Forum Discussion

destin's avatar
destin
14 years ago

Support for no password in Username Token

Hi,

This is my first post here so I would like to thank for this great tool I use almost everyday.

Coming back to the subject, I often use web services secured that require username token without password. If I don't type password in Project View -> Security Configurations -> Outgoing Security Configurations -> my security configuration -> Username in Password field I get nasty exception:

Tue Sep 14 09:45:57 CEST 2010:ERROR:java.lang.IllegalArgumentException: pwd == null but a password is needed
java.lang.IllegalArgumentException: pwd == null but a password is needed
at org.apache.ws.security.message.token.UsernameToken.setPassword(UsernameToken.java:435)
at org.apache.ws.security.message.WSSecUsernameToken.prepare(WSSecUsernameToken.java:171)
at org.apache.ws.security.message.WSSecUsernameToken.build(WSSecUsernameToken.java:226)
at com.eviware.soapui.impl.wsdl.support.wss.entries.AddUsernameEntry.process(AddUsernameEntry.java:90)
at com.eviware.soapui.impl.wsdl.support.wss.OutgoingWss.processOutgoing(OutgoingWss.java:157)
at com.eviware.soapui.impl.wsdl.submit.filters.WssRequestFilter.filterWsdlRequest(WssRequestFilter.java:58)
...

It comes from the fact that wss4j expects to pass a password if passwordType is PASSWORD_TEXT. But wss4j enables to pass null
when no password is needed
. Then no Password element is added to the token.

So I propose to add new option to Password Type combo - NoPassword. I implemented this in the attached patch.

I would be greatful if you could add NoPassword option to the SoapUI. This could help me a great deal and supposedly a few other developers.

6 Replies

Sort By
    • nmrao's avatar
      nmrao
      Champion Level 3
      7 years ago
      Can you please elaborate your question please? what version of software are you using? Are you using basic authentication?
      • kishorereddy84's avatar
        kishorereddy84
        New Contributor
        7 years ago

        HI,

         

        I am using soap UI 5.0.0 and 5.3.0.

         

        What am i trying to do:-

         

        --Setting up outgoing_wss configuration for usernametoken

        --but usernametoken will not have password which is restriction.

        --After configuring usernametoken without a password,when i try to get this token into the request i am getting an error "pwd == null but a password is needed".

         

         

    • groovyguy's avatar
      groovyguy
      Champion Level 1
      7 years ago

      kishorereddy84: For future reference, you may want to try starting your own thread instead of replying to one that is almost seven years old. It may get you better visibility and you can explain your own specifics. 

  • richman555's avatar
    richman555
    New Contributor
    7 years ago

    I have the same issue.  The endpoints I am working against validates that there should be no password element passed in the security headers.   I am surprised this hasn't been fixed yet. It is a reason my company doesn't use SOAP UI for web service testing.

     

    I have been able to get this working creating my own SOAP Client using Spring WS and WSS4J.    It would be wonderful if I could use SOAP UI could add support for this same thing.

     

    Using Spring WS and WSS4J this gets implemented as -

     

        <bean id="wsSecurityUserNameToken" class="org.springframework.ws.soap.security.wss4j.Wss4jSecurityInterceptor">
        <property name="securementActions" value="UsernameToken"/>
        <property name="securementUsername" value="TestUserName1"/>
        <property name="securementPassword" value=""/>
        <property name="securementPasswordType" value="PasswordNone>
        <property name="securementTimeToLive" value="300>
        <property name="futureTimeToLive" value="60>
    </bean>