This week's giveaway is in the Android forum.
We're giving away four copies of Android Security Essentials Live Lessons and have Godfrey Nolan on-line!
See this thread for details.
The moose likes Web Services and the fly likes Adding elements in SOAP Header request for authentication Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Java » Web Services
Bookmark "Adding elements in SOAP Header request for authentication" Watch "Adding elements in SOAP Header request for authentication" New topic
Author

Adding elements in SOAP Header request for authentication

Anthony D'Souz
Ranch Hand

Joined: Oct 13, 2011
Posts: 63
Hi all,

I need to incorporate an authentication header (i.e. as a part of SOAP header request) in my new web service. That authentication header will verify the userId and password details. I have to verify the content of request header details for authentication in my Web Service. If authenticated, then the SOAP body of the request will be processed, else Invalid Authentication message will be send back by the Web Service to the client application invoking the service.

I am not able to understand how to create a web service where the SOAP Header will contain some elements(in my case, authentication elements such as userId and password).

Normally, whatever method exposed in the service will come as a part of the SOAP Body. Hence confused how to proceed with adding authentication elements in the SOAP Header.

Please help

Regards,
Siitesh Hind
Ranch Hand

Joined: Sep 06, 2012
Posts: 51
If I have understood your problem statement, you want to include the SOAP Header in the web service that you will be deploying.

The WSDL will include the Header emement containing userid/password or other details like certificate serial no/SHA2 signature etc

Correct me if I am wrong.

Rgds,

Seetesh
Anthony D'Souz
Ranch Hand

Joined: Oct 13, 2011
Posts: 63
Exactly. You have got it correct.

I want the header to be exactly like this:



What i can see as of now is when I create a new web service, all of the information is present in the body part, the header is empty. As a part of the requirement, I want the authentication part to be in header.

Please help.
Anthony D'Souz
Ranch Hand

Joined: Oct 13, 2011
Posts: 63
Hi all,

I tried placing a handler and making the handler entry in the webservice.xml. It worked for me.

But still as the initial requirement goes, i have to embed the authentication details in the SOAP header.

I heard of WSSE but i am creating the web service using JAX-RPC, hence WSSE may not work as it seems to be for JAX-WS.

Please provide some inputs on how to insert authentication elements in SOAP header request in the format i mentioned in #3.

I will be doing this using JAX-RPC mechanism.

Regards,
Anthony D'Souz
Ranch Hand

Joined: Oct 13, 2011
Posts: 63
Any help on this please?
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41137
    
  45
WS-Security works for JAX-RPC as well as JAX-WS. It's what you should be using if your SOAP implementation supports it. Which SOAP stack are you using?


Ping & DNS - my free Android networking tools app
Anthony D'Souz
Ranch Hand

Joined: Oct 13, 2011
Posts: 63
Hi,

Thanks for the reply.

I will be creating the web service using RSA 7.5 and Websphere Server 7.

How to understand if the SOAP implementation support the WS-Security or not?

Please help.

Thanks,
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41137
    
  45
WebSphere being a commercial product, I would assume that its documentation covers this, and if it does, also explains how to apply it (since that differs from SOAP stack to SOAP stack).
Anthony D'Souz
Ranch Hand

Joined: Oct 13, 2011
Posts: 63
Hi Ulf,

Thanks for the reply.

Without having any idea about wsse, reading only the documentation is very difficult Its going over my head as of now.

If you can give some helpful instructions on the steps to be followed for implementing the wsse, then considering it as the base I will be able to dig into the documentation.

Hope will get some helpful inputs from your side regarding the implementation steps so that i can continue with the documentation.

Regards,
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41137
    
  45
I have no knowledge of RSA and WebSphere. A quick search for applying WS-security jax-rpc rsa websphere found some promising results, including this one.
Anthony D'Souz
Ranch Hand

Joined: Oct 13, 2011
Posts: 63
Hi Ulf,

Thanks for the reply.

I did nt asked you to provide inputs on the specific IDE/server I am using. I only asked you to give me the basic inputs on the steps of implementing the wsse. Consider anything you worked on before for implementing wsse.

Only i need to know the steps so that i can proceed by myself.

Regards,
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41137
    
  45
Most of what I learned about WS-Security Authentication can be found in two articles I wrote on the subject, using Axis-1 and Axis-2.
Siitesh Hind
Ranch Hand

Joined: Sep 06, 2012
Posts: 51
Hello Anthony,

-------------------------------------------------------------------------------------------------------------------------------------

I tried placing a handler and making the handler entry in the webservice.xml. It worked for me.

-------------------------------------------------------------------------------------------------------------------------------------

I use Eclipse with WS annotations without using webservice.xml to deploy the web service on JBoss AS. So I dont see configuration of handler and its entry as build.xml deploys it on JBoss AS.

Hello Ulf,

Question is how do we add the SOAP Header the required authentication details? I have seen this kind of configuration while deploying Informatica/Cordys but have no heads on the J2EE part.

Reading your article on Axis 1 and 2. You have mentioned the 2 types of clients. Do you have any examples on the server that creates the WSSE:SECURITY part

Rgds,

Seetesh
 
wood burning stoves
 
subject: Adding elements in SOAP Header request for authentication
 
Similar Threads
HeaderElements must be namespace qualified when create soap client
Basic authentication soap header values?
how to implement ws-security in soap request header
Adding WS Security Info to Soap Header
Adding Basic Authetication to SOAP Message