I am consuming a SOAP based webservice in a Java. I tested the webservice in SOAP UI, tried to send the request and I successfully got the response. The request is working only if I manually add the security wsse:Security and send the valid username and password. Only then I am getting a valid response.
Right now I want to send the request through a simple JAVA code, get a response.
I used wsimport to create the stub files.
I don't see any java files generated for setting the username & password. How do we need to set the username & password and pass on to the request ??
Will there be any different in consuming a secured() service to non-sercured ()??
You don't see the web service security related tags (i.e
wsse:Securityetc.) in your stubs due your stubs are the beans for your
xsd schema and
WSS is a standard which has it's own tags defined in a specific
xsd (It's like for example
soap, you can send your request inside a
<soap:envelope> however this related tags are not in your stubs).
To add the
WSS features to your java client you can use apache
WSS4J. In order to add a username and password as you ask in the question, you can do it using the following code:
WSSecUsernameToken builder = new WSSecUsernameToken(); builder.setPasswordType(WSConstants.PASSWORD_TEXT); // set user name an password builder.setUserInfo("wernerd", "verySecret"); // create a sample soap message Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG); WSSecHeader secHeader = new WSSecHeader(doc); secHeader.insertSecurityHeader(); // create the soap message with WSS headers Document signedDoc = builder.build(doc, secHeader); // simply print the result System.out.println(XMLUtils.prettyDocumentToString(signedDoc));
This snippet is extracted from Junit tests of the apache
WSS4J project. You can check
testUsernameTokenText() method on
UserNameTokenTest class on apache
WSS4J svn repository
Hope this helps,