3 Replies Latest reply on Jan 8, 2013 8:25 AM by 870199

    jax-ws: dynamic proxy-suppress weblogic's default ws-policy handling

      hi all,

      i am writing my own jax-ws client (dynamic proxy) to call a web service, secured by usernametoken profile.
      the wsdl of the web service do include the ws-policy information.

      sample client side code:
      URL url = new URL("path_to_wsdl_file");
      QName serviceQname = new QName("http://model/", "CalculationService");
      Service service = Service.create(url, serviceQname);

      //add resolver and jax-ws handler to add username token SOAPElement fragment to the SOAP message.

      the above code runs fine in J2SE 6.0 environment (without any weblogic-specific library).

      but when i run the above code in a servlet (running in weblogic), the above code fails with the following error:
      Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: Unable to add security token for identity, token uri =http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#UsernameToken
      at com.sun.xml.ws.fault.SOAP11Fault.getProtocolException(SOAP11Fault.java:196)
      at com.sun.xml.ws.fault.SOAPFaultBuilder.createException(SOAPFaultBuilder.java:122)
      at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:119)
      at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:89)
      at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:118)
      at $Proxy23.add(Unknown Source)
      at client.ServiceLocator.main(ServiceLocator.java:32)

      it seems that the weblogic server will try to handle the ws-policy element (according to those in the wsdl), even though
      i have already added the username-token security header by my own code.

      As i don't add some weblogic-specific code (e.g. weblogic.wsee.security.unt.ClientUNTCredentialProvider), the web service call fails.

      is it possible to disable/suppress such behavior (weblogic runtime handle the ws-policy element) per web service call???

      (i don't want a server scope solution, as there may be other web service client running on the same weblogic server that rely on such behavior).

      i don't want to use weblogic's API (e.g. ClientUNTCredentialProvider) as i want my web service client be portable (username token is easy to be handled by my own code)

      thank you.