Announcement Announcement Module
No announcement yet.
Spring-WS security Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Spring-WS security


    I am trying to implement Spring-WS security using Plain Text Username Authentication mechanism.

    I have got my security policy file defined as follows
    <xwss:SecurityConfiguration dumpMessages="false" xmlns:xwss="">
    <xwss:RequireUsernameToken passwordDigestRequired="false" nonceRequired="false"/>

    And I am using .SimplePasswordValidationCallbackHandler
    on the servier side.

    I have my WSDL coming up that means it is working fine. If it I try to Invoke it through SOAPUI it comes back with the following response

    <soapenv:Envelope xmlns:soapenv="">
    <faultstring xml:lang="en">XwsSecurityInterceptor requires a SaajSoapMessage. Use a SaajSoapMessageFactory to create the SOAP messages.</faultstring>

    I know I am not passing any security credentials through SOAPUI since I do not know how to configure that.

    Alternatively I have written my own client using WebServiceGatewaySupport class. But I still get the same message from my own client too.

    I know I am doing something wrong. Could somebody direct me to the proper example where I can get some assistance.

    I have already wasted lot of time on this, I kindly request to help me get out of this.

    Also for your reference I have my client configuration below

    Client security policy file
    <?xml version="1.0" encoding="UTF-8"?>

    <beans xmlns=""

    <bean id="test" class="com.SecuredClient">
    <property name="defaultUri" value="http://localhost:9080/services/services.wsdl" />
    <property name="marshaller" ref="marshaller" />
    <property name="unmarshaller" ref="marshaller" />
    <property name="interceptors">
    <ref bean="wsSecurityInterceptor"/>

    <bean id="marshaller" class="org.springframework.oxm.jaxb.Jaxb2Marshalle r">
    <property name="contextPath" value="com.schema" />

    <bean id="wsSecurityInterceptor" class=" wsSecurityInterceptor">
    <property name="secureResponse" value="true"/>
    <property name="policyConfiguration" value="classpath:wss-client-config.xml"/>
    <property name="callbackHandler">
    <bean id="passwordValidationHandler"
    class=" allback.SimplePasswordValidationCallbackHandler">
    <property name="users">
    <prop key="test">test123</prop>


    And my client java code is

    public class SecuredClient extends WebServiceGatewaySupport{

    public void invokeService(Request request) {
    getWebServiceTemplate().marshalSendAndReceive(requ est);
    }catch(Exception ex){