javasoapapache-axisws-securityrampart

Adding a UsernameToken (WS-Security-Header) to a SOAP message


I am trying to connect to an existing SOAP web service. I have given an wsdl and from that I've created Java classes via Apache Axis2 XMLBeans.

But now I have to extend the messages sending by my self-written client with an WS-Security-Header. How can I do this?

I've found the Apache Rampart project for that, but can't find any solutions to extend the messages created from my Java classes with such a header. I can only find opportunities to establish WS security to a service (in the webapp folder and so on).

I am excited about your answers!

Thank you for your help!


Solution

  • I fixed my problem. I want to share my solution with you, hope anybody can need it out there!

    As I said above, I've created the Java classes out of a wsdl file with Apache Axis2 XMLBeans (http://axis.apache.org/axis2/java/core/docs/quickstartguide.html#clientxmlbeans).

    After that I needed to add an WS Security Header that should look like that:

    <wsse:Security soap:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
        <wsse:UsernameToken wsu:Id="UsernameToken-1" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
            <wsse:Username><YOUR USERNAME></wsse:Username>
            <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText"><YOUR PASSWORD></wsse:Password>
        </wsse:UsernameToken>
    </wsse:Security> 
    

    I solved this programaticly:

    In the stub there is the SOAP-method (one without and one with a callbackHandler), that you want to invoke for using the web service. In this method esists a variable named _messageContext. This is where you can reach the header from: _messageContext.getEnvelope().getHeader() returns an SOAPHeader instance. With this instance I invoke the addSecurityToHeader method from the class HeaderAddery:

    import org.apache.axiom.om.OMAbstractFactory;
    import org.apache.axiom.om.OMAttribute;
    import org.apache.axiom.om.OMElement;
    import org.apache.axiom.om.OMFactory;
    import org.apache.axiom.om.OMNamespace;
    
    public class HeaderAdder {
    
        public static void addSecurityToHeader(
                org.apache.axiom.soap.SOAPHeader header) {
    
            OMFactory factory = OMAbstractFactory.getOMFactory();
    
            OMNamespace namespaceWSSE = factory
                    .createOMNamespace(
                            "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd",
                            "wsse");
    
            OMElement element = factory.createOMElement("Security", namespaceWSSE);
    
            OMAttribute attribute = factory.createOMAttribute("mustUnderstand",
                    null, "1");
    
            element.addAttribute(attribute);
    
            header.addChild(element);
    
            OMElement element2 = factory.createOMElement("UsernameToken",
                    namespaceWSSE);
    
            OMNamespace namespaceWSU = factory
                    .createOMNamespace(
                            "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd",
                            "wsu");
    
            attribute = factory.createOMAttribute("Id", namespaceWSU,
                    "UsernameToken-1");
    
            element2.addAttribute(attribute);
    
            element.addChild(element2);
    
            OMElement element3 = factory.createOMElement("Username", namespaceWSSE);
    
            element3.setText("<YOUR USERNAME>");
    
            OMElement element4 = factory.createOMElement("Password", namespaceWSSE);
    
            attribute = factory
                    .createOMAttribute(
                            "Type",
                            null,
                            "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText");
    
            element4.setText("<YOUR PASSWORD>");
    
            element2.addChild(element3);
            element2.addChild(element4);
        }
    }
    

    And with that the authentification worked and I've got no reject-responses any more.

    If you have any questions to that, please let me know!

    Kind regards!