Announcement Announcement Module
Collapse
No announcement yet.
Problem configuring WS-Security for my web service. Help needed. Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Problem configuring WS-Security for my web service. Help needed.

    Hi All,

    I have been trying to configure username based authentication for my web service using Spring Security Manager. The problem that I am facing is that now whatever SOAP request I send(with credentials in the SOAP header), I end up getting "HTTP/1.1 401 Unauthorized". I am wondering if I am missing something in the SOAP request header?

    I am using mule esb version 2.2.0 and spring version 2.2.5.

    Following is my springcontext-mule.xml -

    ************************************************** *****************

    <?xml version="1.0" encoding="UTF-8"?>
    <mule xmlns="http://www.mulesource.org/schema/mule/core/2.2"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:spring="http://www.springframework.org/schema/beans"
    xmlns:http="http://www.mulesource.org/schema/mule/http/2.2"
    xmlns:mule-ss="http://www.mulesource.org/schema/mule/spring-security/2.2"
    xmlns:ss="http://www.springframework.org/schema/security"
    xsi:schemaLocation="
    http://www.springframework.org/schema/beans http://www.springframework.org/schem...-beans-2.5.xsd
    http://www.mulesource.org/schema/mule/core/2.2 http://www.mulesource.org/schema/mule/core/2.2/mule.xsd
    http://www.mulesource.org/schema/mule/http/2.2 http://www.mulesource.org/schema/mul.../mule-http.xsd
    http://www.mulesource.org/schema/mul...g-security/2.2
    http://www.mulesource.org/schema/mul...g-security.xsd
    http://www.springframework.org/schema/security
    http://www.springframework.org/schema/security/spring-security-2.0.xsd">

    <mule-ss:security-manager>
    <mule-ss:delegate-security-provider name="memory-provider" delegate-ref="authenticationManager" />
    </mule-ss:security-manager>
    <spring:beans>
    <ss:authentication-manager alias="authenticationManager" />

    <ss:authentication-provider>
    <ss:user-service id="userService">
    <ss:user name="ross" password="ross" authorities="" />
    <ss:user name="anon" password="anon" authorities="" />
    </ss:user-service>
    </ss:authentication-provider>

    </spring:beans>

    <http:connector name="HttpConnector" enableCookies="true" keepAlive="true"/>
    <!--<spring:beans>
    <spring:import resource="classpath*:META-INF/springcontext-*.xml" />
    </spring:beans>
    -->
    <model name="servicesa">
    <service name="ProductCatalogService">
    <inbound>
    <inbound-endpoint address="http://localhost:65082/servicesa/ProductCatalogService">

    <mule-ss:http-security-filter realm="mule-realm"/>
    </inbound-endpoint>
    </inbound>
    <component>
    <singleton-object class="example.catalog.ProductCatalogServiceImpl"/>
    <!-- <spring-object bean="productCatalogService" /> -->
    </component>


    </service>
    </model>


    </mule>
    ************************************************** **************



    And the soap request I am sending is -


    ************************************************** ****************



    <soapenv:Envelope xmlns:cat="http://catalog.example/" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">

    <soapenv:Header>
    <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">

    <wsse:UsernameToken wsu:Id="UsernameToken-1" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">

    <wsse:Username>ross</wsse:Username>
    <wsse:Password Type="PasswordText">ross</wsse:Password>

    </wsse:UsernameToken>
    </wsse:Security>

    </soapenv:Header>

    <soapenv:Body>
    <cat:listProducts/>
    </soapenv:Body>
    </soapenv:Envelope>

    ************************************************** **************


    If I remove the http-security-filter from my service inbound endpoint and send a soap request without credentials in the header, then the service works perfectly fine. I don't know what am I missing here??

    Any help is much appreciated.


    Thanks and Regards,
    Abhijeet
Working...
X