I'm using a fairly simple PAYLOAD level Dispatch client with some JAXB-generated objects:
Service service = Service.create(SERVICE_QNAME);
service.addPort(PORT_QNAME, SOAPBinding.SOAP11HTTP_BINDING, endpoint.toString());
JAXBContext context = JAXBContext.newInstance(HTNGPaymentCardProxyRQ.class, HTNGPaymentCardProxyRS.class);
Dispatch<Object> dispatch = service.createDispatch(PORT_QNAME, context, Service.Mode.PAYLOAD);
dispatch.getRequestContext().put(BindingProvider.SOAPACTION_URI_PROPERTY, WSA_ACTION);
dispatch.getRequestContext().put(BindingProvider.SOAPACTION_USE_PROPERTY, Boolean.TRUE);
HTNGPaymentCardProxyRQ request = new HTNGPaymentCardProxyRQ();
HTNGPaymentCardProxyRS response = (HTNGPaymentCardProxyRS) dispatch.invoke(request);
I have also defined a minimal wsit-client.xml file, similar to the one described here:
<?xml version="1.0" encoding="UTF-8"?>
<wsdl:definitions xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"
xmlns:wssc="http://schemas.sun.com/2006/03/wss/client"
xmlns:wspp="http://java.sun.com/xml/ns/wsit/policy"
xmlns:tns="http://htng.org/2009B"
targetNamespace="http://htng.org/2009B">
<wsp:Policy wsu:Id="UsernameToken">
<wsp:ExactlyOne>
<wsp:All>
<sp:SupportingTokens>
<wsp:Policy>
<sp:UsernameToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient" />
</wsp:Policy>
</sp:SupportingTokens>
<wssc:CallbackHandlerConfiguration wspp:visibility="private">
<wssc:CallbackHandler name="usernameHandler" classname="com.my.UserPassCallbackHandler" />
<wssc:CallbackHandler name="passwordHandler" classname="com.my.UserPassCallbackHandler" />
</wssc:CallbackHandlerConfiguration>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
<wsdl:portType name="SecureDataServicePortType" />
<wsdl:binding name="SecureDataServiceSoap11Binding" type="tns:SecureDataServicePortType">
<wsp:PolicyReference URI="#UsernameToken" />
</wsdl:binding>
<wsdl:service name="SecureDataService">
<wsdl:port name="SecureDataServiceHttpSoap11Endpoint" binding="tns:SecureDataServiceSoap11Binding" />
</wsdl:service>
</wsdl:definitions>
When my client is run, I can tell that the wsit-client.xml file is successfully parsed because I see the following in my Jetty console:
Nov 19, 2012 2:07:07 PM [com.sun.xml.ws.policy.parser.PolicyConfigParser] parse
INFO: WSP5018: Loaded WSIT configuration from file: file:/C:/workspace/my-war/target/my-war-1.0.0-SNAPSHOT/WEB-INF/classes/wsit-client.xml.
Additionally, I have verified with a debugger that a com.sun.xml.ws.client.PortInfo object is created and seems to have the proper assertions. However, when I run my client,
my UserPassCallbackHandler class is never invoked, and the WS-Security headers are not present in my outbound message.
I read here that this could be caused by sending a payload with the wrong namespace/element name; however, I have verified via Wireshark that the namespace of the body element is correct:
<?xml version='1.0' encoding='UTF-8'?>
<S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/">
<S:Body>
<HTNG_PaymentCardProxyRQ TimeStamp="2012-11-19T14:07:07.088-05:00" Version="1" xmlns="http://htng.org/2009B">
<POS>
<Source>
<RequestorID ID="Proxy" ID_Context="SourceTransaction" Type="1"/>
</Source>
</POS>
<PaymentCards>
<PaymentCard CardNumber="4111111111111111" ExpireDate="1015">
<CardHolderName>Herp Derp</CardHolderName>
<EncryptedTrackData>MTM1MzM1MjAyNzA5MQ==</EncryptedTrackData>
</PaymentCard>
</PaymentCards>
</HTNG_PaymentCardProxyRQ>
</S:Body>
</S:Envelope>
Furthermore, if I use the exact same wsit-client.xml file with a client stub generated by wsimport, my UserPassCallbackHandler is properly invoked. This leads me to believe that their may be some bug related to WSIT with a Dispatch client when using JAXB. Can anyone offer any suggestions? None of the WSIT client examples that I have seen use a Dispatch client + JAXB, so it is certainly possible that I have overlooked something important.