macromedia.coldfusion.advanced_techniques
[Top] [All Lists]

ColdFusion failed security in invoking a WebSphere web service hosted in

Subject: ColdFusion failed security in invoking a WebSphere web service hosted in WebSphere
From: "lxz20"
Date: Wed, 11 Jun 2008 13:29:27 +0000 UTC
Newsgroups: macromedia.coldfusion.advanced_techniques

Hello,

 I tried to call a web service hosted in a IBM WebSphere server, but could not 
pass WebSphere's security framework.  After some talking with the guys in the 
WebSphere side, I'm not sure whether this is possible in ColdFusion because 
they ask for a <wsse:UsernameToken> in the SOAP envelope header.  We did some 
testing, and they confirmed that ColdFusion could talk to the web service, by 
could not pass security validation.  Would someone help me here?  Must it be 
done in Java?

 Here is my calling syntax in ColdFusion:

 <cfinvoke webservice="https://WebServiceURL?wsdl"; method="myMethod" 
username="myUserName" password="myPassword" returnVariable="ReturnCode">
   <cfinvokeargument name="ParaName" value="ParameterValue">
 </cfinvoke>    

 The web service is locked down, so the calling client must issue a SOAP 
message containing VALID security extensions:

 <soapenv:Envelope
   xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";
   xmlns:ws="http://somedomain"; 
   xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/07/secext";>

   <soapenv:Header>
     <wsse:Security>
       <wsse:UsernameToken>
         <wsse:Username>U:external:myUserName</wsse:Username>
         <wsse:Password>myPassword</wsse:Password>
       </wsse:UsernameToken>
     </wsse:Security>
   </soapenv:Header>
   <soapenv:Body>
       ... REMOVED as this depends on your individual SOAP service
   </soapenv:Body>
 </soapenv:Envelope>

 Here is the error msg:

   AxisFault
     faultCode: 
{http://schemas.xmlsoap.org/ws/2003/06/secext}FailedAuthentication
     faultSubcode: 
     faultString: WSEC5075E: No security token found which satisfies any one of 
AuthMethods.
     faultActor: 
     faultNode: 
     faultDetail: 
        {http://xml.apache.org/axis/}stackTrace:WSEC5075E: No security token 
found 
which satisfies any one of AuthMethods.
        at 
org.apache.axis.message.SOAPFaultBuilder.createFault(SOAPFaultBuilder.java:221)
        at org.apache.axis


 Larry


<Prev in Thread] Current Thread [Next in Thread>