This week's book giveaway is in the Servlets forum.
We're giving away four copies of Murach's Java Servlets and JSP and have Joel Murach on-line!
See this thread for details.
The moose likes Web Services and the fly likes Adding WS Security Info to Soap Header Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Java » Web Services
Bookmark "Adding WS Security Info to Soap Header" Watch "Adding WS Security Info to Soap Header" New topic
Author

Adding WS Security Info to Soap Header

Samuel Jason
Greenhorn

Joined: Jun 26, 2011
Posts: 10
Hello Friends,

I am building a Java client for a web service. The WSDL for the web service doesn't mention about ws security details but I am told to include it in my request to the web service.
I used AXIS2( WSDL2Java) to auto generate the client using the provided WSDL. Obviously, it did not generate any methods to add security details to Soap Header as the WSDL didn't have any security elements.

Now how do I make it work? DO I need to modify the auto generated client code to add custom methods to add security elements to Soap header?
What are the best practices for such scenarios?

Tech used:
Java 5
Axis2 ( 1.4)
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41083
    
  43
While you can do it programmatically, WS-Security is generally configured outside of the code in config files (WSDD files in the case of Axis2). You'll need the Axis2 Rampart module for this.

I've written a couple of articles about this that you may find useful: Web Services Authentication with Axis 2 and Web Services Security - Encryption


Ping & DNS - my free Android networking tools app
Samuel Jason
Greenhorn

Joined: Jun 26, 2011
Posts: 10
Ulf Dittmer wrote:While you can do it programmatically, WS-Security is generally configured outside of the code in config files (WSDD files in the case of Axis2). You'll need the Axis2 Rampart module for this.

I've written a couple of articles about this that you may find useful: Web Services Authentication with Axis 2 and Web Services Security - Encryption


Thanks for the link.
One of the lines from your article reads as "WS-Security can perform 4 different actions: Timestamping, Authentication, Encryption and Signature".
I am requird to a binarysecuritytoken to the Soap Header. Is that possible using Rampart ? I believe PWHandlerClient will have logic to add create and add the binarysecuritytoken and conf/axis2.xml should have some action elements corresponding to addition of binarysecuritytoken ?

Sample Header:
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:date="http://exslt.org/dates-and-times">
<SOAP-ENV:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3">MIIC/.........</wsse:BinarySecurityToken>
</wsse:Security>
</SOAP-ENV:Header>


Samuel Jason
Greenhorn

Joined: Jun 26, 2011
Posts: 10
I am still not able to figure how to add binary security token to Soap Header using Rampart.
I am able to 'engage' rampart module but I am not sure what to mention in config file so that handler class will get invoked.

any one done this before ? I am using Axis2 with rampart.
John Loft Christiansen
Greenhorn

Joined: Jul 18, 2014
Posts: 1
Anybody ever figured this out - I am sitting in exact same situation ....
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: Adding WS Security Info to Soap Header
 
Similar Threads
Sample Questions for 288 - Need answers
Need help using annotations with Axis2
How would the client know what kind WS-security to use to access the secured service
Any feedback for SCDJWS Beta?
Generic Client To Invoke Different Webservices