());
^
simplejdk6ws\ClientSecurityEnvironmentHandler.java:458: warning: sun.security.x5
09.KeyIdentifier is Sun proprietary API and may be removed in a future release
keyId = new sun.security.x509.KeyIdentifier(derVal.getOctetString())
;
^
simplejdk6ws\ServerSecurityEnvironmentHandler.java:430: warning: sun.security.x5
09.KeyIdentifier is Sun proprietary API and may be removed in a future release
sun.security.x509.KeyIdentifier keyId = null;
^
simplejdk6ws\ServerSecurityEnvironmentHandler.java:432: warning: sun.security.ut
il.DerValue is Sun proprietary API and may be removed in a future release
sun.security.util.DerValue derVal = new sun.security.util.DerValue(
^
simplejdk6ws\ServerSecurityEnvironmentHandler.java:432: warning: sun.security.ut
il.DerValue is Sun proprietary API and may be removed in a future release
sun.security.util.DerValue derVal = new sun.security.util.DerValue(
^
simplejdk6ws\ServerSecurityEnvironmentHandler.java:433: warning: sun.security.ut
il.DerInputStream is Sun proprietary API and may be removed in a future release
new sun.security.util.DerInputStream(subjectKeyIdentifier).getO
ctetString());
^
simplejdk6ws\ServerSecurityEnvironmentHandler.java:435: warning: sun.security.x5
09.KeyIdentifier is Sun proprietary API and may be removed in a future release
keyId = new sun.security.x509.KeyIdentifier(derVal.getOctetString())
;
^
simplejdk6ws\SimpleWSClient.java:31: package client does not exist
client.MainService service =
^
simplejdk6ws\SimpleWSClient.java:32: package client does not exist
new client.MainService();
^
simplejdk6ws\SimpleWSClient.java:33: package client does not exist
client.Main port = service.getMainPort();
^
3 errors
10 warnings

D:\SecureXWSS20JDK6\src>E:\jdk6skid\bin\java -cp .;webservices-api.jar;webservic
es-rt.jar;webservices-tools.jar;mail.jar simplejdk6ws.Main
HelloServer is open for business at http://localhost:8080/WebServiceExample/sayh
ello

-----------------------------------------------------------

The Server is Ready to recieve requests above.

For the Client
----------------------------------------
D:\SecureXWSS20JDK6\src>dir
Volume in drive D is Data1
Volume Serial Number is D868-332E

Directory of D:\SecureXWSS20JDK6\src

02/29/2008 11:24 AM <DIR> .
02/29/2008 11:24 AM <DIR> ..
05/02/2006 09:26 PM 388,830 mail.jar
02/29/2008 11:15 AM <DIR> META-INF
02/29/2008 11:26 AM <DIR> simplejdk6ws
02/27/2008 05:22 PM 174,831 webservices-api.jar
02/27/2008 05:22 PM 12,049,131 webservices-rt.jar
02/27/2008 05:22 PM 3,633,406 webservices-tools.jar
4 File(s) 16,246,198 bytes
4 Dir(s) 29,850,894,336 bytes free

D:\SecureXWSS20JDK6\src>e:\jdk6skid\bin\wsimport.exe -p client http://localhost:
8080/WebServiceExample/sayhello?wsdl

D:\SecureXWSS20JDK6\src>E:\jdk6skid\bin\javac.exe -cp .;webservices-api.jar;webs
ervices-rt.jar;webservices-tools.jar simplejdk6ws/*.java
simplejdk6ws\ClientSecurityEnvironmentHandler.java:453: warning: sun.security.x5
09.KeyIdentifier is Sun proprietary API and may be removed in a future release
sun.security.x509.KeyIdentifier keyId = null;
^
simplejdk6ws\ClientSecurityEnvironmentHandler.java:455: warning: sun.security.ut
il.DerValue is Sun proprietary API and may be removed in a future release
sun.security.util.DerValue derVal = new sun.security.util.DerValue(
^
simplejdk6ws\ClientSecurityEnvironmentHandler.java:455: warning: sun.security.ut
il.DerValue is Sun proprietary API and may be removed in a future release
sun.security.util.DerValue derVal = new sun.security.util.DerValue(
^
simplejdk6ws\ClientSecurityEnvironmentHandler.java:456: warning: sun.security.ut
il.DerInputStream is Sun proprietary API and may be removed in a future release
new sun.security.util.DerInputStream(subjectKeyIdentifier).getO
ctetString());
^
simplejdk6ws\ClientSecurityEnvironmentHandler.java:458: warning: sun.security.x5
09.KeyIdentifier is Sun proprietary API and may be removed in a future release
keyId = new sun.security.x509.KeyIdentifier(derVal.getOctetString())
;
^
simplejdk6ws\ServerSecurityEnvironmentHandler.java:430: warning: sun.security.x5
09.KeyIdentifier is Sun proprietary API and may be removed in a future release
sun.security.x509.KeyIdentifier keyId = null;
^
simplejdk6ws\ServerSecurityEnvironmentHandler.java:432: warning: sun.security.ut
il.DerValue is Sun proprietary API and may be removed in a future release
sun.security.util.DerValue derVal = new sun.security.util.DerValue(
^
simplejdk6ws\ServerSecurityEnvironmentHandler.java:432: warning: sun.security.ut
il.DerValue is Sun proprietary API and may be removed in a future release
sun.security.util.DerValue derVal = new sun.security.util.DerValue(
^
simplejdk6ws\ServerSecurityEnvironmentHandler.java:433: warning: sun.security.ut
il.DerInputStream is Sun proprietary API and may be removed in a future release
new sun.security.util.DerInputStream(subjectKeyIdentifier).getO
ctetString());
^
simplejdk6ws\ServerSecurityEnvironmentHandler.java:435: warning: sun.security.x5
09.KeyIdentifier is Sun proprietary API and may be removed in a future release
keyId = new sun.security.x509.KeyIdentifier(derVal.getOctetString())
;
^
10 warnings

D:\SecureXWSS20JDK6\src>E:\jdk6skid\bin\java.exe -cp .;webservices-api.jar;webse
rvices-rt.jar;webservices-tools.jar;mail.jar simplejdk6ws.SimpleWSClient
Got Username......... : Ron
Got Password......... : noR
Feb 29, 2008 11:30:12 AM com.sun.xml.wss.impl.filter.DumpFilter process
INFO: ==== Sending Message Start ====
<?xml version="1.0" encoding="UTF-8"?>
<S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/">
<S:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-w
ss-wssecurity-secext-1.0.xsd" S:mustUnderstand="1">
<wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-ws
s-wssecurity-utility-1.0.xsd" wsu:Id="XWSSGID-1204264812218-1575931445">
<wsu:Created>2008-02-29T06:00:12.117Z</wsu:Created>
<wsu:Expires>2008-02-29T06:05:12.117Z</wsu:Expires>
</wsu:Timestamp>
<xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="XWSSGID-12
04264812268-1360985858">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference>
<wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-2
00401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-o
pen.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdenti
fier">dVE29ysyFW/iD1la3ddePzM6IWo=</wsse:KeyIdentifier>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>ouxC0cqrmQWnWpDucV1A7b8IyCsVqMEhM1qLvRfzBd0IRm8c1nptRfF37FEFYE
MkIfat5kxcwhLs
qF+IETfPltt6dwyPAkhE42ZWUnLzulh5fRf2vfApnMJdDpouWy5xD6/LejUtWue095qTE3vG32Pq
0UicznASqPF9kqYIl98=</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedKey>
<xenc:ReferenceList xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:DataReference URI="#XWSSGID-1204264812558-1655628261"/>
<xenc:DataReference URI="#XWSSGID-1204264812558-1123387489"/>
</xenc:ReferenceList>
<wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-2004
01-wss-wssecurity-utility-1.0.xsd" wsu:Id="username-token">
<xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="XWSSGID-1
204264812558-1123387489" Type="http://www.w3.org/2001/04/xmlenc#Content">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc
"/>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference>
<wsse:Reference URI="#XWSSGID-1204264812268-1360985858"/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>PBc+yg1LEGjAJEecV8eUdhdmR3SjIaPVSIIOzUjW8OnmDN76tTO0ork9w/J96I
6T/q0HTStTS6EY
2F7nqjmkDSE1Uj30vdL2pszqZLIVEov4YRGq6Y/vQRVxZ/FFMq5OpwKmNwPEud/2KY5agHOJ8IRt
nrqYJJ05A7p1JkgtrK2YT5ksgrMYG7f300VO1kvTF2AP9s2agenQE3UlATLCDcV0zhxxkIVwQRmt
C0MYgxD+FvktMWckOhQe66K2pKEW3H5zHRJ6x6knpwygDQAUPzfnX4b4ta+owjc9fgqOez8G6h+S
lM0sserRskfZfoxwM2yS7sV1nv68Qdi5tufSNfEcla9WRb08OF2aG1+bOE2oIp1yLJi6TB3KifHx
RMOdBJYce0NZW1EWDCOS7gs6D7XquJr6hhJIhOcLButr6WIHBWi7bVEloh2XzMPp0C0dYCrXxIox
skFJZd1ynWwV5S0cNDM+Ug3ppImlyBUhViu/0f38X1kmrGpvAePxuyxIKjVD4SwNG1NQGT54DWNK
vE7x7GM6Z1TCogibTAZzT3XiGEPSgYbkj5q+PyY4JNe8U3ugf365XeuP2g2zgOXYEoDFNQc6rbq6
tYwQWqZOPw8h+nDF+CcyOBpeUqNXod7/JL5x2WVlYy4qjZr1cH2h4uSGF/1O56dcBWmSKOEJvWS5
lFrlIrs1NjjwNibXInYO6n2B1I6mBS7tXPVc1yzDltnpu37O+3JtLG+1cBe3zi4B7Q784dBykhRg
sw3AWbiIzk1lnDciLskFIq8lBpsRpl2cNKH2zydMsOn17iNxa+YshzCgsJ2c4Tn4jl4zt3eOeY7q
/RwW3j8zXsS+Q8SYpgpTGY3EtpkbbFcWBo+RUKrJMpyuF8VyX5YdVWt3jougJVK1T6fnCPbDqbbM
8gPYkq/YP6fuIsUR3os+Vm5qCmJS+ljEffNovUCTo2nZIVmJc9ijjF1E8fM=</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</wsse:UsernameToken>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="XWSSGID-12042648
11937224709851">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<InclusiveNamespaces xmlns="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList=
"wsse S"/>
</ds:CanonicalizationMethod>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="username-token">
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>kwiB8WHVoryp8vWkFn00XFCi+xk=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#XWSSGID-1204264812218-1993000820">
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>ZpbALBVMdm3A6E8AUoVyP94ep78=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#XWSSGID-1204264812218-1575931445">
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>/V/lfEtnjh/ZesI66sSwH/CM2zg=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>BGRLsbaR3Z6SGaYW5uaDgMPFG+1zEUa/vkmIYLECbq1ed3tbfK7P8EwZX/+cA
jXfRh/O3U3SLFRx
m1y0/7Utv/LApDFrclEhcTnWNMeGJg8ENRyc6TAQsoJ7aEMgkQklZTUIGGPsSS4CUwGCu+pLE8th
4Wy0Og3HsaTPyBjZewU=</ds:SignatureValue>
<ds:KeyInfo>
<wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/o
asis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="XWSSGID-12042648121982050460
263">
<wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-2
00401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-o
pen.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdenti
fier">/mItfvuFdS7A0GCysE71TFRxP2c=</wsse:KeyIdentifier>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
</S:Header>
<S:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssec
urity-utility-1.0.xsd" wsu:Id="XWSSGID-1204264812218-1993000820">
<xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="XWSSGID-1
204264812558-1655628261" Type="http://www.w3.org/2001/04/xmlenc#Content">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc
"/>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/
oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:Reference URI="#XWSSGID-1204264812268-1360985858"/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>kIvPUZ/X2fHeYlmKuh3GD17fvgeas9NfR2pFHQXsMjHmc//by1ohveA+py55FO
aI+0SwMXQt2y0Z
mfhAEzABPm5lAMsjRdcxglstnbrUHzEVcR1ivkUVUa7TIMmST1tw</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</S:Body>
</S:Envelope>
==== Sending Message End ====

Feb 29, 2008 11:30:13 AM com.sun.xml.wss.impl.filter.DumpFilter process
INFO: ==== Received Message Start ====
<?xml version="1.0" encoding="UTF-8"?>
<S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/">
<S:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-w
ss-wssecurity-secext-1.0.xsd" S:mustUnderstand="1">
<wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-ws
s-wssecurity-utility-1.0.xsd" wsu:Id="XWSSGID-12042648131191728657222">
<wsu:Created>2008-02-29T06:00:13.109Z</wsu:Created>
<wsu:Expires>2008-02-29T06:05:13.109Z</wsu:Expires>
</wsu:Timestamp>
<xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="XWSSGID-12
042648131291256334627">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference>
<wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-2
00401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-o
pen.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdenti
fier">/mItfvuFdS7A0GCysE71TFRxP2c=</wsse:KeyIdentifier>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>g59ZH6noOQ7WocpaUoAhy9Gi+yyFnm/KACr16iVHnU3tp8w31+8953TjR3wMzu
7nifnlBsc5hQYs
T97MR/PELN2qq6plWJkpXWbiCOe4A3qg8ZeQ0R0699YQNW7yJUGlBvGhVORH4HRz9zIxPGemUqPZ
dIxNZ61fCECILKS9RN0=</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedKey>
<xenc:ReferenceList xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:DataReference URI="#XWSSGID-1204264813139-1712609121"/>
</xenc:ReferenceList>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="XWSSGID-12042646
148341763527754">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<InclusiveNamespaces xmlns="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList=
"wsse S"/>
</ds:CanonicalizationMethod>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#XWSSGID-1204264813119847920932">
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>Xu7W826z9xfkkympq5YvoQbpALg=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#XWSSGID-12042648131191728657222">
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>yhODJj4R1F59qGwEMJ3eK+RgWxg=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>stm0VlFj8g88qFb1Bfe3tYcwgGVwX/1dsjZZwt0a4vfNwjJr+3kWRA4oW7qro
KNhBootbrgwmHnP
eMj2bU6va7JZS0hco0pCYAVNRAHWPxVknFBiFw56ReZobOlfIhJfVmsCJKjbtbzGAQAJfIfLF/Pt
KfUdoEFO4Mcc3bIS6nk=</ds:SignatureValue>
<ds:KeyInfo>
<wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/o
asis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="XWSSGID-1204264813119-674277
324">
<wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-2
00401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-o
pen.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdenti
fier">dVE29ysyFW/iD1la3ddePzM6IWo=</wsse:KeyIdentifier>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
</S:Header>
<S:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssec
urity-utility-1.0.xsd" wsu:Id="XWSSGID-1204264813119847920932">
<xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="XWSSGID-1
204264813139-1712609121" Type="http://www.w3.org/2001/04/xmlenc#Content">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc
"/>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/
oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:Reference URI="#XWSSGID-12042648131291256334627"/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>9FkOn1aCN6riUS2BUyvGRWMamS5CzEwRtB5fW9TQldCa/IjPKprBK8BbLL8qNm
o0vG/MDy7GOSQC
4zoBAhibmYRUOKksd1LwwXMaVYTyWzG1qDokK1woaef7kag6WayXvgSecvzY5NWBHwt7ZTHyNcaV
5j/ORnnnztdIvtkogm7tB2NYw7tuJiVrRL7h6VaCTs9N08KGq6c9fsXvDHo1ddMUeiUIAnJDoPFq
1i6o+1lRS7/Yd09MVZoCloAy9cDlk7J0ovHsl2JCrRI/4ccrMC8GF6Q6XtPioyEbE4WiTzJIsLCo
QniTe120bBZhmutvU1Txwg/du7W2txObrtb4jyrZJ/nLB4iCZTcB1Y0ExfM=</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</S:Body>
</S:Envelope>
==== Received Message End ====

Result = Hello!!! TOM WITMER
-------------------------------------

So you can actually see that a Username Password was sent as well as the Message
was Signed and Encrypted. Actually the content of the usernametoken has also
been encrypted to protect the confidentiality of the password.

When i get some time i promise to Tidy up the sample but otherwise things do
work. The overloaded use of BindingProivider.USERNAME_PROPERTY and
PASSWORD_PROPERTY was a mistake (since they are meant for BASIC-AUTH). So we
have since deprecated the use of these properties in Metro for WS-Security
Purposes. For the purpose of this sample the properties are being read by the
ClientSecurityEnvironmentHandler.java so you can easily replace them by setting
your own properties in the Client code and then read those properties in the
ClientSecurityEnvironmentHandler.


jbarnum added a comment - 29/Feb/08 04:39 AM

Thanks very much for taking the time to respond to that. I never got past those errors in the initial build,
especially because the sample code did not look like it did what I needed.