Apache CXF - javax.xml.ws.soap.SOAPFaultException: No security action was defined

Question

Despite I have set the username, password, action, and WS Security Password Type (which is PasswordText), getting this exception when I try to call a service of the web service: No security action was defined. The web service I try to communicate uses Basic Authentication with using PasswordText WS Security Password Type.

Here is what I have tried:

    Map<String, Object> ctx = ((BindingProvider) basicHttpBindingIDeneme).getRequestContext();
    ctx.put("ws-security.username", USERNAME);
    ctx.put("ws-security.password", PASSWORD);

    Map<String,Object> inProps = new HashMap<String,Object>();
    inProps.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT);
    inProps.put(WSHandlerConstants.ACTION, "UsernameToken");
    WSS4JInInterceptor wssIn = new WSS4JInInterceptor(inProps);

    org.apache.cxf.endpoint.Client client = ClientProxy.getClient(basicHttpBindingIDeneme);
    org.apache.cxf.endpoint.Endpoint cxfEndpoint = client.getEndpoint();
    cxfEndpoint.getInInterceptors().add(wssIn);

    Map<String,Object> outProps = new HashMap<String,Object>();
    // how to configure the properties is outlined below;

    WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(outProps);
    cxfEndpoint.getOutInterceptors().add(wssOut);

What else do I need to configure in order to define security action?

p.s. Using Apache CXF 3.1.12 which is the latest version available.

Answer 1

Did you add the security interceptor to bean.xml?

<bean id="securityInterceptor" class="...BasicAuthAuthorizationInterceptor">
</bean>

    <jaxrs:server id="..." address="/">
        <jaxrs:serviceBeans>
            <ref bean="bean" />
        </jaxrs:serviceBeans>

        <jaxrs:inInterceptors>
            <ref bean="securityInterceptor" />
        </jaxrs:inInterceptors>

    </jaxrs:server>

Answer 2

The problem in the code is that you are trying to invoke a webservice and the properties you add are getting set in the WSS4JInInterceptor instead of setting them in the WSS4JOutInterceptor.

The properties should be defined similar to this.

 Map<String, Object> outProps = new HashMap<String, Object>();
            outProps.put("action", "UsernameToken");
            outProps.put("user", "yourUser");
            outProps.put("passwordCallbackClass","com.example.PasswordCallback");

You can find a full code example here.