• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Adding elements in SOAP Header request for authentication

 
Ranch Hand
Posts: 65
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi all,

I need to incorporate an authentication header (i.e. as a part of SOAP header request) in my new web service. That authentication header will verify the userId and password details. I have to verify the content of request header details for authentication in my Web Service. If authenticated, then the SOAP body of the request will be processed, else Invalid Authentication message will be send back by the Web Service to the client application invoking the service.

I am not able to understand how to create a web service where the SOAP Header will contain some elements(in my case, authentication elements such as userId and password).

Normally, whatever method exposed in the service will come as a part of the SOAP Body. Hence confused how to proceed with adding authentication elements in the SOAP Header.

Please help

Regards,
 
Ranch Hand
Posts: 51
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
If I have understood your problem statement, you want to include the SOAP Header in the web service that you will be deploying.

The WSDL will include the Header emement containing userid/password or other details like certificate serial no/SHA2 signature etc

Correct me if I am wrong.

Rgds,

Seetesh
 
Anthony D'Souz
Ranch Hand
Posts: 65
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Exactly. You have got it correct.

I want the header to be exactly like this:



What i can see as of now is when I create a new web service, all of the information is present in the body part, the header is empty. As a part of the requirement, I want the authentication part to be in header.

Please help.
 
Anthony D'Souz
Ranch Hand
Posts: 65
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi all,

I tried placing a handler and making the handler entry in the webservice.xml. It worked for me.

But still as the initial requirement goes, i have to embed the authentication details in the SOAP header.

I heard of WSSE but i am creating the web service using JAX-RPC, hence WSSE may not work as it seems to be for JAX-WS.

Please provide some inputs on how to insert authentication elements in SOAP header request in the format i mentioned in #3.

I will be doing this using JAX-RPC mechanism.

Regards,
 
Anthony D'Souz
Ranch Hand
Posts: 65
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Any help on this please?
 
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
WS-Security works for JAX-RPC as well as JAX-WS. It's what you should be using if your SOAP implementation supports it. Which SOAP stack are you using?
 
Anthony D'Souz
Ranch Hand
Posts: 65
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

Thanks for the reply.

I will be creating the web service using RSA 7.5 and Websphere Server 7.

How to understand if the SOAP implementation support the WS-Security or not?

Please help.

Thanks,
 
Ulf Dittmer
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
WebSphere being a commercial product, I would assume that its documentation covers this, and if it does, also explains how to apply it (since that differs from SOAP stack to SOAP stack).
 
Anthony D'Souz
Ranch Hand
Posts: 65
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Ulf,

Thanks for the reply.

Without having any idea about wsse, reading only the documentation is very difficult Its going over my head as of now.

If you can give some helpful instructions on the steps to be followed for implementing the wsse, then considering it as the base I will be able to dig into the documentation.

Hope will get some helpful inputs from your side regarding the implementation steps so that i can continue with the documentation.

Regards,
 
Ulf Dittmer
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I have no knowledge of RSA and WebSphere. A quick search for applying WS-security jax-rpc rsa websphere found some promising results, including this one.
 
Anthony D'Souz
Ranch Hand
Posts: 65
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Ulf,

Thanks for the reply.

I did nt asked you to provide inputs on the specific IDE/server I am using. I only asked you to give me the basic inputs on the steps of implementing the wsse. Consider anything you worked on before for implementing wsse.

Only i need to know the steps so that i can proceed by myself.

Regards,
 
Ulf Dittmer
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Most of what I learned about WS-Security Authentication can be found in two articles I wrote on the subject, using Axis-1 and Axis-2.
 
Siitesh Hind
Ranch Hand
Posts: 51
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hello Anthony,

-------------------------------------------------------------------------------------------------------------------------------------

I tried placing a handler and making the handler entry in the webservice.xml. It worked for me.

-------------------------------------------------------------------------------------------------------------------------------------

I use Eclipse with WS annotations without using webservice.xml to deploy the web service on JBoss AS. So I dont see configuration of handler and its entry as build.xml deploys it on JBoss AS.

Hello Ulf,

Question is how do we add the SOAP Header the required authentication details? I have seen this kind of configuration while deploying Informatica/Cordys but have no heads on the J2EE part.

Reading your article on Axis 1 and 2. You have mentioned the 2 types of clients. Do you have any examples on the server that creates the WSSE:SECURITY part

Rgds,

Seetesh
 
Don't get me started about those stupid light bulbs.
reply
    Bookmark Topic Watch Topic
  • New Topic