This week's book giveaways are in the Refactoring and Agile forums.
We're giving away four copies each of Re-engineering Legacy Software and Docker in Action and have the authors on-line!
See this thread and this one for details.
Win a copy of Re-engineering Legacy Software this week in the Refactoring forum
or Docker in Action in the Cloud/Virtualization forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Adding WS Security Info to Soap Header

 
Samuel Jason
Greenhorn
Posts: 10
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello Friends,

I am building a Java client for a web service. The WSDL for the web service doesn't mention about ws security details but I am told to include it in my request to the web service.
I used AXIS2( WSDL2Java) to auto generate the client using the provided WSDL. Obviously, it did not generate any methods to add security details to Soap Header as the WSDL didn't have any security elements.

Now how do I make it work? DO I need to modify the auto generated client code to add custom methods to add security elements to Soap header?
What are the best practices for such scenarios?

Tech used:
Java 5
Axis2 ( 1.4)
 
Ulf Dittmer
Rancher
Pie
Posts: 42967
73
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
While you can do it programmatically, WS-Security is generally configured outside of the code in config files (WSDD files in the case of Axis2). You'll need the Axis2 Rampart module for this.

I've written a couple of articles about this that you may find useful: Web Services Authentication with Axis 2 and Web Services Security - Encryption
 
Samuel Jason
Greenhorn
Posts: 10
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Ulf Dittmer wrote:While you can do it programmatically, WS-Security is generally configured outside of the code in config files (WSDD files in the case of Axis2). You'll need the Axis2 Rampart module for this.

I've written a couple of articles about this that you may find useful: Web Services Authentication with Axis 2 and Web Services Security - Encryption


Thanks for the link.
One of the lines from your article reads as "WS-Security can perform 4 different actions: Timestamping, Authentication, Encryption and Signature".
I am requird to a binarysecuritytoken to the Soap Header. Is that possible using Rampart ? I believe PWHandlerClient will have logic to add create and add the binarysecuritytoken and conf/axis2.xml should have some action elements corresponding to addition of binarysecuritytoken ?

Sample Header:
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:date="http://exslt.org/dates-and-times">
<SOAP-ENV:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3">MIIC/.........</wsse:BinarySecurityToken>
</wsse:Security>
</SOAP-ENV:Header>


 
Samuel Jason
Greenhorn
Posts: 10
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am still not able to figure how to add binary security token to Soap Header using Rampart.
I am able to 'engage' rampart module but I am not sure what to mention in config file so that handler class will get invoked.

any one done this before ? I am using Axis2 with rampart.
 
John Loft Christiansen
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Anybody ever figured this out - I am sitting in exact same situation ....
 
Rajesh KankanampattiMahesh
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
i am also facing the same issue, is there any way to add security headers to the SOAP request using AXIS 2 or using any SOAP HANDLERS?

any small information or pointers would be helpful.

Thanks in advnce
 
rex hindlekar
Greenhorn
Posts: 16
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Ulf Dittmer wrote:While you can do it programmatically, WS-Security is generally configured outside of the code in config files (WSDD files in the case of Axis2). You'll need the Axis2 Rampart module for this.

I've written a couple of articles about this that you may find useful: Web Services Authentication with Axis 2 and Web Services Security - Encryption


You are a life saver Ulf
 
Rajesh KankanampattiMahesh
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks for the reply...........

i had done the same using Axis2 with JAVA and i got the desired output using STAND ALONE application...

But my requirement is that i want pass input parameters from VXML to JAVA and i need to hit the web service using JAVA,
please note that i m using the web service code as a JAR
i m able to pass parameters from VXML to JAVA and when i tried to hit the web service i'm getting org.apache.axis2.AxisFault class not found exception.

but the said class is available in my class path and also i tried adding the same in MET-INF/lib folder and the issue still persists.

Kindly help me out.

Thanks in advnce
 
Ulf Dittmer
Rancher
Pie
Posts: 42967
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
"MET-INF/lib" is not a directory ever used by web apps. If that is a typo, tell us what directory you actually added the class files to.

I have no idea what VXML is, so there may be any number of things you need to do differently.
 
Rajesh KankanampattiMahesh
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Ok then could you please explain at what situations we should use WAR distribution of AXIS2,

and how should we use it,

is there any criteria that if our project uses servlet for navigtion purpose or our project is dynamic project which has EAR files then we should use WAR version,

please explain
 
Ulf Dittmer
Rancher
Pie
Posts: 42967
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
A WAR as opposed to what? Axis2 is a Java web app. Whether that's the standard distribution, or heavily modified by you, or part of your own web app is irrelevant to its functioning.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic