How to authenticate soap security wap header with jaxws on tomcat server

I developed a simple web service with JAX-WS RT and deployed it to a Tomcat 6 server. I need to authenticate calls to my web service using ws-security in the SOAP header.

My approach was to use a chain handler to extract the username and password in the soap header and authenticate in my code. This is the right approach or not, and if not, what is the right approach for?

Using soapUI I sent via the following header

 <soapenv:Header> 
  <wsse:Security soapenv:mustUnderstand="1" 
  xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">  
     <wsse:UsernameToken> 
        <wsse:Username>test</wsse:Username> 
        <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">test</wsse:Password> 
     </wsse:UsernameToken> 
  </wsse:Security> 

      

with this header i am getting the following error

  <S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/">
  <S:Body>
  <SOAP-ENV:Fault xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
     <faultstring>MustUnderstand headers:[{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security] are not understood</faultstring>
     <faultcode>SOAP-ENV:MustUnderstand</faultcode>
  </SOAP-ENV:Fault>

      

Using JAX-WS rt how to configure my web service to accept this type of header and authentication.

+3


source to share


1 answer


Using chain handlers is one way to handle ws-security headers, it's just a lower level approach compared to frameworks like rampart (although those frameworks usually just implement these handlers for you). If you are writing your own message handler, you must override

Set<QName> getHeaders()

      

to announce which headers you understand. In this case, return a set containing



QName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "Security")

      

to avoid the "MustUnderstand" error.

+1


source







All Articles