Venkat Venkat - 1 year ago 173
Java Question

WSS headers in SOAP request for java client

I am consuming a SOAP based webservice in a Java. I tested the webservice in SOAP UI, tried to send the request and I successfully got the response. The request is working only if I manually add the security wsse:Security and send the valid username and password. Only then I am getting a valid response.

Right now I want to send the request through a simple JAVA code, get a response.

I used wsimport to create the stub files.

I don't see any java files generated for setting the username & password. How do we need to set the username & password and pass on to the request ??

Will there be any different in consuming a secured() service to non-sercured ()??


Answer Source

You don't see the web service security related tags (i.e wsse:Securityetc.) in your stubs due your stubs are the beans for your xsd schema and WSS is a standard which has it's own tags defined in a specific xsd (It's like for example soap, you can send your request inside a <soap:envelope> however this related tags are not in your stubs).

To add the WSS features to your java client you can use apache WSS4J. In order to add a username and password as you ask in the question, you can do it using the following code:

WSSecUsernameToken builder = new WSSecUsernameToken();
// set user name an password
builder.setUserInfo("wernerd", "verySecret");
// create a sample soap message
Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
WSSecHeader secHeader = new WSSecHeader(doc);
// create the soap message with WSS headers
Document signedDoc =, secHeader);
// simply print the result

This snippet is extracted from Junit tests of the apache WSS4J project. You can check testUsernameTokenText() method on UserNameTokenTest class on apache WSS4J svn repository

Hope this helps,

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download