I'm trying to add an UsernameToken wss header to my ws Client. The client implements javax.xml.ws.Service and has been generated through WSDL2Java CFX 3.1.4
Since the wsdl contains
<wsp:Policy xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy" wsu:Id="UsernameTokenPolicy">
<sp:UsernameToken>
<wsp:Policy>
<sp:WssUsernameToken10/>
<sp:HashPassword/>
</wsp:Policy>
</sp:UsernameToken>
</wsp:Policy>
Usernametoken header must be added. Searching a bit I've found out that this is simple as
((BindingProvider)soapClient).getRequestContext().put("ws-security.username", usr);
((BindingProvider)soapClient).getRequestContext().put("ws-security.password", psw);
By the way when I try to perform a call I get the following error:
These policy alternatives can not be satisfied:
{http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}UsernameToken: Password hashing policy not enforced
Any advice? Thank you.
P.S. I've already checked for similar post in stack overflow, but if I try a differente approach like the one suggested here I got a different error:
Interceptor for XXXX has thrown exception, unwinding now
org.apache.cxf.ws.policy.PolicyException: No username available
As the cxf-documentation states
From Apache CXF 3.1.0, the WS-SecurityPolicy and the XML Security (JAX-RS) components in CXF share a common set of configuration tags.
So you shouldn't use ws-security.username and ws-security.password but security.username and security.password
Also be sure that cxf-rt-ws-policy and cxf-rt-ws-security modules are available on the classpath so ws-policy will automatically be enabled, thus taking care of hashing the password, i.e. calculate the correct password digest.