Sun Java System Application Server Platform Edition 8.1 2005Q2 Update 2 Developer's Guide

Monitoring Message Security

To view SOAP messages containing security elements in the server.log file, set the parameter dumpMessages=true in the file domain-dir/config/wss-server-config.xml, and then restart the server.

The section of the wss-server-config.xml file that needs to be modified to enable this is as shown below:

<xwss:SecurityConfiguration
    xmlns:xwss="http://com.sun.xml.wss.configuration"
    useTimestamps="true"
    dumpMessages="true">

After you have enabled SOAP messages in the server.log file, you can verify if the username-password token is enabled by checking the domain-dir/logs/server.log file for the tag <wsse:UsernamePassword>. The following selection of code is similar to what you might see in the server.log file, with the UsernameToken tag.

<?xml version="1.0" encoding="UTF-8"?>
<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" 
xmlns:enc="http://schemas.xmlsoap.org/soap/encoding/" 
xmlns:ns0="http://tax.org/wsdl" 
xmlns:xsd="http://www.w3.org/2001/XMLSchema" 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
env:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" >
<env:Header>
  <wsse:Security   xmlns:wsse="http://docs.oasis-open.org/wss/2004/
    01/oasis-200401-wss-wssecurity-secext-1.0.xsd" env:mustUnderstand="1">
    <wsse:UsernameToken>
      <wsse:Username>j2ee</wsse:Username>
      <wsse:Password Type="http://docs.oasis-open.org/wss/2004/
      01/oasis-200401-wss-username-token-profile-1.0#PasswordText">j2ee
      </wsse:Password>
    </wsse:UsernameToken>
    <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/
      01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
      <wsu:Created>2004-08-22T09:07:58Z</wsu:Created>
    </wsu:Timestamp>
    </wsse:Security>
      </env:Header>
      <env:Body>
        <ns0:getStateTax>
        <double_1 xsi:type="xsd:double">85000.0</double_1>
        <double_2 xsi:type="xsd:double">5000.0</double_2>
        </ns0:getStateTax>
      </env:Body>
</env:Envelope>