Hello Masi,
Thank you for the pointer. As the setText() method is encoding the "<" and
">" chars in the SOAP header, I have used the following code to get it
working. Also, as my SAML assertion is being passed as a String, I have to
use the org.apache.axiom.om.impl.llom.util.AXIOMUtil.stringToOM() method to
create the OMElement.
private OMElement createSecurityHeader( String securityAssertion ) throws
Exception
{
OMFactory omFactory = OMAbstractFactory.getOMFactory();
OMNamespace wsseNs = fac.createOMNamespace(
NameSpaceUtils.WSSE_SECURITY_NS, "wsse" );
OMElement wsseSecurityHeaderOM = fac.createOMElement( "Security",
wsseNs );
OMElement omAssertionElement =
AXIOMUtil.stringToOM(securityAssertion);
wsseSecurityHeaderOM.addChild( omAssertionElement );
return wsseSecurityHeaderOM;
}
In the toEnvelope() method of the stub class:
String assertion = getAssertion();
OMElement securityHeaderElement = createSecurityHeader(assertion);
emptyEnvelope.getHeader().addChild(securityHeaderElement);
....
Now I do not see the "<" and ">" chars being encoded in the Security header
block. So far so good.
Thanks,
Seshi Patibanda
On Thu, Jan 29, 2009 at 4:51 PM, Massimiliano Masi <m...@math.unifi.it>wrote:
> Seshi,
>
> I think you don't have to use the setText.
>
> I was using something like:
>
> /**
> * Create a new fresh security header with WSSE 1.1 and Security as
> localName
> * @param securityAssertion
> * @return
> * @throws Exception
> */
> private Element createSecurityHeader( Element securityAssertion ) throws
> Exception
> {
> OMFactory fac = OMAbstractFactory.getOMFactory();
> OMNamespace wsseNs = fac.createOMNamespace(
> NameSpaceUtils.WSSE_SECURITY_NS, "wsse" );
> OMElement wsseSecurityHeaderOM = fac.createOMElement( "Security",
> wsseNs );
> OMElement securityAssertionOM = XMLUtils.toOM( securityAssertion );
> wsseSecurityHeaderOM.addChild( securityAssertionOM );
> return XMLUtils.toDOM( wsseSecurityHeaderOM );
> }
>
>
> But it's not clean and correct. Simply use the addChild method.
>
> I'm searching on how to produce a SecurityPolicy for including it.
>
>
> Quoting Seshi Patibanda <seshi...@gmail.com>:
>
> All,
>>
>> For those who are interested, I have found a way to include the "obtained"
>> SAML token in the created Security header (<wsse:Security>) of the SOAP
>> message.
>>
>> Used Axis2 AXIOM API methods to insert the Security header with the
>> correct
>> namespace. Upon creating the security header , we just need to add the
>> obtained SAML token.
>>
>> Importantly, this approach will completely BYPASS Rampart module
>> engagement
>> with Axis2 client.
>>
>> Attached is the code snippet that goes in to the WSDL2Java generated stub
>> class method toEnvelope(org.apache.axiom.soap.SOAPFactory factory, .. ,
>> ...).
>> =======================================================
>> try {
>>
>> //get SAML assertion token
>> String assertion = getAssertion();
>>
>> org.apache.axiom.soap.SOAPEnvelope emptyEnvelope =
>> factory.getDefaultEnvelope();
>>
>> OMNamespace ns = factory.createOMNamespace(
>>
>> http://docs.oasis-open.org/wss/2004/01/oasis-2000401-wss-wssecurity-secext-1.0.xsd
>> ,
>> "wsse");
>>
>> org.apache.axiom.soap.SOAPHeaderBlock soapHeaderBlock =
>> factory.createSOAPHeaderBlock("Security", ns);
>>
>> //set the SAML assertion token in the SOAP Header block
>> soapHeaderBlock.setText(assertion);
>>
>> //add the Header block to the header
>> emptyEnvelope.getHeader().addChild(soapHeaderBlock);
>>
>> //add the relevant body to the envelope
>> emptyEnvelope.getBody().addChild(...);
>>
>> return emptyEnvelope;
>>
>> } catch (org.apache.axis2.databinding.ADBException e) {
>> throw org.apache.axis2.AxisFault.makeFault(e);
>> }
>>
>>
>> As a result, we will get the following SOAP header message:
>>
>> <soapenv:Header>
>> <wsse:Security xmlns:wsse="
>>
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
>> ">
>> <Assertion ...>....</Assertion>
>> </wsse:Security>
>> </soapenv:Header>
>>
>> ============================================================
>>
>> DISCLAIMER: When the SOAP message was intercepted (by setting
>> log4j.logger.httpclient.wire.header = DEBUG in the log4j.properties file),
>> found out that the "<" and ">" chars of the Assertion string was being
>> encoded to the corresponding "<" and ">".
>>
>> If anyone has suggestions to pass the Assertion string correctly (without
>> encoding), please share your thoughts...
>>
>> Thanks,
>>
>> Seshi Patibanda
>>
>>
>>
>>
>>
>>
>>
>> On Tue, Jan 27, 2009 at 12:21 PM, Seshi Patibanda <seshi...@gmail.com
>> >wrote:
>>
>> Hello all,
>>>
>>> As per the thread seen on markmail.org (
>>> http://markmail.org/thread/iq4j6x7g247wi75x), there was an update from
>>> Ruchith Fernando dated Nov 4, 2007 about the ways to include the obtained
>>> SAML token in the Security header.
>>>
>>> First option was given as:
>>>
>>> " By creating a wsse:Securityheader element and adding the token element
>>> into the header. Rampart processing down the line will re-use this
>>> header. "
>>>
>>> Could anyone please expand on how to implement this option using Apache
>>> Rampart 1.4?
>>>
>>> At my end, I have problems inserting an obtained SAML token in the
>>> Security
>>> header of my SOAP request. I have sent an email to
>>> axis-u...@ws.apache.orgmailing list requesting feedback but haven't
>>> received any yet. All I need to
>>> do is just pass the retrieved SAML token to the remote web service
>>> (SSL-enabled) via SOAP header in the request.
>>>
>>>
>>> My configuration:
>>> Deployed Apache Rampart 1.4 module correctly as per the samples. Using
>>> Axis2 1.4 client and stubs generated by WSDL2Java tool. Based on my
>>> configuration, would policy based approach work? If so, does anyone have
>>> any
>>> sample Transport-level security policies to implement the SAML passing?
>>>
>>> Any feedback/suggestion is highly appreciated.
>>>
>>> Thanks,
>>>
>>> Seshi Patibanda
>>> seshi...@gmail.com
>>>
>>>
>>>
>>
>
>
> ----------------------------------------------------------------
> This message was sent using IMP, the Internet Messaging Program.
>
>
>
