Hi all !

I would like to call a simple webservice wich require usernameToken authentication. The request must contain a ws-security header as follows :

<soapenv:Envelope xmlns:soapenv=“http://schemas.xmlsoap.org/soap/envelope/” xmlns:hel=“http://helloservice.test.fr/” xmlns:wsse=“http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd”>
soapenv:Header
wsse:Security
wsse:UsernameToken
wsse:Usernameadmin</wsse:Username>
wsse:Passwordadmin</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>

…

</soapenv:Envelope>

I’m able to call that webservice only if :
I set my consumer’s “Pre-8.2 compatibility mode” property to true,
and I add a WS Security handler with a “Consumer policy for username”.

I would like to make the same thing by attaching a policy and thus setting “Pre-8.2 compatibility mode” property to false.

Here is the policy file I have used :

<wsp:Policy wsu:Id=“Username_Token” Name=“Username and Password”
xmlns:wsp=“Web Services Policy Framework (WS-Policy) and Web Services Policy Attachment (WS-PolicyAttachment)”
xmlns:wsu=“http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd”>
wsp:ExactlyOne
wsp:All
<sp:SupportingTokens xmlns:sp=“…”>
wsp:Policy
<sp:UsernameToken sp:IncludeToken=“…/IncludeToken/AlwaysToRecipient” >
wsp:policy
sp:WssUsernameToken10/
</wsp:policy>
</sp:UsernameToken>
</wsp:Policy>
</sp:SupportingTokens>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>

It doesn’t work and I get this error :
org.apache.axis2.AxisFault: Error in getting password for user “admin”

The service works when I use debug mode (i.e using restorePipelineFromFile), but not when calling the provider using soapUI.

Deleting the attached policy to my consumer, I get the classic com.sun.xml.wss.XWSSecurityException. So I thinck my policy file is correct.

Does someone has an idea to correct the problem ?
Could someone provide me a working example of this use case ?

Thancks.