• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Adding WS Security Info to Soap Header

 
Greenhorn
Posts: 10
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hello Friends,

I am building a Java client for a web service. The WSDL for the web service doesn't mention about ws security details but I am told to include it in my request to the web service.
I used AXIS2( WSDL2Java) to auto generate the client using the provided WSDL. Obviously, it did not generate any methods to add security details to Soap Header as the WSDL didn't have any security elements.

Now how do I make it work? DO I need to modify the auto generated client code to add custom methods to add security elements to Soap header?
What are the best practices for such scenarios?

Tech used:
Java 5
Axis2 ( 1.4)
 
Rancher
Posts: 43081
77
  • Likes 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
While you can do it programmatically, WS-Security is generally configured outside of the code in config files (WSDD files in the case of Axis2). You'll need the Axis2 Rampart module for this.

I've written a couple of articles about this that you may find useful: Web Services Authentication with Axis 2 and Web Services Security - Encryption
 
Samuel Jason
Greenhorn
Posts: 10
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Ulf Dittmer wrote:While you can do it programmatically, WS-Security is generally configured outside of the code in config files (WSDD files in the case of Axis2). You'll need the Axis2 Rampart module for this.

I've written a couple of articles about this that you may find useful: Web Services Authentication with Axis 2 and Web Services Security - Encryption



Thanks for the link.
One of the lines from your article reads as "WS-Security can perform 4 different actions: Timestamping, Authentication, Encryption and Signature".
I am requird to a binarysecuritytoken to the Soap Header. Is that possible using Rampart ? I believe PWHandlerClient will have logic to add create and add the binarysecuritytoken and conf/axis2.xml should have some action elements corresponding to addition of binarysecuritytoken ?

Sample Header:
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:date="http://exslt.org/dates-and-times">
<SOAP-ENV:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3">MIIC/.........</wsse:BinarySecurityToken>
</wsse:Security>
</SOAP-ENV:Header>


 
Samuel Jason
Greenhorn
Posts: 10
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I am still not able to figure how to add binary security token to Soap Header using Rampart.
I am able to 'engage' rampart module but I am not sure what to mention in config file so that handler class will get invoked.

any one done this before ? I am using Axis2 with rampart.
 
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Anybody ever figured this out - I am sitting in exact same situation ....
 
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
i am also facing the same issue, is there any way to add security headers to the SOAP request using AXIS 2 or using any SOAP HANDLERS?

any small information or pointers would be helpful.

Thanks in advnce
 
Greenhorn
Posts: 16
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Ulf Dittmer wrote:While you can do it programmatically, WS-Security is generally configured outside of the code in config files (WSDD files in the case of Axis2). You'll need the Axis2 Rampart module for this.

I've written a couple of articles about this that you may find useful: Web Services Authentication with Axis 2 and Web Services Security - Encryption



You are a life saver Ulf
 
Rajesh KankanampattiMahesh
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks for the reply...........

i had done the same using Axis2 with JAVA and i got the desired output using STAND ALONE application...

But my requirement is that i want pass input parameters from VXML to JAVA and i need to hit the web service using JAVA,
please note that i m using the web service code as a JAR
i m able to pass parameters from VXML to JAVA and when i tried to hit the web service i'm getting org.apache.axis2.AxisFault class not found exception.

but the said class is available in my class path and also i tried adding the same in MET-INF/lib folder and the issue still persists.

Kindly help me out.

Thanks in advnce
 
Ulf Dittmer
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
"MET-INF/lib" is not a directory ever used by web apps. If that is a typo, tell us what directory you actually added the class files to.

I have no idea what VXML is, so there may be any number of things you need to do differently.
 
Rajesh KankanampattiMahesh
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Ok then could you please explain at what situations we should use WAR distribution of AXIS2,

and how should we use it,

is there any criteria that if our project uses servlet for navigtion purpose or our project is dynamic project which has EAR files then we should use WAR version,

please explain
 
Ulf Dittmer
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
A WAR as opposed to what? Axis2 is a Java web app. Whether that's the standard distribution, or heavily modified by you, or part of your own web app is irrelevant to its functioning.
 
Consider Paul's rocket mass heater.
reply
    Bookmark Topic Watch Topic
  • New Topic