To view SOAP messages containing security elements in the server.log file, set the parameter dumpMessages=true in the file domain-dir/config/wss-server-config.xml, and then restart the server.
The section of the wss-server-config.xml file that needs to be modified to enable this is as shown below:
<xwss:SecurityConfiguration xmlns:xwss="http://com.sun.xml.wss.configuration" useTimestamps="true" dumpMessages="true">
After you have enabled SOAP messages in the server.log file, you can verify if the username-password token is enabled by checking the domain-dir/logs/server.log file for the tag <wsse:UsernamePassword>. The following selection of code is similar to what you might see in the server.log file, with the UsernameToken tag.
<?xml version="1.0" encoding="UTF-8"?> <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:enc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:ns0="http://tax.org/wsdl" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" env:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" > <env:Header> <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/ 01/oasis-200401-wss-wssecurity-secext-1.0.xsd" env:mustUnderstand="1"> <wsse:UsernameToken> <wsse:Username>j2ee</wsse:Username> <wsse:Password Type="http://docs.oasis-open.org/wss/2004/ 01/oasis-200401-wss-username-token-profile-1.0#PasswordText">j2ee </wsse:Password> </wsse:UsernameToken> <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/ 01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <wsu:Created>2004-08-22T09:07:58Z</wsu:Created> </wsu:Timestamp> </wsse:Security> </env:Header> <env:Body> <ns0:getStateTax> <double_1 xsi:type="xsd:double">85000.0</double_1> <double_2 xsi:type="xsd:double">5000.0</double_2> </ns0:getStateTax> </env:Body> </env:Envelope>