My project has webservices that are using digest authentication. I am trying to modify client implementation(JAX-RPC) to include unsername and password. i am using axis 1. i got how to include basic authentication from here . but not able to find one for digest authentication. webservices work fine using soap UI using username and password. if anyone has implemented digest authentication on client side, can you please help me in modifying client code, or appreciate if you can point me to sources.
here is java client which should be modified for adding digest authentication.
Which SOAP stack are you using on the client side?
a client deployment descriptor, which tells WSS4J how to handle security for the request on the client: client_deploy_sec.wsdd
this is given as one of the steps. how do i find for this file. i searched workspace for any file with wsdd extension and found none.
can you elaborate a bit on this. like what other elements will it have.
here in deployment descriptor you are giving user name value. i get username in client. so i will not know before hand what values to set in deployment descriptor. i donot need to check whether this user is valid or not on client side, server side web service takes care of that. i found a way to access headers in client.
so should i try to set soap headers such that it looks similar to soap request generated by SOAP UI?
I am following source code that you gave. According to that sample code, i am writing deploy.wsdd file. it requires class name of webservice. How do you find class name of webservice from wsdl? here is my wsdd.
I need to replace samples.stock.StockQuoteService with my web service class name. I have wsdl.
I am trying to secure auctionItems operation.
May I know how to find associated webservice class. I am really new to webservice. If this doubt is really simple, please suggest some tutorials such that i can get this information.
But as regards the class name: you can choose whichever one you want, since the class name is not part of the WSDL.
I have web service already. and stubs are generated using wsdl2java. but while running them , it requires digest authentication because on server side web service requires username and password. so I am modifying client implementation such that it sends username and password details in soap:header .
1. add client_deploy.wsdd to client side code.
2. added PWCallBackClient
3a. In Fetcher class which calls stubs generated by wsdl2Java, i did pass username and password.
3b. added client_deploy file programatically by placing it in same directory as other class files.
When I run fetcher class, it is not able to find client_deploy.wsdd file using FileProvider.
here is my PWCallbackClient for reference.
I observed that callbacks is picking username from client_deploy.wsdd.
I've no idea what you mean by this - the username is not part of any WSDD file; what are you referring to?
You need to alter the Java code so it accesses your user repository (maybe LDAP or a DB) and retrieves a list of the allowed users and their passwords, and then checks those against the username sent by the client in "pc.getIdentifer()".
I am referring to username given in wsdd configuration. Please have a look at my client_deploy.wsdd below. i highlighted user element.
Webservice authentication check is done on serverside(called webservice). I am trying to access that webservice by writing client implementation. Since webservice requires username and password to be sent using digest, I am trying to send those username and password values in soap header. i came across this article. followed steps given there for "Configuring the Client". My requirement is to be able to access a webservice which requires username and password being sent using digest authentication. I will have username and password being passed and available in my client application. But i donot have access to LDAP in which i can validate whether this username is valid or not in my client application.
Here is how soap request is sent using client_deploy.wsdd and PWCallBackClient.
username being sent is same as user given in client_deply.wsdd.
I am able to call webservice if i give username in client_deploy.wsdd. but i will not know before hand about all users.username and password are being passed from JavaFx front end.
I tried to follow alternate step given here.
Another way to do this is to have the client application set the username and CallbackHandler implementation programmatically instead of client_deploy.wsdd:
Remote remote = locator.getPort(StockQuoteService.class);
Stub axisPort = (Stub)remote;
but it is still calling pwCallBack.