Discussions

XML & Web services: WS Security Username Token Issue with Weblogic

  1. Hi, I am trying to implement WS-Security (Username Token) on web services deployed on Weblogic Server 8.1 (sp4). The deployment works fine but whenever I try to invoke the service using auto generated client stub (created using clientgen) or weblogic server console (service test page) , I get the following error: Failed to create web service client:java.rmi.RemoteException: SOAP Fault:javax.xml.rpc.soap.SOAPFaultException: Exception during processing: java.lang.AssertionError: Bad password type: wsse:PasswordText (see Fault Detail for stacktrace) Detail: java.lang.AssertionError: Bad password type: wsse:PasswordText at weblogic.xml.security.wsse.v200207.UsernameTokenImpl.(UsernameTokenImpl.java:64) at weblogic.xml.security.wsse.v200207.SecurityElementFactoryImpl.createToken(SecurityElementFactoryImpl.java:59) at weblogic.webservice.core.handler.WSSEClientHandler.processSpecs(WSSEClientHandler.java:300) at weblogic.webservice.core.handler.WSSEClientHandler.handleRequest(WSSEClientHandler.java:100) at weblogic.webservice.core.HandlerChainImpl.handleRequest(HandlerChainImpl.java:143) at weblogic.webservice.core.ClientDispatcher.send(ClientDispatcher.java:231) at weblogic.webservice.core.ClientDispatcher.dispatch(ClientDispatcher.java:143) at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:457) at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:443) at weblogic.webservice.core.rpc.StubImpl._invoke(StubImpl.java:303) at com.cts.sipservices.implementation.client.MrmPartyServiceImplementationPort_Stub.getParty(MrmPartyServiceImplementationPort_Stub.java:46) at com.cts.sipservicesclient.client.SecureClient.(SecureClient.java:76) at com.cts.sipservicesclient.client.SecureClient.main(SecureClient.java:38) ; nested exception is: javax.xml.rpc.soap.SOAPFaultException: Exception during processing: java.lang.AssertionError: Bad password type: wsse:PasswordText (see Fault Detail for stacktrace) This is the ‘security’ tag of my ‘web-services.xml’: It would be really helpful if any of you can point out what I am doing wrong. Thanks Subhajit
  2. Hi. The value for password type is not correct. Ok values can be found in WSSEConstants (for example WSSEConstants.PASSWORDTYPE_PASSWORDDIGEST). I think there is a bug in the weblogic UsernameTokenImpl class, the password type is not assigned correctly in the constructor ( if(WSSEConstants.PASSWORDTYPE_PASSWORDDIGEST.equals(s2)) s2 = WSSEConstants.PASSWORDTYPE_PASSWORDDIGEST; else if(WSSEConstants.PASSWORDTYPE_PASSWORDTEXT.equal (s2)) passwordType = WSSEConstants.PASSWORDTYPE_PASSWORDTEXT; ) br Svante Kumlien