Adding a UsernameToken (WS-Security-Header) to a SOAP message

Question

I am trying to connect to an existing SOAP web service. I have given an wsdl and from that I've created Java classes via Apache Axis2 XMLBeans.

But now I have to extend the messages sending by my self-written client with an WS-Security-Header. How can I do this?

I've found the Apache Rampart project for that, but can't find any solutions to extend the messages created from my Java classes with such a header. I can only find opportunities to establish WS security to a service (in the webapp folder and so on).

I am excited about your answers!

Thank you for your help!

Answer 1

I fixed my problem. I want to share my solution with you, hope anybody can need it out there!

As I said above, I've created the Java classes out of a wsdl file with Apache Axis2 XMLBeans (http://axis.apache.org/axis2/java/core/docs/quickstartguide.html#clientxmlbeans).

After that I needed to add an WS Security Header that should look like that:

<wsse:Security soap:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
    <wsse:UsernameToken wsu:Id="UsernameToken-1" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
        <wsse:Username><YOUR USERNAME></wsse:Username>
        <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText"><YOUR PASSWORD></wsse:Password>
    </wsse:UsernameToken>
</wsse:Security> 

I solved this programaticly:

In the stub there is the SOAP-method (one without and one with a callbackHandler), that you want to invoke for using the web service. In this method esists a variable named _messageContext. This is where you can reach the header from: _messageContext.getEnvelope().getHeader() returns an SOAPHeader instance. With this instance I invoke the addSecurityToHeader method from the class HeaderAddery:

import org.apache.axiom.om.OMAbstractFactory;
import org.apache.axiom.om.OMAttribute;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.OMFactory;
import org.apache.axiom.om.OMNamespace;

public class HeaderAdder {

    public static void addSecurityToHeader(
            org.apache.axiom.soap.SOAPHeader header) {

        OMFactory factory = OMAbstractFactory.getOMFactory();

        OMNamespace namespaceWSSE = factory
                .createOMNamespace(
                        "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd",
                        "wsse");

        OMElement element = factory.createOMElement("Security", namespaceWSSE);

        OMAttribute attribute = factory.createOMAttribute("mustUnderstand",
                null, "1");

        element.addAttribute(attribute);

        header.addChild(element);

        OMElement element2 = factory.createOMElement("UsernameToken",
                namespaceWSSE);

        OMNamespace namespaceWSU = factory
                .createOMNamespace(
                        "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd",
                        "wsu");

        attribute = factory.createOMAttribute("Id", namespaceWSU,
                "UsernameToken-1");

        element2.addAttribute(attribute);

        element.addChild(element2);

        OMElement element3 = factory.createOMElement("Username", namespaceWSSE);

        element3.setText("<YOUR USERNAME>");

        OMElement element4 = factory.createOMElement("Password", namespaceWSSE);

        attribute = factory
                .createOMAttribute(
                        "Type",
                        null,
                        "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText");

        element4.setText("<YOUR PASSWORD>");

        element2.addChild(element3);
        element2.addChild(element4);
    }
}

And with that the authentification worked and I've got no reject-responses any more.

If you have any questions to that, please let me know!

Kind regards!