WS Security - Username token Profile

StackOverflow https://stackoverflow.com/questions/18281495

Question

I have a wsdl file and i am writing a client for that in WAS 8.0

I kept username/password required for the soap request in ApplicationResources.properties.

I am using 'wss-username-token-profile-1.0',

I am unable to find how to implement this.

I need know, how to write the policy.xml and how to use in the Webservice clienr.

Was it helpful?

Solution

The Soap request must contain the appropriate header elements for username token wss profile. Either you can manually create the elements using a Soap handler or SAAJ if youre using Java. In Websphere you can use the feature called "policy sets" to meta program this support with configuration of various policy sets and bindings.

Here is a good article describing how this is done using the configuration approach: http://www.ibm.com/developerworks/websphere/library/techarticles/1103_balakrishnan/1103_balakrishnan.html

Here is a example adding this headers programatically using SAAJ:

public class WssHandler implements SOAPHandler<SOAPMessageContext> {

    private static final Logger cTRACE = Logger.getLogger(WssHandler.class.getName());

    // SOAP
    private static final String cWSSE = "wsse";
    private static final String cURL = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
    private static final String cNODE_SECURITY = "Security";
    private static final String cNODE_USRTOKEN = "UsernameToken";
    private static final String cNODE_USERNAME = "Username";
    private static final String cNODE_PASSWORD = "Password";

    private String iUsername;
    private String iPassword;

    /**
     * Constructor for SOAP handler with specific wss credentials.
     * @param aUsername wss username
     * @param aPassword wss password
     */
    public WssHandler(String username, String passwd) {
        super();
        iUsername = username;
        iPassword = passwd;
    }

    @Override
    public boolean handleMessage(SOAPMessageContext context) {
        if (cTRACE.isLoggable(Level.FINEST)) {
            cTRACE.logp(Level.FINEST,
                    WssHandler.class.getName(),
                    "handleMessage", "add WSS credentials for user "+iUsername);
        }

        try {
            SOAPMessage tMessage = context.getMessage();
            SOAPEnvelope tSoapEnvelope = tMessage.getSOAPPart().getEnvelope();

            // header
            SOAPHeader tHeader = tSoapEnvelope.getHeader();
            if (tHeader==null) {
                // no header yet, create one
                tHeader = tSoapEnvelope.addHeader();
            }

            // security node
            Name tWsseHeaderName = tSoapEnvelope.createName(cNODE_SECURITY, cWSSE, cURL);
            SOAPHeaderElement tSecurityElement = tHeader.addHeaderElement(tWsseHeaderName);
            tSecurityElement.setMustUnderstand(true);

            Name tUserTokenElementName = tSoapEnvelope.createName(cNODE_USRTOKEN, cWSSE, cURL);
            SOAPElement tUserTokenElement = tSecurityElement.addChildElement(tUserTokenElementName);
            tUserTokenElement.removeNamespaceDeclaration(cWSSE);
            tUserTokenElement.addNamespaceDeclaration("wsu", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");

            // user name child
            Name tUsernameElementName = tSoapEnvelope.createName(cNODE_USERNAME, cWSSE, cURL);
            SOAPElement tUsernameElement = tUserTokenElement.addChildElement(tUsernameElementName);
            tUsernameElement.removeNamespaceDeclaration(cWSSE);
            tUsernameElement.addTextNode(iUsername);

            // password child
            Name tPasswordElementName = tSoapEnvelope.createName(cNODE_PASSWORD, cWSSE, cURL);
            SOAPElement tPasswordElement = tUserTokenElement.addChildElement(tPasswordElementName);
            tPasswordElement.removeNamespaceDeclaration(cWSSE);
            tPasswordElement.addTextNode(iPassword);
            tPasswordElement.setAttribute("Type", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText");
        } catch (SOAPException e) {
            if (cTRACE.isLoggable(Level.SEVERE)) {
                cTRACE.logp(Level.SEVERE,
                        WssHandler.class.getName(),
                        "handleMessage", "Unable to add WSS credentials", e);
            }
            // stop processing
            return false;
        }

        // continue processing
        return true;
    }

    @Override
    public boolean handleFault(SOAPMessageContext context) {
        return true;
    }

    @Override
    public void close(MessageContext context) {
        // nothing to do
    }

    @Override
    public Set<QName> getHeaders() {
        return null;
    }

}
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top