tekknow tekknow - 1 month ago 17
Java Question

com.sun.xml.ws.client.ClientTransportException: request requires HTTP authentication: Unauthorized

I am trying to access a remote web service. Am able to get good response from curl like this:

curl -X POST -H "Content-Type: text/xml" -k -H "SOAPAction:getUserActivity" --data @testFile.dat https://esp-int.my.company.com:443/UsageService/13.11


But from java get error:

com.sun.xml.ws.client.ClientTransportException: request requires HTTP authentication: Unauthorized


Java sets up the security part of the request like this:

String SECURITY_NAMESPACE = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
QName securityQName = new QName(SECURITY_NAMESPACE, "Security");
SOAPElement security = soapFactory.createElement(securityQName);
QName usernameTokenQName = new QName(SECURITY_NAMESPACE, "UsernameToken");
SOAPElement usernameToken = soapFactory.createElement(usernameTokenQName);
QName usernameQName = new QName(SECURITY_NAMESPACE, "Username");
SOAPElement theUsername = soapFactory.createElement(usernameQName);
theUsername.addTextNode(username);
QName passwordQName = new QName(SECURITY_NAMESPACE, "Password");
SOAPElement thePassword = soapFactory.createElement(passwordQName);
thePassword.addTextNode(password);
usernameToken.addChildElement(theUsername);
usernameToken.addChildElement(thePassword);
security.addChildElement(usernameToken);


where username and password are the same as what's in testFile.dat.

security part of testFile.dat request is:

<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsu:Timestamp>
<wsu:Created>2016-02-19T16:36:21Z</wsu:Created>
<wsu:Expires>2016-02-19T16:41:21Z</wsu:Expires>
</wsu:Timestamp>
<wsse:UsernameToken>
<wsse:Username>username</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password</wsse:Password>
<wsu:Created>2016-02-19T16:36:21Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>


Any suggestions?

Answer

I had to add the following 2 lines when they changed the endpoint of their web service

QName pwdTypeQName = new QName("Type");
thePassword.addAttribute(pwdTypeQName, "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText");
Comments