programmatically setting usernametoken in wssecurity soap header

Tue, 27 Jan 2009 10:28:55 -0800 

Hi,

  My application requires that I programmatically set a username and
password into the ws-security standard locations in the soap header. Note
that I do not want to configure Rampart athentication because authentication
logic will be fully proprietery in the server.
    I intend to just retrieve the usename/password from soap header
programmtically from server and then authenticate myself.

What is the best way to do this?

I think i can do this using the code below. which will go into an outflow
handler.
Question now, is how to programmatically add an outflow handler.:

mport org.apache.axis.AxisFault;
import org.apache.axis.Message;
import org.apache.axis.MessageContext;
import org.apache.axis.handlers.BasicHandler;
import org.apache.axis.message.SOAPEnvelope;
import org.apache.axis.message.SOAPHeaderElement;
import org.apache.axis.session.Session;
import  org.apache.axis.transport.http.HTTPConstants;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.message.WSSecHeader;
import org.apache.ws.security.message.WSSecUsernameToken;
import org.w3c.dom.Document;

public class RequestHandler extends BasicHandler {

    public void invoke(MessageContext messageContext) throws AxisFault {
        MessageContext currContext = messageContext.getCurrentContext();
        Message message = currContext .getRequestMessage();
        SOAPEnvelope envelope = message.getSOAPEnvelope();
       
        try {
            Document doc = envelope.getAsDocument();
            WSSecHeader secHeader = new  WSSecHeader("",false);
            secHeader.insertSecurityHeader(doc);

            String username = "user1";
            String password = "password";
           
            WSSecUsernameToken builder = new WSSecUsernameToken();
            builder.setPasswordType(WSConstants.PASSWORD_TEXT);
            builder.setUserInfo(username, password);
            builder.prepare(doc);
            builder.appendToHeader(secHeader);
             
            envelope.addHeader(new
SOAPHeaderElement(secHeader.getSecurityHeader()));            
           
        } catch (Exception e) {
            // TODO Auto-generated catch block
            e.printStackTrace();
        }        
    }
}

  
-- 
View this message in context: 
http://www.nabble.com/programmatically-setting-usernametoken-in-wssecurity-soap-header-tp21691356p21691356.html
Sent from the WSS4J mailing list archive at Nabble.com.


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to