'Adding username and password to soap header in Java by using PasswordText Type and axis2

I want to add username and password to soap header in java by using PasswordText Type and axis2.

Code snippet I use

public static void WSSPasswordAuthentication(org.apache.axis2.client.ServiceClient client, String endPointUrl, String username, String password) throws CSException{

    OMFactory omFactory = OMAbstractFactory.getOMFactory();
    OMElement omSecurityElement = omFactory.createOMElement(new QName( "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "Security", "wsse"), null);


    OMElement omusertoken = omFactory.createOMElement(new QName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "UsernameToken","wsse"), null);

    OMElement omuserName = omFactory.createOMElement(new QName("", "Username", "wsse"), null);
    omuserName.setText(username);

    OMElement omPassword = omFactory.createOMElement(new QName("", "Password", "wsse"), null);
    omPassword.addAttribute("Type","http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText",null );
    omPassword.setText(password);

    omusertoken.addChild(omuserName);
    omusertoken.addChild(omPassword);
    omSecurityElement.addChild(omusertoken);

    client.addHeader(omSecurityElement);

}

And resultant header : <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><wsu:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><Username>erapor</Username><Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">erapor</Password></wsu:UsernameToken></wsse:Security>

But

The header I want : <soapenv:Header><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><wsse:Username>erapor</wsse:Username><wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">erapor</wsse:Password></wsse:UsernameToken></wsse:Security></soapenv:Header>

Otherwise I couldn't use the header

How can I modify?



Solution 1:[1]

You can use plain JAXWS if you have an option to resolve this instead of using AXIS2 on the client side. This is generic and easy to add these kind of security headers.

In your JDK 6.0 HOME (This example works only from JDK 6.0 and above)

jdk1.6.0_26\bin\wsimport is an utility available

You can create the stub using the wsimport utility

wsimport -keep -verbose http://localhost:8080/<WebserviceName>/services/<WebserviceName>?wsdl

Create a message handler MessageHandler.java

package com.secure.client;

import java.util.Set;

import javax.xml.namespace.QName;
import javax.xml.soap.SOAPElement;
import javax.xml.soap.SOAPEnvelope;
import javax.xml.soap.SOAPHeader;
import javax.xml.ws.WebServiceException;
import javax.xml.ws.handler.MessageContext;
import javax.xml.ws.handler.soap.SOAPHandler;
import javax.xml.ws.handler.soap.SOAPMessageContext;

public class MessageHandler implements SOAPHandler<SOAPMessageContext>{

    @Override
    public void close(MessageContext arg0) {
        // TODO Auto-generated method stub

    }


    @Override
    public Set getHeaders() {
        // TODO Auto-generated method stub
        return null;
    }

    @Override
    public boolean handleFault(SOAPMessageContext context) {
        // TODO Auto-generated method stub
        return false;
    }

    @Override
    public boolean handleMessage(SOAPMessageContext soapMessageContext) {
        try {

              boolean outMessageIndicator = (Boolean) soapMessageContext
                                            .get(MessageContext.MESSAGE_OUTBOUND_PROPERTY);
              if (outMessageIndicator) {

                  SOAPEnvelope envelope = soapMessageContext.getMessage().getSOAPPart().getEnvelope();

                  SOAPHeader header = envelope.addHeader();

                  SOAPElement security = header.addChildElement("Security", "wsse", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");

                  SOAPElement usernameToken = security.addChildElement("UsernameToken", "wsse");
                  usernameToken.addAttribute(new QName("xmlns:wsu"), "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");

                  SOAPElement username = usernameToken.addChildElement("Username", "wsse");
                  username.addTextNode("wsuser");

                  SOAPElement password = usernameToken.addChildElement("Password", "wsse");
                  password.setAttribute("Type", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText");
                  password.addTextNode("wspwd");

             }

       } catch (Exception ex) {
         throw new WebServiceException(ex);
       }
       return true;
    }



}

Create HeaderHandlerResolver.java

package com.secure.client;

import java.util.ArrayList;
import java.util.List;
import javax.xml.ws.handler.Handler;
import javax.xml.ws.handler.HandlerResolver;
import javax.xml.ws.handler.PortInfo;

public class HeaderHandlerResolver implements HandlerResolver {

@SuppressWarnings("unchecked")
public List<Handler> getHandlerChain(PortInfo portInfo) {
      List<Handler> handlerChain = new ArrayList<Handler>();
      MessageHandler hh = new MessageHandler();
      handlerChain.add(hh);
      return handlerChain;
   }
}

You can create the client code using stub

Client.java

import javax.xml.ws.BindingProvider;

import com.secure.HelloService;
import com.secure.HelloServiceException;
import com.secure.HelloServicePortType;

public class Client {

    public static void main(String[] args) {

        HelloService service = new HelloService();

        service.setHandlerResolver(new HeaderHandlerResolver());

        HelloServicePortType port = service.getHelloServiceHttpSoap11Endpoint();

        // Use the BindingProvider's context to set the endpoint
        BindingProvider bp = (BindingProvider)port;
        bp.getRequestContext().put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, "http://localhost:8080/<WebserviceName>/services/<WebserviceName>");



        System.out.println(port.getVersion());

        try {

            System.out.println(port.getHello("Zack"));

        } catch (HelloServiceException e) {
            e.printStackTrace();
        }

    }

}

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Zack Dawood