Secure WS client with UsernameToken(SOAP security header)
Posted
by
user79163
on Stack Overflow
See other posts from Stack Overflow
or by user79163
Published on 2011-01-04T12:41:01Z
Indexed on
2011/01/04
12:54 UTC
Read the original article
Hit count: 195
Hi,
I'm trying to secure my WS client to be able to call the WS.
My code looks like this:
SendSmsService smsService = new SendSmsService();
SendSms sendSMS = smsService.getSendSms();
BindingProvider stub = (BindingProvider)sendSMS;
//Override endpoint with local copy of wsdl.
String URL ="";//here is the wsdl url
Map<String,Object> requestContext = stub.getRequestContext();
requestContext.put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, URL);
//Set usernametoken
URL fileURL = loader.getResource("client-config.xml");
File file = new File(fileURL.getFile());
FileInputStream clientConfig = null;
try {
clientConfig = new FileInputStream(file);
} catch (FileNotFoundException e) {
e.printStackTrace();
}
XWSSecurityConfiguration config = null;
try {
config = SecurityConfigurationFactory.newXWSSecurityConfiguration(clientConfig);
} catch (Exception e) {
e.printStackTrace();
log.warn("Exception: "+e.getMessage());
}
requestContext.put(XWSSecurityConfiguration.MESSAGE_SECURITY_CONFIGURATION, config);
//Invoke the web service
String requestId = null;
try {
requestId = sendSMS.sendSms(addresses, senderName, charging, message, receiptRequest);
} catch (PolicyException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (ServiceException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
and the config file looks like this:
<xwss:JAXRPCSecurity xmlns:xwss="http://java.sun.com/xml/ns/xwss/config" optimize="true">
<xwss:Service>
<xwss:SecurityConfiguration dumpMessages="true"
xmlns:xwss="http://java.sun.com/xml/ns/xwss/config">
<xwss:UsernameToken name="username" password="password>
</xwss:SecurityConfiguration>
</xwss:Service>
<xwss:SecurityEnvironmentHandler>
util.SecurityEnvironmentHandler
</xwss:SecurityEnvironmentHandler>
</xwss:JAXRPCSecurity>
The SecurityEnviromentHandler is a dummy class that implements javax.security.auth.callback.CallbackHandler.
Authentication must be in compliance with Oasis Web Services Security Username Token Profile 1.0.
But I'm constantly getting "Security header not valid" error.
Where am I going wrong, can anyone tell me.
I used wsimport(JAX_WS 2.1 to generate classes for my client)
Note:Only thing I know about this WS is WSDL URL and user&pass for authentication
© Stack Overflow or respective owner