aspose file tools*
The moose likes Web Services and the fly likes Adding WS Security Info to Soap Header Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of EJB 3 in Action this week in the EJB and other Java EE Technologies forum!
JavaRanch » Java Forums » Java » Web Services
Bookmark "Adding WS Security Info to Soap Header" Watch "Adding WS Security Info to Soap Header" New topic
Author

Adding WS Security Info to Soap Header

Samuel Jason
Greenhorn

Joined: Jun 26, 2011
Posts: 10
Hello Friends,

I am building a Java client for a web service. The WSDL for the web service doesn't mention about ws security details but I am told to include it in my request to the web service.
I used AXIS2( WSDL2Java) to auto generate the client using the provided WSDL. Obviously, it did not generate any methods to add security details to Soap Header as the WSDL didn't have any security elements.

Now how do I make it work? DO I need to modify the auto generated client code to add custom methods to add security elements to Soap header?
What are the best practices for such scenarios?

Tech used:
Java 5
Axis2 ( 1.4)
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 39547
    
  27
While you can do it programmatically, WS-Security is generally configured outside of the code in config files (WSDD files in the case of Axis2). You'll need the Axis2 Rampart module for this.

I've written a couple of articles about this that you may find useful: Web Services Authentication with Axis 2 and Web Services Security - Encryption


Ping & DNS - updated with new look and Ping home screen widget
Samuel Jason
Greenhorn

Joined: Jun 26, 2011
Posts: 10
Ulf Dittmer wrote:While you can do it programmatically, WS-Security is generally configured outside of the code in config files (WSDD files in the case of Axis2). You'll need the Axis2 Rampart module for this.

I've written a couple of articles about this that you may find useful: Web Services Authentication with Axis 2 and Web Services Security - Encryption


Thanks for the link.
One of the lines from your article reads as "WS-Security can perform 4 different actions: Timestamping, Authentication, Encryption and Signature".
I am requird to a binarysecuritytoken to the Soap Header. Is that possible using Rampart ? I believe PWHandlerClient will have logic to add create and add the binarysecuritytoken and conf/axis2.xml should have some action elements corresponding to addition of binarysecuritytoken ?

Sample Header:
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:date="http://exslt.org/dates-and-times">
<SOAP-ENV:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3">MIIC/.........</wsse:BinarySecurityToken>
</wsse:Security>
</SOAP-ENV:Header>


Samuel Jason
Greenhorn

Joined: Jun 26, 2011
Posts: 10
I am still not able to figure how to add binary security token to Soap Header using Rampart.
I am able to 'engage' rampart module but I am not sure what to mention in config file so that handler class will get invoked.

any one done this before ? I am using Axis2 with rampart.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Adding WS Security Info to Soap Header
 
Similar Threads
Any feedback for SCDJWS Beta?
How would the client know what kind WS-security to use to access the secured service
Sample Questions for 288 - Need answers
Generic Client To Invoke Different Webservices
Need help using annotations with Axis2