We are running the recommended manner in generating WS-Security headers to a remote web service. We have noticed that some of the WS calls being generated by our client are missing the necessary security headers. It is very strange behaviour. We generate around 50 calls a minute. Only about 25% of the requests contain the correct information, and hence the other 75% are denied by the remote web service. Every single request runs through the code below, which adds username and password details to the SOAP headers.
private void initialiseProxy() throws ParserConfigurationException {
proxy = getService().getPort(XX.class);
if (proxy == null) {
getLogger().warn("Failed to get proxy for web service");
return;
}
if (target.hasEndpointOverride()) {
((BindingProvider) proxy).getRequestContext()
.put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, target.getEndpoint());
}
WSBindingProvider bp = (WSBindingProvider) proxy;
bp.getRequestContext().put(WSBindingProvider.USERNAME_PROPERTY, getUserId());
bp.getRequestContext().put(WSBindingProvider.PASSWORD_PROPERTY, getPassword());
}
After thorough investigation, we are certain that there is absolutely no checked or unchecked exceptions being thrown in any of this code, and every single request seems to pass through the code ,yet the majority of the generated requests do NOT contain the username and password header details.
Any ideas?