UserName Token In JAXWS WebService
Client Example:
jax-ws security client creation steps:
1.we need to create callback implementation class .it's
called each soap request and it attach username and password to request
public class ClientPasswordCallback implements
CallbackHandler {
public void
handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
for
(int i = 0; i < callbacks.length; i++) {
WSPasswordCallback
pc = (WSPasswordCallback) callbacks[i];
if
(pc.getUsage() == WSPasswordCallback.USERNAME_TOKEN) {
//you
can source the username and password from
//other
sources like login context, LDAP, DB etc
pc.setIdentifier("username");
pc.setPassword("password");
//we need get username and password from session
}
}
}
}
jax-ws security client creation steps:
public class ClientPasswordCallback implements
CallbackHandler {
public void
handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
for
(int i = 0; i < callbacks.length; i++) {
WSPasswordCallback
pc = (WSPasswordCallback) callbacks[i];
if (pc.getUsage() == WSPasswordCallback.USERNAME_TOKEN) {
//you can source the username and password from
//other
sources like login context, LDAP, DB etc
pc.setIdentifier("username");
pc.setPassword("password");
//we need get username and password from session
}
}
}
}
2.we need to create logging interceptors in
configuration file
<bean id="logInBound" class="org.apache.cxf.interceptor.LoggingInInterceptor" /><bean id="logOutBound" class="org.apache.cxf.interceptor.LoggingOutInterceptor" />
3.we need to create inbound outbound-security bean we need to set properties password type and action and mainly our callback implementation class.
<bean class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor"
<constructor-arg>
<map>
<entry key="action" value="UsernameToken" />
<entry key="user" value="dummy" />
<entry key="passwordType" value="PasswordText"/>
<entry key="passwordCallbackClass" value="client.ClientPasswordCallback" />
</constructor-arg>
</bean>
4.we need to configure interceptors for services interfaces (which request need username and password in soap header).Here adderss means url of the wsdl file by removing .wsdl extenstion from wsdl url
<jaxws:client id="helloClient" serviceClass="com.iton.jaxws.JaxswsInter" address="http://localhost:8022/Jaxws/jaxsws"><jaxws:inInterceptors>
<ref bean="logInBound" />
</jaxws:inInterceptors>
<jaxws:outInterceptors>
<ref bean="logOutBound" />
<ref bean="outbound-security" />
</jaxws:outInterceptors>
</jaxws:client>
sample soap request::::
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" soap:mustUnderstand="1">
<wsse:UsernameToken wsu:Id="UsernameToken-1">
<wsse:Username>rama</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">wQJX0JNIWZ1yq9O0tbz2GQ==</wsse:Password></wsse:UsernameToken>
</wsse:Security>
</soap:Header>
<soap:Body>
<ns2:getPropertySets xmlns:ns2="http://jaxws.iton.com/">
<arg0>images</arg0>
</ns2:getPropertySets>
</soap:Body>
</soap:Envelope>
Maven dependecy:::
0 comments: