• Post Reply Bookmark Topic Watch Topic
  • New Topic

BinarySecurityToken java Web Service client issue - in trouble in my work  RSS feed

 
Oscar Rugama
Greenhorn
Posts: 14
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi all,

I have came here after two weeks trying to develop a Web Service client, and I will try to explain in detail my problem

Best way is to start from the top to the botton. First of all sorry for my English because my mattern language is Spanish.

Top (literally how the provider has sent the info to me in English):

I have to call a Web Service with a request like this one:


What I have highlighted in yellow is what the provider call "Security Token" and here you have what exactly the provider says.

1. You should provide a request as the one above
2. Security Token (what I have highlighted) is taken from another Web Service which you should authenticate through certificate (this Web service was done by me and working fine as I´m getting correctly the SecurityToken as String)

My first try was to develop the soap request and added the header with the Security token, obviusly I got exactly the same soap message as the one provided by the provider, but even that it didn´t work.

My way to did it

//securityToken parameter is the String got from the Web Service which provide it as the authentication
// it´s something like RXJyb3IgaXNzRqluZyBhdXRoAz50aWNhdG4vbi20b2tlbg== (this value is dummy as I have change it but lenght is the same)
private static void crearFirmaCabecera(LtdCompanySearchStub stub, String securityToken){


I develop the client with Axis2 and tried to use Rampart, but it´s not possible to use Rampart for that Web Service.

So I tried to develop the client with JaxWs and trying to develop BinarySecurityToken with CXF and no success.

For sure I´m becoming crazy with this issue.

Could someone point how to solve it.

I´m getting a 401 Unauthorized message when reaching the Web Service

Thanks
Kind regards,
 
Arun Kumarr
Ranch Hand
Posts: 662
Eclipse IDE Java Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Quick suggestion. Try using tools like SOAPUI and copy paste the XML along with the security token and test if it is working fine?
Secondly, with whatever userid and password you are authenticating and obtaining the Security token, does it have enough access/authorization rights to access the final webservice.
Thirdly, assuming everything is fine, for what time window is the token valid? Say if you are obtaining the token at 13:00:00 hrs and token is valid only for that call and you make a call to your target service at 13:00:10, it is possible that the token has expired.

 
Oscar Rugama
Greenhorn
Posts: 14
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Arun Kumarr wrote:Quick suggestion. Try using tools like SOAPUI and copy paste the XML along with the security token and test if it is working fine?
Secondly, with whatever userid and password you are authenticating and obtaining the Security token, does it have enough access/authorization rights to access the final webservice.
Thirdly, assuming everything is fine, for what time window is the token valid? Say if you are obtaining the token at 13:00:00 hrs and token is valid only for that call and you make a call to your target service at 13:00:10, it is possible that the token has expired.



Thanks for your quick response, let me answer your points.

1. I tried with SOAP UI pasting the xml generated which includes the token got from another web service, it failed same error 401 Unauthorized
2. To get a token from authenticator web service I only have to access through a digital cetificate only, I don´t need user nor pass, and provider has checked I have all right to access the Web Service I´m calling with my token.
3. I checked about token expired with provider and because I´m working on provider´s development environment I´m getting always the same token so in development the token is allways valid.

Today I have tried to do interceptor with CXF wss4j and no successful at all

Thanks

 
Oscar Rugama
Greenhorn
Posts: 14
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Oscar Rugama wrote:
Arun Kumarr wrote:Quick suggestion. Try using tools like SOAPUI and copy paste the XML along with the security token and test if it is working fine?
Secondly, with whatever userid and password you are authenticating and obtaining the Security token, does it have enough access/authorization rights to access the final webservice.
Thirdly, assuming everything is fine, for what time window is the token valid? Say if you are obtaining the token at 13:00:00 hrs and token is valid only for that call and you make a call to your target service at 13:00:10, it is possible that the token has expired.



Thanks for your quick response, let me answer your points.

1. I tried with SOAP UI pasting the xml generated which includes the token got from another web service, it failed same error 401 Unauthorized
2. To get a token from authenticator web service I only have to access through a digital cetificate only, I don´t need user nor pass, and provider has checked I have all right to access the Web Service I´m calling with my token.
3. I checked about token expired with provider and because I´m working on provider´s development environment I´m getting always the same token so in development the token is allways valid.

Today I have tried to do interceptor with CXF wss4j and no successful at all

Thanks




Hi

I will try to add more info about what I done today.

I have followed this example today http://www.codeproject.com/Articles/867391/JAX-WS-Using-Apache-CXF-to-Create-a-Bottom-Up-Web, obviously only the client side.

I used CXF 2.7.15 + JDK 7 and created a Java Project

My main class



My ClientPasswordCallback



My crypto.properties



This example throws a org.apache.cxf.binding.soap.SoapFault: Security processing failed

I know I´m far from solution because what I need is to put the token got from another Web Service, I´m very confused about all realted to ws-security and I´m worried about my work because of not solving this issue for the company.

Should I add manually the binaryToken to the header?

I have checkec CXF ws-security and no reach a conclusion.

I found a lot of examples of username and pass token but in fact I didn´t found examples for binarysecuritytoken without Spring.

Any help will be welcomed

thanks
 
Arun Kumarr
Ranch Hand
Posts: 662
Eclipse IDE Java Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
"1. I tried with SOAP UI pasting the xml generated which includes the token got from another web service, it failed same error 401 Unauthorized"
-- If you have done this and still getting error (assuming your XML is as specified), then definitely the issue is not at your end. It is outside your code and to do with the token you obtained or the target website.
Try asking for sample Code to test their web service and compare it with your XML.
 
Oscar Rugama
Greenhorn
Posts: 14
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Arun Kumarr wrote:"1. I tried with SOAP UI pasting the xml generated which includes the token got from another web service, it failed same error 401 Unauthorized"
-- If you have done this and still getting error (assuming your XML is as specified), then definitely the issue is not at your end. It is outside your code and to do with the token you obtained or the target website.
Try asking for sample Code to test their web service and compare it with your XML.


Thank you

I asked two weeks ago a request example and it was exactly the same as mine, so I guess provider is not saying me everything.

I have asked the provider two hours ago that something is not going well so I need them to provide me exactly if I have to encrypt sign or whatever.

Thank you very much and I will come back with any news
 
Arun Kumarr
Ranch Hand
Posts: 662
Eclipse IDE Java Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Also, just a food for thought. Are you sure the 401 message is coming from your target service and not from any intermittent server (say, your local company proxy)?
 
Oscar Rugama
Greenhorn
Posts: 14
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Arun Kumarr wrote:Also, just a food for thought. Are you sure the 401 message is coming from your target service and not from any intermittent server (say, your local company proxy)?


For sure it´s not my company proxy because when you don´t authenticate in company proxy always send a personal message with the company within it, so sure it´s not proxy as I have developed several web Services but never any one of this kind

Thank you very much
 
Oscar Rugama
Greenhorn
Posts: 14
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi all,

At the end the problem wasn´t mine, it was provider problem at server.

I got angry after trying several ways to call the web service and I called provider and after having a hard discussion, the provider looked for "something" and they found the error.

Now working perfect!! Thanks for all of you

But I only have one problem, using cxf I call the provider´s web service and works fine I get an object wth all the fields so perfect, but I need the xml which is within the soap response body.

I mean I want that xml in order to apply a xslt and provide a htlm page.

Does anyone have any idea on how to retrieve xml soap body using apache cxf as I´m using now?

Your help is much appreciated

Thanks
Kind regards
 
Arun Kumarr
Ranch Hand
Posts: 662
Eclipse IDE Java Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
1. You can add custom interceptors. (Preferred approach)
2. You can also use the loggingoutinterceptor (but first check if it is reading the xml coming out).
 
Oscar Rugama
Greenhorn
Posts: 14
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Arun Kumarr wrote:1. You can add custom interceptors. (Preferred approach)
2. You can also use the loggingoutinterceptor (but first check if it is reading the xml coming out).


Thank you very much, I will try and come back with any result.

I have default interceptor which pretty print request and response, I´ll try first point as recommended by you

Thanks
Regards
 
Oscar Rugama
Greenhorn
Posts: 14
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Oscar Rugama wrote:
Arun Kumarr wrote:1. You can add custom interceptors. (Preferred approach)
2. You can also use the loggingoutinterceptor (but first check if it is reading the xml coming out).


Thank you very much, I will try and come back with any result.

I have default interceptor which pretty print request and response, I´ll try first point as recommended by you

Thanks
Regards


Hi,

I want to share my solution which works perfect

The interceptor



and then using it in code




It works perfect, thank you for pointing me, and I only have my last question about this.

If I want to do the following:

Each time I call the Provider´s Web Service I want do the following

One entry in one table within database to keep

id (sequence)
date (date I called web service)
clob (whole xml taken from Soap body as I performed in my code put above)
field1
....
fieldn (field1 - field n are some fields taken from the response when the call is transformed into Java objects)

What happens to me it´s I´m a bit confussed because this is the first interceptor I develop.

In the interceptor for instance I can store the id, the date and the clob but at this phase I don´t have the java objects so I don´t know how to keep the id which is unique to be passed to my main class so after having the java objetcs I can extract the fields I need to be kept, those are field1 to fieldn.

Any idea please? I guess is last question

Thank you
Kind regards
 
Oscar Rugama
Greenhorn
Posts: 14
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Oscar Rugama wrote:
Oscar Rugama wrote:
Arun Kumarr wrote:1. You can add custom interceptors. (Preferred approach)
2. You can also use the loggingoutinterceptor (but first check if it is reading the xml coming out).


Thank you very much, I will try and come back with any result.

I have default interceptor which pretty print request and response, I´ll try first point as recommended by you

Thanks
Regards


Hi,

I want to share my solution which works perfect

The interceptor



and then using it in code




It works perfect, thank you for pointing me, and I only have my last question about this.

If I want to do the following:

Each time I call the Provider´s Web Service I want do the following

One entry in one table within database to keep

id (sequence)
date (date I called web service)
clob (whole xml taken from Soap body as I performed in my code put above)
field1
....
fieldn (field1 - field n are some fields taken from the response when the call is transformed into Java objects)

What happens to me it´s I´m a bit confussed because this is the first interceptor I develop.

In the interceptor for instance I can store the id, the date and the clob but at this phase I don´t have the java objects so I don´t know how to keep the id which is unique to be passed to my main class so after having the java objetcs I can extract the fields I need to be kept, those are field1 to fieldn.

Any idea please? I guess is last question

Thank you
Kind regards



Hi all

I guess I solved it

Please find my solution here

The interceptor



I have added




And then in my main thread



And that´s how I pass my body as String

Thank you Arun Kumarr for pointing me in the right way, I was very worried about this issue because having tested many frameworks and solutions the only valid for the provider was cxf

Kind regards

 
Don't get me started about those stupid light bulbs.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!