aspose file tools*
The moose likes Web Services and the fly likes Adding WS Security Info to Soap Header Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Web Services
Bookmark "Adding WS Security Info to Soap Header" Watch "Adding WS Security Info to Soap Header" New topic
Author

Adding WS Security Info to Soap Header

Samuel Jason
Greenhorn

Joined: Jun 26, 2011
Posts: 10
Hello Friends,

I am building a Java client for a web service. The WSDL for the web service doesn't mention about ws security details but I am told to include it in my request to the web service.
I used AXIS2( WSDL2Java) to auto generate the client using the provided WSDL. Obviously, it did not generate any methods to add security details to Soap Header as the WSDL didn't have any security elements.

Now how do I make it work? DO I need to modify the auto generated client code to add custom methods to add security elements to Soap header?
What are the best practices for such scenarios?

Tech used:
Java 5
Axis2 ( 1.4)
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41863
    
  63
While you can do it programmatically, WS-Security is generally configured outside of the code in config files (WSDD files in the case of Axis2). You'll need the Axis2 Rampart module for this.

I've written a couple of articles about this that you may find useful: Web Services Authentication with Axis 2 and Web Services Security - Encryption


Ping & DNS - my free Android networking tools app
Samuel Jason
Greenhorn

Joined: Jun 26, 2011
Posts: 10
Ulf Dittmer wrote:While you can do it programmatically, WS-Security is generally configured outside of the code in config files (WSDD files in the case of Axis2). You'll need the Axis2 Rampart module for this.

I've written a couple of articles about this that you may find useful: Web Services Authentication with Axis 2 and Web Services Security - Encryption


Thanks for the link.
One of the lines from your article reads as "WS-Security can perform 4 different actions: Timestamping, Authentication, Encryption and Signature".
I am requird to a binarysecuritytoken to the Soap Header. Is that possible using Rampart ? I believe PWHandlerClient will have logic to add create and add the binarysecuritytoken and conf/axis2.xml should have some action elements corresponding to addition of binarysecuritytoken ?

Sample Header:
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:date="http://exslt.org/dates-and-times">
<SOAP-ENV:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3">MIIC/.........</wsse:BinarySecurityToken>
</wsse:Security>
</SOAP-ENV:Header>


Samuel Jason
Greenhorn

Joined: Jun 26, 2011
Posts: 10
I am still not able to figure how to add binary security token to Soap Header using Rampart.
I am able to 'engage' rampart module but I am not sure what to mention in config file so that handler class will get invoked.

any one done this before ? I am using Axis2 with rampart.
John Loft Christiansen
Greenhorn

Joined: Jul 18, 2014
Posts: 1
Anybody ever figured this out - I am sitting in exact same situation ....
Rajesh KankanampattiMahesh
Greenhorn

Joined: Aug 02, 2014
Posts: 3
i am also facing the same issue, is there any way to add security headers to the SOAP request using AXIS 2 or using any SOAP HANDLERS?

any small information or pointers would be helpful.

Thanks in advnce
rex hindlekar
Greenhorn

Joined: Feb 25, 2010
Posts: 16
Ulf Dittmer wrote:While you can do it programmatically, WS-Security is generally configured outside of the code in config files (WSDD files in the case of Axis2). You'll need the Axis2 Rampart module for this.

I've written a couple of articles about this that you may find useful: Web Services Authentication with Axis 2 and Web Services Security - Encryption


You are a life saver Ulf
Rajesh KankanampattiMahesh
Greenhorn

Joined: Aug 02, 2014
Posts: 3
Thanks for the reply...........

i had done the same using Axis2 with JAVA and i got the desired output using STAND ALONE application...

But my requirement is that i want pass input parameters from VXML to JAVA and i need to hit the web service using JAVA,
please note that i m using the web service code as a JAR
i m able to pass parameters from VXML to JAVA and when i tried to hit the web service i'm getting org.apache.axis2.AxisFault class not found exception.

but the said class is available in my class path and also i tried adding the same in MET-INF/lib folder and the issue still persists.

Kindly help me out.

Thanks in advnce
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41863
    
  63
"MET-INF/lib" is not a directory ever used by web apps. If that is a typo, tell us what directory you actually added the class files to.

I have no idea what VXML is, so there may be any number of things you need to do differently.
Rajesh KankanampattiMahesh
Greenhorn

Joined: Aug 02, 2014
Posts: 3
Ok then could you please explain at what situations we should use WAR distribution of AXIS2,

and how should we use it,

is there any criteria that if our project uses servlet for navigtion purpose or our project is dynamic project which has EAR files then we should use WAR version,

please explain
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41863
    
  63
A WAR as opposed to what? Axis2 is a Java web app. Whether that's the standard distribution, or heavily modified by you, or part of your own web app is irrelevant to its functioning.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Adding WS Security Info to Soap Header