I am trying to connect to an existing SOAP web service. I have given an wsdl and from that I've created Java classes via Apache Axis2 XMLBeans.
But now I have to extend the messages sending by my self-written client with an WS-Security-Header. How can I do this?
I've found the Apache Rampart project for that, but can't find any solutions to extend the messages created from my Java classes with such a header. I can only find opportunities to establish WS security to a service (in the webapp folder and so on).
I am excited about your answers!
Thank you for your help!
I fixed my problem. I want to share my solution with you, hope anybody can need it out there!
As I said above, I've created the Java classes out of a wsdl file with Apache Axis2 XMLBeans (http://axis.apache.org/axis2/java/core/docs/quickstartguide.html#clientxmlbeans).
After that I needed to add an WS Security Header that should look like that:
<wsse:Security soap:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken wsu:Id="UsernameToken-1" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:Username><YOUR USERNAME></wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText"><YOUR PASSWORD></wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
I solved this programaticly:
In the stub there is the SOAP-method (one without and one with a callbackHandler), that you want to invoke for using the web service. In this method esists a variable named _messageContext
. This is where you can reach the header from: _messageContext.getEnvelope().getHeader()
returns an SOAPHeader instance. With this instance I invoke the addSecurityToHeader
method from the class HeaderAddery
:
import org.apache.axiom.om.OMAbstractFactory;
import org.apache.axiom.om.OMAttribute;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.OMFactory;
import org.apache.axiom.om.OMNamespace;
public class HeaderAdder {
public static void addSecurityToHeader(
org.apache.axiom.soap.SOAPHeader header) {
OMFactory factory = OMAbstractFactory.getOMFactory();
OMNamespace namespaceWSSE = factory
.createOMNamespace(
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd",
"wsse");
OMElement element = factory.createOMElement("Security", namespaceWSSE);
OMAttribute attribute = factory.createOMAttribute("mustUnderstand",
null, "1");
element.addAttribute(attribute);
header.addChild(element);
OMElement element2 = factory.createOMElement("UsernameToken",
namespaceWSSE);
OMNamespace namespaceWSU = factory
.createOMNamespace(
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd",
"wsu");
attribute = factory.createOMAttribute("Id", namespaceWSU,
"UsernameToken-1");
element2.addAttribute(attribute);
element.addChild(element2);
OMElement element3 = factory.createOMElement("Username", namespaceWSSE);
element3.setText("<YOUR USERNAME>");
OMElement element4 = factory.createOMElement("Password", namespaceWSSE);
attribute = factory
.createOMAttribute(
"Type",
null,
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText");
element4.setText("<YOUR PASSWORD>");
element2.addChild(element3);
element2.addChild(element4);
}
}
And with that the authentification worked and I've got no reject-responses any more.
If you have any questions to that, please let me know!
Kind regards!