I have implemented a Spring WS using XWSS for security. I have added a security configuration policy file into my application.
<xwss:SecurityConfiguration xmlns:xwss="http://java.sun.com/xml/ns/xwss/config"
dumpMessages="true">
<xwss:RequireTimestamp
id="tsp"
maxClockSkew="60"
timestampFreshnessLimit="300">
</xwss:RequireTimestamp>
<xwss:RequireUsernameToken
id="token"
passwordDigestRequired="false"
nonceRequired="false"/>
<xwss:Timestamp></xwss:Timestamp>
<xwss:UsernameToken
name="service"
password="service"
id="uToken"
digestPassword="true"
useNonce="true"/>
</xwss:SecurityConfiguration>
Now I am developing a client to access the WS. The security works fine. But I am unable to test the SUCCESS case in which the client can successfully get a response from my service. The problem is I don't know how to make my client send the usernametoken and timestamp along with the request. I am using NetBeans IDE and I am implementing a JAX-WS client to access the Spring WS using this tutorial.
Please let me know what needs to be done.
For Spring WSS there is not much difference between adding a security header to the ingoing soap messages or to the outgoing ones. The process is very similar.
In both cases, you should create a interceptor for adding the security header. It is described here. So, if you create the WS client using Spring you should not have problems, especially if you have already developed the server side, but the tutorial you referenced doesn't look like using Spring for implementing the client.