Re: Order of SOAPHeader and SOAPBody
Thanks again, Xinjun. Very valuable hint. I used the WSS4J tutorial (http://ws.apache.org/wss4j/axis.html ) and example page ( http://ws.apache.org/wss4j/package.html ), but I could not get the client working. After I configured the WSDoAllReceiver, it requires the credentials. OK! But I changed my client to add the UsernameToken, but it does not add it to the SOAP request. My code is like this: MyServiceLocator serv = new MyServiceLocator(); MyService port = serv.getMyService(); Stub stub = (Stub) port; stub._setProperty(UsernameToken.PASSWORD_TYPE, WSConstants.PASSWORD_TEXT); stub._setProperty(WSHandlerConstants.USER, werner); stub._setProperty(WSHandlerConstants.PW_CALLBACK_REF, new PWCallback()); port.myMethod( someParam ); The SOAP is still the same, with no UsernameToken. What I am doing worng?? Thanks On 4/6/06, Xinjun Chen [EMAIL PROTECTED] wrote: Hi Daniel,To be specific, I tried wss4j using the Axis 1.3 library. Thefollowing article may be useful to you. http://www.devx.com/Java/Article/28816/0/page/1The author uses Axis 1.x library.Regards,Xinjun
Re: Order of SOAPHeader and SOAPBody
But if Iconfigure the client_deploy.wsdd and use it like this: EngineConfiguration config = new FileProvider(client_deploy.wsdd);StockQuoteServiceService locator = new StockQuoteServiceServiceLocator(config); It works! Programmatically it does NOT work... very strange! My Web Service client runs in Oracle (PL/SQL) or other technology other than Java, so encoding the password will a problem for them, right? What should I do (adopt) to easy my client´s usage? ps: using Axis 1.3. Thanks Daniel On 4/7/06, Daniel Destro [EMAIL PROTECTED] wrote: Thanks again, Xinjun. Very valuable hint. I used the WSS4J tutorial (http://ws.apache.org/wss4j/axis.html ) and example page ( http://ws.apache.org/wss4j/package.html ), but I could not get the client working. After I configured the WSDoAllReceiver, it requires the credentials. OK! But I changed my client to add the UsernameToken, but it does not add it to the SOAP request. My code is like this: MyServiceLocator serv = new MyServiceLocator(); MyService port = serv.getMyService(); Stub stub = (Stub) port; stub._setProperty(UsernameToken.PASSWORD_TYPE, WSConstants.PASSWORD_TEXT); stub._setProperty(WSHandlerConstants.USER, werner); stub._setProperty(WSHandlerConstants.PW_CALLBACK_REF, new PWCallback()); port.myMethod( someParam ); The SOAP is still the same, with no UsernameToken. What I am doing worng?? Thanks On 4/6/06, Xinjun Chen [EMAIL PROTECTED] wrote: Hi Daniel, To be specific, I tried wss4j using the Axis 1.3 library. Thefollowing article may be useful to you. http://www.devx.com/Java/Article/28816/0/page/1The author uses Axis 1.x library.Regards,Xinjun
Re: Order of SOAPHeader and SOAPBody
Hi Xinjun,Thanks.I've just realized that u're using Axis2. I am using Axis 1.3 yet.Can I use wss4j with Axis 1.3?Where are u from?Thanks againDaniel - Brasil On 4/5/06, Xinjun Chen [EMAIL PROTECTED] wrote: Hi Daniel,I take advantage of WSS4J to add UsernameToken to the SOAPEnvelope.Some sample codes:Document domDoc = Axis2Util.getDocumentFromSOAPEnvelope(envelope);// Add the UserNameToken.WSSAddUsernameToken builder = new WSSAddUsernameToken(, false); if (token.isDigested()) {builder.setPasswordType(WSConstants.PASSWORD_DIGEST);} else {builder.setPasswordType(WSConstants.PASSWORD_TEXT);}builder.build(domDoc, token.getUsername (), token.getPassword());Element header = (Element)(domDoc.getElementsByTagName(SOAP-ENV:Header).item(0));//SOAPHeader header = Axis2Util.getSOAPFactory(envelope);//SOAPFactory factory = Axis2Util.getSOAPFactory (envelope);OMElement headerElm = (OMElement) (Axis2Util.toOM(header));envelope.getBody().insertSiblingBefore(headerElm);These are only some experimental codes.I assume the SOAPEnvelope has been constructed. What these code snippet is more of a handler. There may be other ways to do it. AsRuchith said, you can also take advantage of Axis2 security module.Regards,XinjunOn 4/6/06, Daniel Destro [EMAIL PROTECTED] wrote: Hi Xinjun, As I can see you are trying to add some Security to your Web Services, right? Are you doing a User Authentication / Authorization using this UsernameToken? I need to do that! How do add UsernameToken into to the SOAP request and how do u read / validate UsernameToken from the SOAP request (server-side) ??? Thanks Daniel
Re: Order of SOAPHeader and SOAPBody
Hi Daniel, Yes, you can use wss4j with Axis 1.3. I tried that before. Regards, Xinjun On 4/7/06, Daniel Destro [EMAIL PROTECTED] wrote: Hi Xinjun, Thanks. I've just realized that u're using Axis2. I am using Axis 1.3 yet. Can I use wss4j with Axis 1.3? Where are u from? Thanks again Daniel - Brasil On 4/5/06, Xinjun Chen [EMAIL PROTECTED] wrote: Hi Daniel, I take advantage of WSS4J to add UsernameToken to the SOAPEnvelope. Some sample codes: Document domDoc = Axis2Util.getDocumentFromSOAPEnvelope(envelope); // Add the UserNameToken. WSSAddUsernameToken builder = new WSSAddUsernameToken(, false); if (token.isDigested()) { builder.setPasswordType(WSConstants.PASSWORD_DIGEST); } else { builder.setPasswordType(WSConstants.PASSWORD_TEXT); } builder.build(domDoc, token.getUsername (), token.getPassword()); Element header = (Element) (domDoc.getElementsByTagName(SOAP-ENV:Header).item(0)); //SOAPHeader header = Axis2Util.getSOAPFactory(envelope); //SOAPFactory factory = Axis2Util.getSOAPFactory (envelope); OMElement headerElm = (OMElement) (Axis2Util.toOM(header)); envelope.getBody().insertSiblingBefore(headerElm); These are only some experimental codes. I assume the SOAPEnvelope has been constructed. What these code snippet is more of a handler. There may be other ways to do it. As Ruchith said, you can also take advantage of Axis2 security module. Regards, Xinjun On 4/6/06, Daniel Destro [EMAIL PROTECTED] wrote: Hi Xinjun, As I can see you are trying to add some Security to your Web Services, right? Are you doing a User Authentication / Authorization using this UsernameToken? I need to do that! How do add UsernameToken into to the SOAP request and how do u read / validate UsernameToken from the SOAP request (server-side) ??? Thanks Daniel
Re: Order of SOAPHeader and SOAPBody
Hi Daniel, To be specific, I tried wss4j using the Axis 1.3 library. The following article may be useful to you. http://www.devx.com/Java/Article/28816/0/page/1 The author uses Axis 1.x library. Regards, Xinjun On 4/7/06, Xinjun Chen [EMAIL PROTECTED] wrote: Hi Daniel, Yes, you can use wss4j with Axis 1.3. I tried that before. Regards, Xinjun On 4/7/06, Daniel Destro [EMAIL PROTECTED] wrote: Hi Xinjun, Thanks. I've just realized that u're using Axis2. I am using Axis 1.3 yet. Can I use wss4j with Axis 1.3? Where are u from? Thanks again Daniel - Brasil On 4/5/06, Xinjun Chen [EMAIL PROTECTED] wrote: Hi Daniel, I take advantage of WSS4J to add UsernameToken to the SOAPEnvelope. Some sample codes: Document domDoc = Axis2Util.getDocumentFromSOAPEnvelope(envelope); // Add the UserNameToken. WSSAddUsernameToken builder = new WSSAddUsernameToken(, false); if (token.isDigested()) { builder.setPasswordType(WSConstants.PASSWORD_DIGEST); } else { builder.setPasswordType(WSConstants.PASSWORD_TEXT); } builder.build(domDoc, token.getUsername (), token.getPassword()); Element header = (Element) (domDoc.getElementsByTagName(SOAP-ENV:Header).item(0)); //SOAPHeader header = Axis2Util.getSOAPFactory(envelope); //SOAPFactory factory = Axis2Util.getSOAPFactory (envelope); OMElement headerElm = (OMElement) (Axis2Util.toOM(header)); envelope.getBody().insertSiblingBefore(headerElm); These are only some experimental codes. I assume the SOAPEnvelope has been constructed. What these code snippet is more of a handler. There may be other ways to do it. As Ruchith said, you can also take advantage of Axis2 security module. Regards, Xinjun On 4/6/06, Daniel Destro [EMAIL PROTECTED] wrote: Hi Xinjun, As I can see you are trying to add some Security to your Web Services, right? Are you doing a User Authentication / Authorization using this UsernameToken? I need to do that! How do add UsernameToken into to the SOAP request and how do u read / validate UsernameToken from the SOAP request (server-side) ??? Thanks Daniel
Re: Order of SOAPHeader and SOAPBody
Hi Xinjun, There was a known bug in SOAPEnvelope, which is the same pointed out also. I fixed it and now you can add SOAPHeader now to SOAPEnvelope and that will be added properly now. -- Chinthaka Xinjun Chen wrote: I found a walk-around. envelope.getBody().insertSiblingBefore(headerElm); This will add the header OMElement into the envelope. However, the Header added is only considered as a child element of envelope, not a SOAPHeader. Thus if I call envelope.getHeader(), I will get exception. Regards, Xinjun On 4/5/06, Xinjun Chen [EMAIL PROTECTED] wrote: I am using the following function to add UsernameToken to my security header. But the processed envelope get some problems. 1. The Header is placed after the body. How can I insert SOAPHeader before SOAPBody? 2. The security header defines the xmlns:xsd and xmlns:xsi again, which have already been defined in SOAP-ENV:Envelope. Could you give me some advice on how to solve the above two problems? Attached: 1) The function used for adding username token to the envelope: public void addUsernameTokens(UsernameToken token, final SOAPEnvelope envelope) throws Exception { Document domDoc = Axis2Util.getDocumentFromSOAPEnvelope(envelope); WSSAddUsernameToken builder = new WSSAddUsernameToken(, false); if (token.isDigested()) { builder.setPasswordType(WSConstants.PASSWORD_DIGEST); } else { builder.setPasswordTyp(WSConstants.PASSWORD_TEXT); } builder.build(domDoc, token.getUsername(), token.getPassword()); Element header = (Element) (domDoc.getElementsByTagName(wsse:Security).item(0)); OMElement headerElm = (OMElement) (Axis2Util.toOM(header)); SOAPFactory factory = Axis2Util.getSOAPFactory(envelope); factory.createSOAPHeader(envelope); envelope.getHeader().addChild(headerElm); } 2): The original soap envelope: ?xml version='1.0' encoding='utf-8'?SOAP-ENV:Envelope xmlns:SOAP-ENV=http://www.w3.org/2003/05/soap-envelope; xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance; xmlns:xsd=http://www.w3.org/2001/XMLSchema; SOAP-ENV:Body sayHello xmlns=http://services/helloworld; valueHello world!/value /sayHello /SOAP-ENV:Body /SOAP-ENV:Envelope 3): The processed soap envelope: ?xml version='1.0' encoding='utf-8'?SOAP-ENV:Envelope xmlns:SOAP-ENV=http://www.w3.org/2003/05/soap-envelope; xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance; xmlns:xsd=http://www.w3.org/2001/XMLSchema; SOAP-ENV:Body sayHello xmlns=http://services/helloworld; valueHello world!/value /sayHello /SOAP-ENV:Body SOAP-ENV:Headerwsse:Security xmlns:wsse=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd; xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance; xmlns:xsd=http://www.w3.org/2001/XMLSchema; wsse:UsernameTokenwsse:Usernamexinjun/wsse:Usernamewsse:Password Type=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText;password/wsse:Password/wsse:UsernameToken/wsse:Security/SOAP-ENV:Header/SOAP-ENV:Envelope signature.asc Description: OpenPGP digital signature
Re: Order of SOAPHeader and SOAPBody
Hi Xinjun,As I can see you are trying to add some Security to your Web Services, right?Are you doing a User Authentication / Authorization using this UsernameToken?I need to do that!How do add UsernameToken into to the SOAP request and how do u read / validate UsernameToken from the SOAP request (server-side) ??? ThanksDaniel
Re: Order of SOAPHeader and SOAPBody
Hi, If you are using Axis2 you can use the Axis2 security module [1] to do this. Please see this simple how-to [2] document and try it out. Example: client's configured axis2.xml file - [3] the service's services.xml file - [4] Thanks, Ruchith [1] http://www.apache.org/dyn/mirrors/mirrors.cgi/ws/axis2/modules/wss4j/0_95/security-0.95.mar [2] http://ws.apache.org/axis2/0_95/security-module.html [3] https://svn.apache.org/repos/asf/webservices/axis2/trunk/java/modules/integration/test-resources/security/s1.client.axis2.xml [4] https://svn.apache.org/repos/asf/webservices/axis2/trunk/java/modules/integration/test-resources/security/s1.service.xml On 4/5/06, Daniel Destro [EMAIL PROTECTED] wrote: Hi Xinjun, As I can see you are trying to add some Security to your Web Services, right? Are you doing a User Authentication / Authorization using this UsernameToken? I need to do that! How do add UsernameToken into to the SOAP request and how do u read / validate UsernameToken from the SOAP request (server-side) ??? Thanks Daniel
Re: Order of SOAPHeader and SOAPBody
Hi Eran, Thank you! Did you fix the bug in Axis2 0.94 or 0.95? I am using Axis2 0.94. Must I upgrade to 0.95? Regards, Xinjun On 4/6/06, Eran Chinthaka [EMAIL PROTECTED] wrote: Hi Xinjun, There was a known bug in SOAPEnvelope, which is the same pointed out also. I fixed it and now you can add SOAPHeader now to SOAPEnvelope and that will be added properly now. -- Chinthaka Xinjun Chen wrote: I found a walk-around. envelope.getBody().insertSiblingBefore(headerElm); This will add the header OMElement into the envelope. However, the Header added is only considered as a child element of envelope, not a SOAPHeader. Thus if I call envelope.getHeader(), I will get exception. Regards, Xinjun On 4/5/06, Xinjun Chen [EMAIL PROTECTED] wrote: I am using the following function to add UsernameToken to my security header. But the processed envelope get some problems. 1. The Header is placed after the body. How can I insert SOAPHeader before SOAPBody? 2. The security header defines the xmlns:xsd and xmlns:xsi again, which have already been defined in SOAP-ENV:Envelope. Could you give me some advice on how to solve the above two problems? Attached: 1) The function used for adding username token to the envelope: public void addUsernameTokens(UsernameToken token, final SOAPEnvelope envelope) throws Exception { Document domDoc = Axis2Util.getDocumentFromSOAPEnvelope(envelope); WSSAddUsernameToken builder = new WSSAddUsernameToken(, false); if (token.isDigested()) { builder.setPasswordType(WSConstants.PASSWORD_DIGEST); } else { builder.setPasswordTyp(WSConstants.PASSWORD_TEXT); } builder.build(domDoc, token.getUsername(), token.getPassword()); Element header = (Element) (domDoc.getElementsByTagName(wsse:Security).item(0)); OMElement headerElm = (OMElement) (Axis2Util.toOM(header)); SOAPFactory factory = Axis2Util.getSOAPFactory(envelope); factory.createSOAPHeader(envelope); envelope.getHeader().addChild(headerElm); } 2): The original soap envelope: ?xml version='1.0' encoding='utf-8'?SOAP-ENV:Envelope xmlns:SOAP-ENV=http://www.w3.org/2003/05/soap-envelope; xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance; xmlns:xsd=http://www.w3.org/2001/XMLSchema; SOAP-ENV:Body sayHello xmlns=http://services/helloworld; valueHello world!/value /sayHello /SOAP-ENV:Body /SOAP-ENV:Envelope 3): The processed soap envelope: ?xml version='1.0' encoding='utf-8'?SOAP-ENV:Envelope xmlns:SOAP-ENV=http://www.w3.org/2003/05/soap-envelope; xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance; xmlns:xsd=http://www.w3.org/2001/XMLSchema; SOAP-ENV:Body sayHello xmlns=http://services/helloworld; valueHello world!/value /sayHello /SOAP-ENV:Body SOAP-ENV:Headerwsse:Security xmlns:wsse=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd; xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance; xmlns:xsd=http://www.w3.org/2001/XMLSchema; wsse:UsernameTokenwsse:Usernamexinjun/wsse:Usernamewsse:Password Type=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText;password/wsse:Password/wsse:UsernameToken/wsse:Security/SOAP-ENV:Header/SOAP-ENV:Envelope
Order of SOAPHeader and SOAPBody
I am using the following function to add UsernameToken to my security header. But the processed envelope get some problems. 1. The Header is placed after the body. How can I insert SOAPHeader before SOAPBody? 2. The security header defines the xmlns:xsd and xmlns:xsi again, which have already been defined in SOAP-ENV:Envelope. Could you give me some advice on how to solve the above two problems? Attached: 1) The function used for adding username token to the envelope: public void addUsernameTokens(UsernameToken token, final SOAPEnvelope envelope) throws Exception { Document domDoc = Axis2Util.getDocumentFromSOAPEnvelope(envelope); WSSAddUsernameToken builder = new WSSAddUsernameToken(, false); if (token.isDigested()) { builder.setPasswordType(WSConstants.PASSWORD_DIGEST); } else { builder.setPasswordTyp(WSConstants.PASSWORD_TEXT); } builder.build(domDoc, token.getUsername(), token.getPassword()); Element header = (Element) (domDoc.getElementsByTagName(wsse:Security).item(0)); OMElement headerElm = (OMElement) (Axis2Util.toOM(header)); SOAPFactory factory = Axis2Util.getSOAPFactory(envelope); factory.createSOAPHeader(envelope); envelope.getHeader().addChild(headerElm); } 2): The original soap envelope: ?xml version='1.0' encoding='utf-8'?SOAP-ENV:Envelope xmlns:SOAP-ENV=http://www.w3.org/2003/05/soap-envelope; xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance; xmlns:xsd=http://www.w3.org/2001/XMLSchema; SOAP-ENV:Body sayHello xmlns=http://services/helloworld; valueHello world!/value /sayHello /SOAP-ENV:Body /SOAP-ENV:Envelope 3): The processed soap envelope: ?xml version='1.0' encoding='utf-8'?SOAP-ENV:Envelope xmlns:SOAP-ENV=http://www.w3.org/2003/05/soap-envelope; xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance; xmlns:xsd=http://www.w3.org/2001/XMLSchema; SOAP-ENV:Body sayHello xmlns=http://services/helloworld; valueHello world!/value /sayHello /SOAP-ENV:Body SOAP-ENV:Headerwsse:Security xmlns:wsse=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd; xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance; xmlns:xsd=http://www.w3.org/2001/XMLSchema; wsse:UsernameTokenwsse:Usernamexinjun/wsse:Usernamewsse:Password Type=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText;password/wsse:Password/wsse:UsernameToken/wsse:Security/SOAP-ENV:Header/SOAP-ENV:Envelope