Have Geek Brain

Accessing username / password from a web service (JAX-WS)?

We will implement a web service that will act as an intermediate layer between clients and another application. Our web service requirement is that we need to send the username and password in the SOAP header using standard WS-Security.

The web service implementation has to take the information passed through the method call and combine it with the username and password to invoke another application, and this is where my problem begins.

I cannot find an easy way to get the username and password from the SOAP header in my web service implementation. I can navigate to the user (username) via the embedded WebServiceContext, but I don't see an easy way to get the password.

I can get the SOAPHeader and possibly parse the XML to get the password element, but that seems like a very messy way to solve this problem.

I am not as knowledgeable about JAX-WS and WS-Security as I would like to be. I hope I'm missing something obvious to someone else - maybe I need to implement some kind of handler?

+2


a source to share


1 answer


The easiest way is to deduce the username and password from the SOAP header by specifying it as a parameter to your JAX-WS method:

@WebMethod
public String performAction( @WebParam(name="credentials", header=true)
                             Credentials credentials,
                             @WebParam( name="...")....

You can also create SOAPHandler:



public class AuthenticationHandler implements SOAPHandler<SOAPMessageContext>
{
    //Implement appropriate methods here
}

This is registered in the standard jaxws-endpoint-config.xml:

<jaxws-config xmlns="urn:jboss:jaxws-config:2.0" 
              xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
              xmlns:javaee="http://java.sun.com/xml/ns/javaee"
              xsi:schemaLocation="urn:jboss:jaxws-config:2.0 jaxws-config_2_0.xsd">
   <endpoint-config>
      <config-name>WebService Endpoint</config-name>
      <pre-handler-chains>
         <javaee:handler-chain>
            <javaee:protocol-bindings>##SOAP11_HTTP</javaee:protocol-bindings>
            <javaee:handler>
                <javaee:handler-name>AuthHandler</javaee:handler-name>
                <javaee:handler-class>com.example.AuthenticationHandler</javaee:handler-class>
            </javaee:handler>
         </javaee:handler-chain>
      </pre-handler-chains>
   </endpoint-config>
</jaxws-config>
+2


a source






More articles:


All Articles