SOAP/WSDL, AXIS2 and digital signing a SOAP message

Question

We need to send a SOAP message to a webservice. This is somewhat new territory, so we are a bit confused... even when searching and reading about the subject. Here is what we know / did:

1) We must authenticate through the use of a Digital Certificate in Base64 (obtained issuing a CSR – Certificate Signing Request).

2) The SOAP message must contain a Security Header (wss:Security xmlns:wss="http://schemas.xmlsoap.org/ws/2002/12/secext") and a Body.

3) The WSDL file does not contain a HEADER section, but we have the header "Field structure"

4) We decided to use Axis2/xmlbeans, and created the JAVA classes with https://axis.apache.org/axis2/java/core/tools/eclipse/wsdl2java-plugin.html

5) We can easily create the STUB and send the WSDL body element using the provided sync/async register stub methods (i assume Axis2 will generate the correct SOAP message)

Questions

1) How can we add the WS-Security(?) HEADER to the SOAP message. Do we have to manipulate the AXIS2 generated code?

2) How can we authenticate using the Digital Certificate?

Thanks

Answer 1

1) How can we add the WS-Security(?) HEADER to the SOAP message. Do we have to manipulate the AXIS2 generated code?

ServiceClient client = stub._getServiceClient();
SOAP11Factory factory = new SOAP11Factory();
OMNamespace SecurityElementNamespace = factory.createOMNamespace("http://schemas.xmlsoap.org/ws/2002/12/secext", "wss");

OMElement usernameTokenEl = factory.createOMElement("UsernameToken", SecurityElementNamespace);
OMElement usernameEl = factory.createOMElement("Username", SecurityElementNamespace);
OMElement passwordEl = factory.createOMElement("Password", SecurityElementNamespace);
usernameEl.setText(username);
passwordEl.setText(password);
usernameTokenEl.addChild(usernameEl);
usernameTokenEl.addChild(passwordEl);

SOAPHeaderBlockImpl block = new SOAP11HeaderBlockImpl("Security", SecurityElementNamespace, factory);
block.addChild(usernameTokenEl);

client.addHeader(block);