Apache cxf basic authentication

Question

I have a running example of apache cxf but when I run this wsdl file provided by my code is not authenticated I don't know how to pass the username and password to soapui

The code is:

ORDER.JAVA
package demo.order;

public class Order {

    private String customerID;
    private String itemID;
    private int qty;
    private double price;

    // Constructor
    public Order() {
    }

    public String getCustomerID() {
        return customerID;
    }

    public void setCustomerID(String customerID) {
        this.customerID = customerID;
    }

    public String getItemID() {
        return itemID;
    }

    public void setItemID(String itemID) {
        this.itemID = itemID;
    }

    public int getQty() {
        return qty;
    }

    public void setQty(int qty) {
        this.qty = qty;
    }

    public double getPrice() {
        return price;
    }

    public void setPrice(double price) {
        this.price = price;
    }

}

package demo.order;

import javax.jws.WebService;

@WebService
public interface OrderProcess {
    String processOrder(Order order);
}


package demo.order;

import javax.jws.WebService;

@org.apache.cxf.interceptor.InInterceptors (interceptors = {"demo.order.server.OrderProcessUserCredentialInterceptor" })
@WebService
public class OrderProcessImpl implements OrderProcess {

    public String processOrder(Order order) {
        System.out.println("Processing order...");
        String orderID = validate(order);
        return orderID;
    }

    /**
     * Validates the order and returns the order ID
    **/
    private String validate(Order order) {
        String custID = order.getCustomerID();
        String itemID = order.getItemID();
        int qty = order.getQty();
        double price = order.getPrice();
        if (custID != null && itemID != null && qty > 0 && price > 0.0) {
            return "ORD1234";
        }

        return null;
    }
}

_______________
package demo.order.client;

import demo.order.OrderProcess;
import demo.order.Order;

import org.apache.cxf.frontend.ClientProxy;
import org.springframework.context.support.ClassPathXmlApplicationContext;

public final class Client {

    public Client() {
    }

    public static void main(String args[]) throws Exception {
        ClassPathXmlApplicationContext context 
            = new ClassPathXmlApplicationContext(new String[] {"demo/order/client/client-beans.xml"});

        OrderProcess client = (OrderProcess) context.getBean("orderClient");
        OrderProcessClientHandler clientInterceptor = new OrderProcessClientHandler();
        clientInterceptor.setUserName("John");
        clientInterceptor.setPassword("password");
        org.apache.cxf.endpoint.Client cxfClient = ClientProxy.getClient(client);
        cxfClient.getOutInterceptors().add(clientInterceptor);

        Order order = new Order();
        order.setCustomerID("C001");
        order.setItemID("I001");
        order.setQty(100);
        order.setPrice(200.00);

        String orderID = client.processOrder(order);
        String message = (orderID == null) ? "Order not approved" : "Order approved; order ID is " + orderID;
        System.out.println(message);
    }
}
_____________________
package demo.order.client;

import javax.xml.namespace.QName;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;

import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.binding.soap.interceptor.AbstractSoapInterceptor;
import org.apache.cxf.binding.soap.interceptor.SoapPreProtocolOutInterceptor;
import org.apache.cxf.headers.Header;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.phase.Phase;
import org.w3c.dom.Document;
import org.w3c.dom.Element;

public class OrderProcessClientHandler extends AbstractSoapInterceptor {

    public String userName;
    public String password;

    public OrderProcessClientHandler() {
        super(Phase.WRITE);
        addAfter(SoapPreProtocolOutInterceptor.class.getName());
    }

    public void handleMessage(SoapMessage message) throws Fault {

            System.out.println("OrderProcessClientHandler handleMessage invoked");

            DocumentBuilder builder = null;
            try {
                builder = DocumentBuilderFactory.newInstance().newDocumentBuilder();
            } catch (ParserConfigurationException e) {
                e.printStackTrace();
            }
            Document doc = builder.newDocument();
            Element elementCredentials = doc.createElement("OrderCredentials");
            Element elementUser = doc.createElement("username");
            elementUser.setTextContent(getUserName());
            Element elementPassword = doc.createElement("password");
            elementPassword.setTextContent(getPassword());
            elementCredentials.appendChild(elementUser);
            elementCredentials.appendChild(elementPassword);

            // Create Header object
            QName qnameCredentials =  new QName("OrderCredentials");
            Header header = new Header(qnameCredentials, elementCredentials);
            message.getHeaders().add(header);
    }

    public String getPassword() {
        return password;
    }

    public void setPassword(String password) {
        this.password = password;
    }

    public String getUserName() {
        return userName;
    }

    public void setUserName(String userName) {
        this.userName = userName;
    }
}
_________________________
CLIENTBEAN.XML
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:jaxws="http://cxf.apache.org/jaxws"
    xsi:schemaLocation="http://www.springframework.org/schema/beans 
                        http://www.springframework.org/schema/beans/spring-beans.xsd
                        http://cxf.apache.org/jaxws 
                        http://cxf.apache.org/schemas/jaxws.xsd">

    <jaxws:client id="orderClient" serviceClass="demo.order.OrderProcess" address="http://localhost:8080/OrderProcess" />
</beans>
_______________________
package demo.order.server;

import org.apache.cxf.jaxws.JaxWsServerFactoryBean;

import demo.order.OrderProcess;
import demo.order.OrderProcessImpl;

public class OrderProcessServerStart {

    public static void main(String[] args) throws Exception {

        OrderProcess orderProcess = new OrderProcessImpl();
        JaxWsServerFactoryBean server = new JaxWsServerFactoryBean();
        server.setServiceBean(orderProcess);
        server.setAddress("http://localhost:8787/OrderProcess");
        server.create();
        System.out.println("Server ready....");

        Thread.sleep(5 * 60 * 1000);
        System.out.println("Server exiting");
        System.exit(0);
    }
}
___________________________
package demo.order.server;

import javax.xml.namespace.QName;

import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.binding.soap.interceptor.AbstractSoapInterceptor;
import org.apache.cxf.headers.Header;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.phase.Phase;
import org.w3c.dom.Element;
import org.w3c.dom.Node;

public class OrderProcessUserCredentialInterceptor extends AbstractSoapInterceptor {

    private String userName;
    private String password;

    public OrderProcessUserCredentialInterceptor() {
        super(Phase.PRE_INVOKE);
    }

    public void handleMessage(SoapMessage message) throws Fault {

        System.out.println("OrderProcessUserCredentialInterceptor handleMessage invoked");
        QName qnameCredentials = new QName("OrderCredentials");

        // Get header based on QNAME
        if (message.hasHeader(qnameCredentials )) {
            Header header = message.getHeader(qnameCredentials);

            Element elementOrderCredential= (Element) header.getObject();
            Node nodeUser = elementOrderCredential.getFirstChild();
            Node nodePassword = elementOrderCredential.getLastChild();

            if (nodeUser != null) {
                userName = nodeUser.getTextContent();
            }
            if (nodePassword != null) {
                password = nodePassword.getTextContent();
            }
        }

        System.out.println("userName retrieved from SOAP Header is " + userName);
        System.out.println("password retrieved from SOAP Header is " + password);

        // Perform dummy validation for John
        if ("John".equalsIgnoreCase(userName) && "password".equalsIgnoreCase(password)) {
            System.out.println("Authentication successful for John");
        } else {
            throw new RuntimeException("Invalid user or password");
        }
    }

    public String getUserName() {
        return userName;
    }

    public void setUserName(String userName) {
        this.userName = userName;
    }

    public String getPassword() {
        return password;
    }

    public void setPassword(String password) {
        this.password = password;
    }

}
_______________

I have these files and the program compile succesfully and creting the wsdl file

but its not working on soapui means username and password are null when requsting through soapui, please suggest me how to overcome this problem of basic authentication and how to pass the usename and password to soap ui

Answer 1

For Basic authentication in SOAP UI, navigate to your Request, single click on it will display a panel in the left bottom corner. Your config for BASIC Authentication should be something like this:

Add your username and password to the appropriate fields.

For your client I see you are using Spring. So jaxws:client provides username and password attributes for authentication. You can add them like this:

<jaxws:client id="orderClient" 
              serviceClass="demo.order.OrderProcess" 
              address="http://localhost:8080/OrderProcess"
              username="yourUsername"
              password="yourPassword"/>