Looks like there is a bug of sorts in JDeveloper's (11.1.1.3) "Create Client Proxy from Web Service Annotations" option, if you are using WS-Security policies.
It seems the WSDL it generates before creating the proxy code does NOT include the WS-Security policy information. Adding attachToWsdl=true in the Policy annotation does not help either.
This causes the client to not send security policy tokens (even if you set the UNTCredentialProvider info), resulting in this error message:
"Error on verifying message against security policy Error code:1000"
So if you are using JDeveloper to create a secured Web Service you will not be able right-click your Web Service and generate a client proxy. Instead, you will need run the Web Service in Web Logic, get the URL for your WSDL, ie: http://localhost:7101/context/webservice?WSDL.
This version of the WSDL correctly includes the policy information. Then you can use the File->New menu in jdeveloper to create your Client Proxy, providing that WSDL URL instead of the one JDeveloper tries to create from the annotations.
In my case, I was using the Wssp1.2-2007-Https-UsernameToken-Plain policy. So I also needed to enable SSL on the built in Web Logic instance. This was done by logging into the console (http://localhost:7101/console, weblogic/weblogic1 is the default logon), then navigating to the server SSL options and enabling the SSL port.
Then in my client code, I needed to make sure the web logic Dummy cert was trusted, that was done by setting this system property:
System.setProperty("weblogic.security.TrustKeyStore","DemoTrust");
That allowed me to pass the weblogic/weblogic1 username to the webservice for authentication.
Next up, figuring out how to configure Web Logic, or the Web Service to authenticate the username/password against OID....
Wednesday, December 1, 2010
Subscribe to:
Posts (Atom)
