I'm using CXF to to communicate with a WSDL made in WCF. The WCF side of things was created following a tutorial. The Java code has been generated using a Maven script.
I have gotten things working using HTTPS for encryption. I have gotten authentication working. However, I would like to have the WSDL metadata turned off on the WCF side and still be able to use the Java side to talk to the service.
Currently, I can access the service with metadata publishing on from the Java side using this code:
URL wsdlLocation = new URL("https://server.com:7010/Hservice?wsdl");
HttpsURLConnection connection = (HttpsURLConnection) wsdlLocation.openConnection();
HService service = new HService(wsdlLocation);
HAdminService calc = service.getHAdminService();
... (authentication using WSS4JOutInterceptor code and unrelated code here)
System.out.println(calc.add(new Double(5), new Double(5)));
However, when I turn off metadata publishing on the WCF side I get this error:
Exception in thread "main" javax.xml.ws.WebServiceException:
org.apache.cxf.service.factory.ServiceConstructionException: Failed to create service.
at org.apache.cxf.jaxws.ServiceImpl.<init>(ServiceImpl.java:149)
at org.apache.cxf.jaxws.spi.ProviderImpl.createServiceDelegate(ProviderImpl.java:90)
at javax.xml.ws.Service.<init>(Service.java:56)
at com.blah.hservice.v_1_0.HService.<init>(HService.java:49)
at Main.main(Main.java:85)`
The page the wsdl is on displays this with metadata publishing turned off (this is an excerpt):
This is a Windows© Communication Foundation service.
Metadata publishing for this service is currently disabled.
If you have access to the service, you can enable metadata publishing by completing the following steps to modify your web or application configuration file:
I expected to be able to search "CXF metadata unpublished" and see lots of people doing this...but have not found anything. How do I communicate with this service without the WSDL being published?
You really have two options:
Copy the wsdl locally and point the client at the local wsdl. This is likely the "best" option as it makes sure all the information in the wsdl (like policies and such) is used.
Use "null" for the wsdl location (note: not JAX-WS portable). You will need to call service.addPort(....) after creating the service and before calling getHAdminService to add the port with the appropriate binding and endpoint address. CXF can work most of the time without the WSDL (will internally generate what is needed from the annotations). However, if things like policies are defined in the WSDL, then it cannot.
I got this to work with Client code I generated using CXF 2.6.5
Make sure the QName(first argument) matches the QName the getHAdminService() method references. The bindingId(second argument) should be one of the constants defined in SOAPBinding Interface (javax.xml.ws.soap.SOAPBinding).
Related
Last year I made JAX-WS client for a web service in this link
This webservice use a STS service to get SAML token and use it to access main webservice. I use wsdl2java of apache cxf to generate JAX-WS client for this webservice. Everything was just fine.
Recently they have updated their STS service endpoint. This new STS service endpoint. Which has different signature and digest algorithm. It has some extra element in request body.
I tried to modify current code so that it support new STS service. But my code is sending same RequestSecurityToken request.I mean it does not adopt for new requirement. I tried to adopt this but I could not do that.
New STS service required http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 as new signature method and http://www.w3.org/2001/04/xmlenc#sha256 as new digest algorithm. Plus it required following element in request body:
<tr:ActAs xmlns:tr="http://docs.oasis-open.org/ws-sx/ws-trust/200802">
<v13:RelationshipToken xmlns:v13="http://vanguard.business.gov.au/2016/03" ID="1bc9a44e-dccd-49e2-8f29-40d7b1257325">
<v13:Relationship v13:Type="OSPfor">
<v13:Attribute v13:Name="SSID" v13:Value="1234567895"/>
</v13:Relationship>
<v13:FirstParty v13:Scheme="uri://abr.gov.au/ABN" v13:Value="27809366375"/>
<v13:SecondParty v13:Scheme="uri://abr.gov.au/ABN" v13:Value="89567587874"/>
</v13:RelationshipToken>
</tr:ActAs>
Plus there are minor differences here. I have two ways now I think:
If I can change old code to STS client send request with those value. which I tried and not succeeded.
They provide some code which support fetching SAML assertion token and proof token from STS client. If I can put SAML assertion token into my JAX-WS client directly then this problem is also solved.
Any help or suggestion will be appreciated to us
The SHA-256 digest algorithm is normally set by using an AlgorithmSuite policy that requires it (e.g. Basic256Sha256). I see in the policy they are still using "Basic256" however. CXF allows you to configure RSA-SHA256 via some configuration properties (see for example 'ws-security.asymmetric.signature.algorithm' here http://cxf.apache.org/docs/ws-securitypolicy.html). You can set ActAs Object/Element on the STSClient directly.
I was receiving "An error occurred when verifying security for the message". Two changes that I had to make to resolve this while using Metro 2.3.1 -
In the STS wsdl, need to mention the signature algorithm like this ---
sp:AlgorithmSuite signatureAlgorithm="SHA256withRSA"
In the USI wsdl, need to change the AlgorithmSuite to Basic256 from Basic256Sha256Rsa15
From a colleague I have received a WSDL file that describes the web service he is offering, and which I am supposed to call from my code. I would now like to do two things:
1) Implement the client
2) Have a stub server that I can use for testing, until I have access to the real server.
What I tried is the following:
wsimport -clientjar foo.jar foo.wsdl
This gives me a jar file that contains the Datatype that will contain the data to be posted to the web service, and also an ObjectFactory. I guess I will have to use it as follows:
TestDataType testDataType = new TestDataType();
testDataType.setFoo("foo");
testDataType.setBar("bar");
ObjectFactory objectFactory = new ObjectFactory();
JAXBElement<TestDatatype> request = objectFactory.createTestRequest(testDatatype);
Now how do I send this request?
Also a class TestDemoService annotated with #WebServiceClient has been generated. How do I run this class?
Any advice is highly appreciated.
You've created the client. To use this client you need to set the endpoint(if not already set) and call the service using the generated api.
This site should be a good reference.
Using wsimport
I am building Java application for Online Web Services and let's call it application A . I got the WSDL file form the second party so I can communicate with their application and let's call it application B.
From the WSDL file I generate the Java classes needed which are Requests and Responses classes. Application A will send some request object after setting the needed parameters and excepting response object from application B.
The connection is established and both applications A and B are communicating with each other.
Question:
From application A how can I get the xml data(file or text) for the request object before sending it to application B?
As described the connection is done by passing Java object as request and I know that in some point this request will be converted to xml file. How to get it?
--- EDIT ----
Important Information is missing that may cause confusion.
I am generated the Java Classed have been generated using Axis framework
I don't have much reputation to post a comment, so here is my answer: If you aren't yet using some framework use Apache CXF, If you want to capture the request before sending it application , you can either use cxf interceptors there are some inbuilt interceptors which can do this or you can create a custom interceptor with correct phase ( e.g. post marshal)
The problem is solved by adding the following statements in the bindingStub class that has been auto generated from the WSDL file for the web-services you are trying to access.
String request = _call.getMessageContext().getRequestMessage().getSOAPPartAsString();
String response = _call.getMessageContext().getResponseMessage().getSOAPPartAsString();
These statements should be placed after the following method call _call.invoke otherwise you will get NullPointerException .
_call is a variable of type org.apache.axis.client.Cal and it is auto generated by Axis
I am trying to generate the client code from a WSDL.
I need to work on the Jdeveloper 10g IDE.
I generated client code from WSDL using the inbuilt tool Oracle JAX-WS 2.1.5.
For a particular WSDL this tool is generating around 122 java classes that does not include the Locator class. While running the code, I get a class not found exception for WebServiceLocator class.
However, when I am using Apache Axis 1.4 ( Eclipse IDE ), it is generating 63 java classes and it also includes the WebServiceLocator class, but this is not generating all the required methods that are needed for authentication, though ,Oracle JAX-WS 2.1.5. is generating those methods.
I tried merging the java classes generated from Eclipse into Jdeveloper, but then I am getting a lot of errors related to method signatures.
Is there some particular reason why these two different tools are generating different client codes, and none of them complete?
This is probably a bit late, but for those running into the same issues, this might be helpful.
If you really want to use Axis 1.x authentication is done on your client class as follows:
MyLocator bindingService = new MyLocator();
bindingService .setPortEndPointAddress(myEndpoint);
MyPort port= bindingService.getMyPort();
((Stub)port)._setProperty(Stub.USERNAME_PROPERTY, myUsername);
((Stub)port)._setProperty(Stub.PASSWORD_PROPERTY, mPassword);
//Perform your query here
I would personally use JAX-WS. Use wsimport to generate the stubs (SOAPUI has a nice plug-in to simplify this). For authentication on a JAX-WS client its easiest to save the wsdl locally and export it as part of the jar then load it in the client. This removes the need for HTTP authorization required to access the wsdl in the first place.
URL myWsdlUrl = getClass().getClassLoader().getResource("wsdl/myWsdlFile.wsdl");
MyService service = new MyService(myWsdlUrl , new QName("uri", "localpart"));
myPort port= service .getPort();
BindingProvider bp= ((BindingProvider)vPort);
bp.getRequestContext().put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, myEndPoint);
bp.getRequestContext().put(BindingProvider.USERNAME_PROPERTY, myUsername);
bp.getRequestContext().put(BindingProvider.PASSWORD_PROPERTY, myPassword);
//Perform query here
I need to call a web service with a java client.
This service authenticates clients through certificates at the message level (Ws-Security, not SSL).
It should be possible since, I can generate web services with JAX-WS with mutual certificate security in this dialog.
But I don't manage to create a client. Does anyone has an idea ?
I did not tried it myself, but from http://download.oracle.com/docs/cd/E17802_01/webservices/webservices/docs/2.0/tutorial/doc/ :
Configuring Message Security Using XWSS
The Application Server contains all of the JAR files necessary to use XWS-Security for securing JAX-WS applications, however, in order to view the sample applications, you must download and install the standalone Java WSDP bundle. You can download the Java WSDP from http://java.sun.com/webservices/downloads/webservicespack.html.
To add message security to an existing JAX-WS application using XWSS, follow these steps on the client side:
Create a client security configuration. The client security configuration file specifies the order and type of message security operations that will be used for the client application. For example, a simple security configuration to perform a digital signature operation looks like this:
<xwss:Sign id="s" includeTimestamp="true">
<xwss:X509Token encodingType="http://docs.oasis-
open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
valueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-
x509-token-profile-1.0#X509SubjectKeyIdentifier"
certificateAlias="xws-security-client"
keyReferenceType="Identifier"/>
</xwss:Sign>
</xwss:SecurityConfiguration>
</xwss:Service>
<xwss:SecurityEnvironmentHandler>
simple.client.SecurityEnvironmentHandler
</xwss:SecurityEnvironmentHandler>
For more information on writing and understanding security configurations and setting up SecurityEnvironmentHandlers, please see the Java Web Services Developer Pack 1.6 Tutorial at http://java.sun.com/webservices/docs/1.6/tutorial/doc/index.html.
In your client code, create an XWSSecurityConfiguration object initialized with the security configuration generated. Here is an example of the code that you would use in your client file. For an example of a complete file that uses this code, look at the example client in the \jaxws2.0\simple-doclit\src\simple\client\ directory.
FileInputStream f = new FileInputStream("./etc/client_security_config.xml");
XWSSecurityConfiguration config = SecurityConfigurationFactory.newXWSSecurityConfiguration(f);
Set security configuration information on the RequestContext by using the XWSSecurityConfiguration.MESSAGE_SECURITY_CONFIGURATION property. For an example of a complete file that uses this code, look at the example client in the \jaxws2.0\simple-doclit\src\simple\client\ directory.
// put the security config info
((BindingProvider)stub).getRequestContext().put(
XWSSecurityConfiguration.MESSAGE_SECURITY_CONFIGURATION,
config);
Invoke the method on the stub as you would if you were writing the client without regard to adding XWS-Security. The example for the application from the \jaxws2.0\simple-doclit\src\simple\client\ directory is as shown below:
Holder<String> hold = new Holder("Hello !");
stub.ping(ticket, hold);