Venkat Venkat - 3 months ago 14
Java Question

WSS headers in SOAP request for java client

I am consuming a SOAP based webservice in a Java. I tested the webservice in SOAP UI, tried to send the request and I successfully got the response. The request is working only if I manually add the security wsse:Security and send the valid username and password. Only then I am getting a valid response.

Right now I want to send the request through a simple JAVA code, get a response.

I used wsimport to create the stub files.

I don't see any java files generated for setting the username & password. How do we need to set the username & password and pass on to the request ??

Will there be any different in consuming a secured() service to non-sercured ()??

Appreciated.

Answer

You don't see the web service security related tags (i.e wsse:Securityetc.) in your stubs due your stubs are the beans for your xsd schema and WSS is a standard which has it's own tags defined in a specific xsd (It's like for example soap, you can send your request inside a <soap:envelope> however this related tags are not in your stubs).

To add the WSS features to your java client you can use apache WSS4J. In order to add a username and password as you ask in the question, you can do it using the following code:

WSSecUsernameToken builder = new WSSecUsernameToken();
builder.setPasswordType(WSConstants.PASSWORD_TEXT);
// set user name an password
builder.setUserInfo("wernerd", "verySecret");
// create a sample soap message
Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
WSSecHeader secHeader = new WSSecHeader(doc);
secHeader.insertSecurityHeader();
// create the soap message with WSS headers
Document signedDoc = builder.build(doc, secHeader);
// simply print the result
System.out.println(XMLUtils.prettyDocumentToString(signedDoc));

This snippet is extracted from Junit tests of the apache WSS4J project. You can check testUsernameTokenText() method on UserNameTokenTest class on apache WSS4J svn repository

Hope this helps,

Comments