The header was successfully formed manually from Java code while using no policy:
stub._getServiceClient().addHeader(createRequestHeader());
The createRequestHeader has the following code:
// Defines some namespace and URL constants
String WS_SEC_NS = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
String WS_SOAP_URL = "http://schemas.xmlsoap.org/soap/envelope/";
SOAPFactory soapFact = OMAbstractFactory.getSOAP12Factory();
// namespace objects creation
OMNamespace ns = soapFact.createOMNamespace(WS_SEC_NS, "wsse");
OMNamespace nsu = soapFact.createOMNamespace(WS_SEC_NS, "wsu");
OMNamespace nsoap = soapFact.createOMNamespace(WS_SOAP_URL, "soap");
// Header definition and sub elements
SOAPHeaderBlock wssHeader = soapFact.createSOAPHeaderBlock("Security", ns);
wssHeader.addAttribute("mustUnderstand", "1", nsoap);
OMElement timeStampElement = soapFact.createOMElement("Timestamp", nsu);
// add random UUID as security ID
timeStampElement.addAttribute("Id", "Timestamp-" + UUID.randomUUID(), nsu);
// sub elements of timestamp
OMElement expires = soapFact.createOMElement("Expires", nsu);
Calendar cal = Calendar.getInstance();
// expiry period is now + 5 minutes
cal.add(Calendar.MINUTE, 5);
expires.setText(String.valueOf(new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'").format(cal.getTime())));
OMElement created = soapFact.createOMElement("Created", nsu);
created.setText(String.valueOf(new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'").format(new Date())));
OMElement usernameToken = soapFact.createOMElement("UsernameToken", ns);
// add random UUID as security token ID
usernameToken.addAttribute("Id", "SecurityToken-" + UUID.randomUUID(), nsu);
// sub elements of username token
OMElement username = soapFact.createOMElement("Username", ns);
username.setText(user);
OMElement password = soapFact.createOMElement("Password", ns);
password.setText(this.password);
password.addAttribute(WSConstants.PASSWORD_TYPE_ATTR, WSConstants.PASSWORD_TEXT, null);
OMElement nonce = soapFact.createOMElement("Nonce", ns);
// fill the nonce as a random encoded UUID
nonce.setText(HashUtils.createEncodedUUID());
OMElement createdUser = soapFact.createOMElement("Created", nsu);
createdUser.setText(String.valueOf(new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'").format(new Date())));
// adding sub elements
usernameToken.addChild(username);
usernameToken.addChild(password);
usernameToken.addChild(nonce);
usernameToken.addChild(createdUser);
timeStampElement.addChild(created);
timeStampElement.addChild(expires);
wssHeader.addChild(timeStampElement);
wssHeader.addChild(usernameToken);
And the following method is used for hash:
public static String createEncodedUUID()
{
log.trace("Enter Method createEncodedUUID");
String randomId = String.valueOf(UUID.randomUUID());
MessageDigest md = null;
String result = "";
try
{
md = MessageDigest.getInstance("SHA1");
md.update(randomId.getBytes());
byte[] byteNonce = md.digest();
result = String.valueOf(Base64.encodeBase64(byteNonce));
}
catch(NoSuchAlgorithmException e)
{
log.error("NoSuchAlgorithmException. Error calling createEncodedUUID.", e);
}
log.trace("Return Method createEncodedUUID. Result: {}", result);
return result;
}
