Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.

Dismiss

Running WebService using already authenticated user

1 view

Skip to first unread message

Alain St-Pierre

unread,

Oct 7, 2004, 11:58:14 AM10/7/04

Hi,

I am using as a base, the Avitek Medical Records application.

I log into the patient web app, by using the username "la...@celtics.com". I can see with that the Security subject has been created with that principal.

Then I go to another web app, in another ear: Physician. From there I sent the username to the WebService in order that WebService run with the Subject of that already logged in user.

My problem is: it does not accept only a username, with NO password.

QUESTION: Is there a way to run a WebService using the username if that user is already logged in the realm, without re-authenticating him.

---------------------------
Here is an excerpt of my web service client code:

..webservice client {
WebServiceSession session = serviceContext.getSession();
UserInfo ui = new UserInfo(bup);
session.setAttribute(WSSEClientHandler.REQUEST_USERINFO, ui);

// Add the username token to the SOAP header.
SecurityElementFactory factory = SecurityElementFactory.getDefaultFactory();
Security security = factory.createSecurity(null);
security.addToken(ui);
session.setAttribute(WSSEClientHandler.REQUEST_SECURITY, security);
}

------------------------------

Here is an excerpt of my WebService server method, in order to see under which Principal it is run:

..webserviceMethod() {
javax.security.auth.Subject subject = Security.getCurrentSubject();
logger.info("WebService Subject =" + SubjectUtils.displaySubject(subject));
logger.info("WebService Subject username=" + SubjectUtils.getUsername(subject));
}

---------------------------------
RESULTS 1

If I do NOT have any <security> branch in my web-services.xml, here is the exception I get:
---------------------------------

Got a Web Service Request at URL: '/ws_medrec/MedRecWebServices' for web service 'null'
Got a Web Service Request at URL: '/MedRecWebServices' for web service 'MedRecWebServices'
INFO [10:48:08] (PhysicianSessionEJB.java:setSessionContext:68) - Client W.S. - Active BUP used to login to remote WebService: la...@celtics.com
INFO [10:48:08] (PhysicianSessionEJB.java:searchPatientsByLastNameWild:250) - By wildcard last name.

URL : http://localhost:7001/ws_medrec/MedRecWebServices
Headers :

<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"
xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<env:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
env:mustUnderstand="1">
<wsse:UsernameToken xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="Id-oKOBR7i21PQ9mvvOSj5lFtKH">
<wsse:Username xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">la...@celtics.com</wsse:Username>
</wsse:UsernameToken>
</wsse:Security>
</env:Header>
<env:Body env:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
<m:findPatientByLastNameWild xmlns:m="http://tempuri.org/">
<lastName xsi:type="xsd:string">Couples</lastName>
</m:findPatientByLastNameWild>
</env:Body>
</env:Envelope>

<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"
xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<env:Body>
<env:Fault>
<faultcode>env:Server</faultcode>
<faultstring>Exception during processing: javax.xml.soap.SOAPException: Unable to handle mustUnderstand header: wsse:Security (see Fault Detail for stacktrace)</faultstring>
<detail>
<bea_fault:stacktrace xmlns:bea_fault="http://www.bea.com/servers/wls70/webservice/fault/1.0.0">javax.xml.soap.SOAPException: Unable to handle mustUnderstand header: wsse:Security
at weblogic.webservice.core.DefaultMessage.checkMustUnderstand(DefaultMessage.java:415)
at weblogic.webservice.core.DefaultMessage.implicitHeaderToJava(DefaultMessage.java:374)
at weblogic.webservice.core.DefaultMessage.toJava(DefaultMessage.java:436)
at weblogic.webservice.core.handler.InvokeHandler.handleRequest(InvokeHandler.java:93)
at weblogic.webservice.core.HandlerChainImpl.handleRequest(HandlerChainImpl.java:143)
at weblogic.webservice.core.DefaultOperation.process(DefaultOperation.java:535)
at weblogic.webservice.server.Dispatcher.process(Dispatcher.java:204)
at weblogic.webservice.server.Dispatcher.doDispatch(Dispatcher.java:176)
at weblogic.webservice.server.Dispatcher.dispatch(Dispatcher.java:96)
at weblogic.webservice.server.WebServiceManager.dispatch(WebServiceManager.java:98)
at weblogic.webservice.server.servlet.WebServiceServlet.serverSideInvoke(WebServiceServlet.java:297)
at weblogic.webservice.server.servlet.ServletBase.doPost(ServletBase.java:485)
at weblogic.webservice.server.servlet.WebServiceServlet.doPost(WebServiceServlet.java:267)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at weblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run(ServletStubImpl.java:996)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:419)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:315)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:6452)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:118)
at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:3661)
at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2630)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:219)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:178)
</bea_fault:stacktrace>
</detail>
</env:Fault>
</env:Body>
</env:Envelope>
URL : http://localhost:7001/ws_medrec/MedRecWebServices
Response Code :500
Headers :
Date=Thu, 07 Oct 2004 14:48:08 GMT
Server=WebLogic Server 8.1 SP3 Tue Jun 29 23:11:19 PDT 2004 404973
Content-Length=2817
Content-Type=text/xml
Connection=Keep-Alive
Envelope :
<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsd="http://ww
w.w3.org/2001/XMLSchema"><env:Body><env:Fault><faultcode>env:Server</faultcode><faultstring>Exception during processing: javax.xml.soap.SOAPException: Unable to handle mustUnderstand header: wsse:Secu
rity (see Fault Detail for stacktrace)</faultstring><detail><bea_fault:stacktrace xmlns:bea_fault="http://www.bea.com/servers/wls70/webservice/fault/1.0.0">javax.xml.soap.SOAPException: Unable to hand
le mustUnderstand header: wsse:Security
at weblogic.webservice.core.DefaultMessage.checkMustUnderstand(DefaultMessage.java:415)
at weblogic.webservice.core.DefaultMessage.implicitHeaderToJava(DefaultMessage.java:374)
at weblogic.webservice.core.DefaultMessage.toJava(DefaultMessage.java:436)
at weblogic.webservice.core.handler.InvokeHandler.handleRequest(InvokeHandler.java:93)
at weblogic.webservice.core.HandlerChainImpl.handleRequest(HandlerChainImpl.java:143)
at weblogic.webservice.core.DefaultOperation.process(DefaultOperation.java:535)
at weblogic.webservice.server.Dispatcher.process(Dispatcher.java:204)
at weblogic.webservice.server.Dispatcher.doDispatch(Dispatcher.java:176)
at weblogic.webservice.server.Dispatcher.dispatch(Dispatcher.java:96)
at weblogic.webservice.server.WebServiceManager.dispatch(WebServiceManager.java:98)
at weblogic.webservice.server.servlet.WebServiceServlet.serverSideInvoke(WebServiceServlet.java:297)
at weblogic.webservice.server.servlet.ServletBase.doPost(ServletBase.java:485)
at weblogic.webservice.server.servlet.WebServiceServlet.doPost(WebServiceServlet.java:267)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at weblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run(ServletStubImpl.java:996)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:419)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:315)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:6452)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:118)
at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:3661)
at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2630)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:219)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:178)
</bea_fault:stacktrace></detail></env:Fault></env:Body></env:Envelope>

ERROR [10:48:08] (PhysicianSessionEJB.java:searchPatientsByLastNameWild:272) - SOAP Fault:javax.xml.rpc.soap.SOAPFaultException: Exception during processing: javax.xml.soap.SOAPException: Unable to ha
ndle mustUnderstand header: wsse:Security (see Fault Detail for stacktrace)
Detail:
<detail>
<bea_fault:stacktrace xmlns:bea_fault="http://www.bea.com/servers/wls70/webservice/fault/1.0.0">javax.xml.soap.SOAPException: Unable to handle mustUnderstand header: wsse:Security
at weblogic.webservice.core.DefaultMessage.checkMustUnderstand(DefaultMessage.java:415)
at weblogic.webservice.core.DefaultMessage.implicitHeaderToJava(DefaultMessage.java:374)
at weblogic.webservice.core.DefaultMessage.toJava(DefaultMessage.java:436)
at weblogic.webservice.core.handler.InvokeHandler.handleRequest(InvokeHandler.java:93)
at weblogic.webservice.core.HandlerChainImpl.handleRequest(HandlerChainImpl.java:143)
at weblogic.webservice.core.DefaultOperation.process(DefaultOperation.java:535)
at weblogic.webservice.server.Dispatcher.process(Dispatcher.java:204)
at weblogic.webservice.server.Dispatcher.doDispatch(Dispatcher.java:176)
at weblogic.webservice.server.Dispatcher.dispatch(Dispatcher.java:96)
at weblogic.webservice.server.WebServiceManager.dispatch(WebServiceManager.java:98)
at weblogic.webservice.server.servlet.WebServiceServlet.serverSideInvoke(WebServiceServlet.java:297)
at weblogic.webservice.server.servlet.ServletBase.doPost(ServletBase.java:485)
at weblogic.webservice.server.servlet.WebServiceServlet.doPost(WebServiceServlet.java:267)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at weblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run(ServletStubImpl.java:996)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:419)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:315)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:6452)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:118)
at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:3661)
at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2630)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:219)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:178)
</bea_fault:stacktrace>
</detail>; nested exception is:
javax.xml.rpc.soap.SOAPFaultException: Exception during processing: javax.xml.soap.SOAPException: Unable to handle mustUnderstand header: wsse:Security (see Fault Detail for stacktrace)
java.rmi.RemoteException: SOAP Fault:javax.xml.rpc.soap.SOAPFaultException: Exception during processing: javax.xml.soap.SOAPException: Unable to handle mustUnderstand header: wsse:Security (see Fault
Detail for stacktrace)
Detail:
<detail>
<bea_fault:stacktrace xmlns:bea_fault="http://www.bea.com/servers/wls70/webservice/fault/1.0.0">javax.xml.soap.SOAPException: Unable to handle mustUnderstand header: wsse:Security
at weblogic.webservice.core.DefaultMessage.checkMustUnderstand(DefaultMessage.java:415)
at weblogic.webservice.core.DefaultMessage.implicitHeaderToJava(DefaultMessage.java:374)
at weblogic.webservice.core.DefaultMessage.toJava(DefaultMessage.java:436)
at weblogic.webservice.core.handler.InvokeHandler.handleRequest(InvokeHandler.java:93)
at weblogic.webservice.core.HandlerChainImpl.handleRequest(HandlerChainImpl.java:143)
at weblogic.webservice.core.DefaultOperation.process(DefaultOperation.java:535)
at weblogic.webservice.server.Dispatcher.process(Dispatcher.java:204)
at weblogic.webservice.server.Dispatcher.doDispatch(Dispatcher.java:176)
at weblogic.webservice.server.Dispatcher.dispatch(Dispatcher.java:96)
at weblogic.webservice.server.WebServiceManager.dispatch(WebServiceManager.java:98)
at weblogic.webservice.server.servlet.WebServiceServlet.serverSideInvoke(WebServiceServlet.java:297)
at weblogic.webservice.server.servlet.ServletBase.doPost(ServletBase.java:485)
at weblogic.webservice.server.servlet.WebServiceServlet.doPost(WebServiceServlet.java:267)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at weblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run(ServletStubImpl.java:996)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:419)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:315)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:6452)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:118)
at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:3661)
at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2630)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:219)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:178)
</bea_fault:stacktrace>
</detail>; nested exception is:
javax.xml.rpc.soap.SOAPFaultException: Exception during processing: javax.xml.soap.SOAPException: Unable to handle mustUnderstand header: wsse:Security (see Fault Detail for stacktrace)
at com.bea.medrec.webservices.MedRecWebServicesPort_Stub.findPatientByLastNameWild(MedRecWebServicesPort_Stub.java:87)
at com.bea.medrec.controller.PhysicianSessionEJB.searchPatientsByLastNameWild(PhysicianSessionEJB.java:260)
at com.bea.medrec.controller.PhysicianSessionEJB.searchPatients(PhysicianSessionEJB.java:225)
at com.bea.medrec.controller.PhysicianSessionEJB_n7enxc_EOImpl.searchPatients(PhysicianSessionEJB_n7enxc_EOImpl.java:254)
at com.bea.medrec.actions.SearchResultsAction.processSearch(SearchResultsAction.java:117)
at com.bea.medrec.actions.SearchResultsAction.search(SearchResultsAction.java:88)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at org.apache.struts.actions.DispatchAction.dispatchMethod(DispatchAction.java:280)

at org.apache.struts.actions.LookupDispatchAction.execute(LookupDispatchAction.java:252)
at com.bea.medrec.actions.BaseLookupDispatchAction.execute(BaseLookupDispatchAction.java:59)
at com.bea.medrec.actions.PhysBaseLookupDispatchAction.execute(PhysBaseLookupDispatchAction.java:50)
at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:484)
at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:274)
at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1482)
at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:525)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at weblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run(ServletStubImpl.java:996)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:419)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:28)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:27)
at com.bea.medrec.filters.RequestEncodingFilter.doFilter(RequestEncodingFilter.java:44)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:27)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:6458)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:118)
at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:3661)
at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2630)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:219)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:178)
Caused by: javax.xml.rpc.soap.SOAPFaultException: Exception during processing: javax.xml.soap.SOAPException: Unable to handle mustUnderstand header: wsse:Security (see Fault Detail for stacktrace)
at weblogic.webservice.core.ClientDispatcher.receive(ClientDispatcher.java:313)
at weblogic.webservice.core.ClientDispatcher.dispatch(ClientDispatcher.java:144)
at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:457)
at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:443)
at weblogic.webservice.core.rpc.StubImpl._invoke(StubImpl.java:290)
at com.bea.medrec.webservices.MedRecWebServicesPort_Stub.findPatientByLastNameWild(MedRecWebServicesPort_Stub.java:82)
... 32 more
ERROR [10:48:08] (BaseLookupDispatchAction.java:throwClientException:199) - EJB Exception: ; nested exception is:
javax.ejb.EJBException: nested exception is: java.rmi.RemoteException: SOAP Fault:javax.xml.rpc.soap.SOAPFaultException: Exception during processing: javax.xml.soap.SOAPException: Unable to ha
ndle mustUnderstand header: wsse:Security (see Fault Detail for stacktrace)
Detail:
<detail>
<bea_fault:stacktrace xmlns:bea_fault="http://www.bea.com/servers/wls70/webservice/fault/1.0.0">javax.xml.soap.SOAPException: Unable to handle mustUnderstand header: wsse:Security
at weblogic.webservice.core.DefaultMessage.checkMustUnderstand(DefaultMessage.java:415)
at weblogic.webservice.core.DefaultMessage.implicitHeaderToJava(DefaultMessage.java:374)
at weblogic.webservice.core.DefaultMessage.toJava(DefaultMessage.java:436)
at weblogic.webservice.core.handler.InvokeHandler.handleRequest(InvokeHandler.java:93)
at weblogic.webservice.core.HandlerChainImpl.handleRequest(HandlerChainImpl.java:143)
at weblogic.webservice.core.DefaultOperation.process(DefaultOperation.java:535)
at weblogic.webservice.server.Dispatcher.process(Dispatcher.java:204)
at weblogic.webservice.server.Dispatcher.doDispatch(Dispatcher.java:176)
at weblogic.webservice.server.Dispatcher.dispatch(Dispatcher.java:96)
at weblogic.webservice.server.WebServiceManager.dispatch(WebServiceManager.java:98)
at weblogic.webservice.server.servlet.WebServiceServlet.serverSideInvoke(WebServiceServlet.java:297)
at weblogic.webservice.server.servlet.ServletBase.doPost(ServletBase.java:485)
at weblogic.webservice.server.servlet.WebServiceServlet.doPost(WebServiceServlet.java:267)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at weblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run(ServletStubImpl.java:996)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:419)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:315)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:6452)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:118)
at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:3661)
at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2630)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:219)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:178)
</bea_fault:stacktrace>
</detail>; nested exception is:
javax.xml.rpc.soap.SOAPFaultException: Exception during processing: javax.xml.soap.SOAPException: Unable to handle mustUnderstand header: wsse:Security (see Fault Detail for stacktrace)
ERROR [10:48:08] (BaseLookupDispatchAction.java:handleException:219) - java.rmi.RemoteException: EJB Exception: ; nested exception is:
javax.ejb.EJBException: nested exception is: java.rmi.RemoteException: SOAP Fault:javax.xml.rpc.soap.SOAPFaultException: Exception during processing: javax.xml.soap.SOAPException: Unable to ha
ndle mustUnderstand header: wsse:Security (see Fault Detail for stacktrace)
Detail:
<detail>
<bea_fault:stacktrace xmlns:bea_fault="http://www.bea.com/servers/wls70/webservice/fault/1.0.0">javax.xml.soap.SOAPException: Unable to handle mustUnderstand header: wsse:Security
at weblogic.webservice.core.DefaultMessage.checkMustUnderstand(DefaultMessage.java:415)
at weblogic.webservice.core.DefaultMessage.implicitHeaderToJava(DefaultMessage.java:374)
at weblogic.webservice.core.DefaultMessage.toJava(DefaultMessage.java:436)
at weblogic.webservice.core.handler.InvokeHandler.handleRequest(InvokeHandler.java:93)
at weblogic.webservice.core.HandlerChainImpl.handleRequest(HandlerChainImpl.java:143)
at weblogic.webservice.core.DefaultOperation.process(DefaultOperation.java:535)
at weblogic.webservice.server.Dispatcher.process(Dispatcher.java:204)
at weblogic.webservice.server.Dispatcher.doDispatch(Dispatcher.java:176)
at weblogic.webservice.server.Dispatcher.dispatch(Dispatcher.java:96)
at weblogic.webservice.server.WebServiceManager.dispatch(WebServiceManager.java:98)
at weblogic.webservice.server.servlet.WebServiceServlet.serverSideInvoke(WebServiceServlet.java:297)
at weblogic.webservice.server.servlet.ServletBase.doPost(ServletBase.java:485)
at weblogic.webservice.server.servlet.WebServiceServlet.doPost(WebServiceServlet.java:267)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at weblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run(ServletStubImpl.java:996)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:419)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:315)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:6452)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:118)
at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:3661)
at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2630)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:219)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:178)
</bea_fault:stacktrace>
</detail>; nested exception is:
javax.xml.rpc.soap.SOAPFaultException: Exception during processing: javax.xml.soap.SOAPException: Unable to handle mustUnderstand header: wsse:Security (see Fault Detail for stacktrace)
INFO [10:48:08] (BaseLookupDispatchAction.java:handleException:221) - Redirect link: search.do

---------------------------------
RESULTS 2

If I DO have the following minimal <security> branch in my web-services.xml, here is the exception I get:

<security>
<spec:SecuritySpec xmlns:spec="http://www.openuri.org/2002/11/wsse/spec" spec:Namespace="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" spec:Id="default-spec"/>
</security>
---------------------------------

Got a Web Service Request at URL: '/ws_medrec/MedRecWebServices' for web service 'null'
Got a Web Service Request at URL: '/MedRecWebServices' for web service 'MedRecWebServices'
INFO [11:53:35] (PhysicianSessionEJB.java:setSessionContext:68) - Client W.S. - Active BUP used to login to remote WebService: la...@celtics.com
INFO [11:53:35] (PhysicianSessionEJB.java:searchPatientsByLastNameWild:250) - By wildcard last name.

URL : http://localhost:7001/ws_medrec/MedRecWebServices
Headers :

<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsd="http://ww
w.w3.org/2001/XMLSchema"><env:Header><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" env:mustUnderstand="1"><wsse:UsernameToken xmlns:wsu=
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Id-bnFSHAnkYUKUr4i8BsQbAx0s"><wsse:Username>la...@celtics.com</wsse:Username></wsse:UsernameToken></wsse:Se></env:Header><env:Body env:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><m:findPatientByLastNameWild xmlns:m="http://tempuri.org/"><lastName xsi:type="xsd:string">Couples</lastName></m:findPatientByLastNameWild></env:Body></env:Envelope>

Got a Web Service Request at URL: '/ws_medrec/MedRecWebServices' for web service 'null'
Got a Web Service Request at URL: '/MedRecWebServices' for web service 'MedRecWebServices'

URL : http://localhost:7001/ws_medrec/MedRecWebServices
Response Code :500
Headers :
Date=Thu, 07 Oct 2004 15:53:35 GMT
Server=WebLogic Server 8.1 SP3 Tue Jun 29 23:11:19 PDT 2004 404973
Content-Length=491
Content-Type=text/xml
Connection=Keep-Alive
Set-Cookie=JSESSIONID=Blm1Ncy2gmJKwhQm1Zn5x7zdn7xFRgYy12Jv1Y6p2l4FDxXkv0wL!407980274; path=/
Envelope :
<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsd="http://ww
w.w3.org/2001/XMLSchema"><env:Body><env:Fault xmlns:fault="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><faultcode>fault:InvalidSecurity</faultcode><faultstring>U
sernameToken did not contain a password</faultstring></env:Fault></env:Body></env:Envelope>

ERROR [11:53:35] (PhysicianSessionEJB.java:searchPatientsByLastNameWild:272) - SOAP Fault:javax.xml.rpc.soap.SOAPFaultException: UsernameToken did not contain a password
Detail:
null; nested exception is:
javax.xml.rpc.soap.SOAPFaultException: UsernameToken did not contain a password
java.rmi.RemoteException: SOAP Fault:javax.xml.rpc.soap.SOAPFaultException: UsernameToken did not contain a password
Detail:
null; nested exception is:
javax.xml.rpc.soap.SOAPFaultException: UsernameToken did not contain a password
at com.bea.medrec.webservices.MedRecWebServicesPort_Stub.findPatientByLastNameWild(MedRecWebServicesPort_Stub.java:87)
at com.bea.medrec.controller.PhysicianSessionEJB.searchPatientsByLastNameWild(PhysicianSessionEJB.java:260)
at com.bea.medrec.controller.PhysicianSessionEJB.searchPatients(PhysicianSessionEJB.java:225)
at com.bea.medrec.controller.PhysicianSessionEJB_n7enxc_EOImpl.searchPatients(PhysicianSessionEJB_n7enxc_EOImpl.java:254)
at com.bea.medrec.actions.SearchResultsAction.processSearch(SearchResultsAction.java:117)
at com.bea.medrec.actions.SearchResultsAction.search(SearchResultsAction.java:88)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at org.apache.struts.actions.DispatchAction.dispatchMethod(DispatchAction.java:280)
at org.apache.struts.actions.LookupDispatchAction.execute(LookupDispatchAction.java:252)
at com.bea.medrec.actions.BaseLookupDispatchAction.execute(BaseLookupDispatchAction.java:59)
at com.bea.medrec.actions.PhysBaseLookupDispatchAction.execute(PhysBaseLookupDispatchAction.java:50)
at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:484)
at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:274)
at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1482)
at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:525)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at weblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run(ServletStubImpl.java:996)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:419)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:28)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:27)
at com.bea.medrec.filters.RequestEncodingFilter.doFilter(RequestEncodingFilter.java:44)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:27)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:6458)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:118)
at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:3661)
at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2630)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:219)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:178)
Caused by: javax.xml.rpc.soap.SOAPFaultException: UsernameToken did not contain a password
at weblogic.webservice.core.ClientDispatcher.receive(ClientDispatcher.java:313)
at weblogic.webservice.core.ClientDispatcher.dispatch(ClientDispatcher.java:144)
at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:457)
at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:443)
at weblogic.webservice.core.rpc.StubImpl._invoke(StubImpl.java:290)
at com.bea.medrec.webservices.MedRecWebServicesPort_Stub.findPatientByLastNameWild(MedRecWebServicesPort_Stub.java:82)
... 32 more
ERROR [11:53:35] (BaseLookupDispatchAction.java:throwClientException:199) - EJB Exception: ; nested exception is:
javax.ejb.EJBException: nested exception is: java.rmi.RemoteException: SOAP Fault:javax.xml.rpc.soap.SOAPFaultException: UsernameToken did not contain a password
Detail:
null; nested exception is:
javax.xml.rpc.soap.SOAPFaultException: UsernameToken did not contain a password
ERROR [11:53:35] (BaseLookupDispatchAction.java:handleException:219) - java.rmi.RemoteException: EJB Exception: ; nested exception is:
javax.ejb.EJBException: nested exception is: java.rmi.RemoteException: SOAP Fault:javax.xml.rpc.soap.SOAPFaultException: UsernameToken did not contain a password
Detail:
null; nested exception is:
javax.xml.rpc.soap.SOAPFaultException: UsernameToken did not contain a password
INFO [11:53:35] (BaseLookupDispatchAction.java:handleException:221) - Redirect link: search.do

0 new messages