• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

How to add the security header in SOAP request?

 
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi everyone,

I've been trying to search the web for solutions but I can't seem to get the security header <wsse:security> with the username and password to be included in the request (to a 3rd party WSDL). There's no security header defined in the WSDL and I want to avoid modifying the WSDL. I'm using JAX-WS and I've tried the following for the username and password:

HelloService service = new HelloService();
Hello proxy = (service.getHelloPort());
((BindingProvider)proxy).getRequestContext().put(BindingProvider.USERNAME_PROPERTY, "userfoo");
((BindingProvider)proxy).getRequestContext().put(BindingProvider.PASSWORD_PROPERTY, "passbar");

This doesn't seem to do the trick. I've read that Rampart/Axis2 has the ability to add the header. Should I switch to Axis2 or is there another workaround?

Thanks in advance for your input.
 
Edwin Tailor
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I forgot to mention that there is no security related info defined in the WSDL file.

Thanks
 
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Welcome to JavaRanch.

The username/password thing is for HTTP authentication; what you're looking for is proper WS-Security authentication.

The security info doesn't need to be in the WSDL. It can be kind of bolted onto a WS.

The problem is that there is no standard for adding WS-Security to JAX-WS (or to any other WS API for that matter). That means each WS stack does its own things.
If you were using Axis2/Rampart, I'd point you to an article I wrote about this very topic.
If you're using the Metro stack, the closest to documentation I've seen is this article. Don't worry if you're not using Java 6 - in this context that just means J2SE + JAX-WS + JAXB (which are part of Metro, or can be downloaded separately).

All other tutorials assume you're using NetBeans (and GlassFish). It almost seems as if everybody working for Sun, or wanting to blog on dev.java.net, must agree to push NetBeans as hard as possible. I'm convinced that this hinders the adoption of several Java technologies and APIs, but that's a different topic.
[ August 09, 2008: Message edited by: Ulf Dittmer ]
 
Don't get me started about those stupid light bulbs.
reply
    Bookmark Topic Watch Topic
  • New Topic