tags:

views:

594

answers:

1
+1  Q: 

Accessing username/password from within web service (JAX-WS)?

We are implementing a web service that is going to act as an intermediary layer between the clients and another application. Our requirements for the web service state that we need to send the username and password in the SOAP header using standard WS-Security.

The web service implementation needs to take the information passed in through the method call and combine that with the username and password in order to call the other application, and this is where my problem starts.

I cannot figure out an easy way to get to the username and password from the SOAP header within my web service implementation. I can get to the user principal (username) through the injected WebServiceContext, but I don't see any easy way to get the password.

I can get to the SOAPHeader and could probably parse the XML to get the password element, but this seems like a very messy way to solve this problem.

I'm not as knowledgeable about JAX-WS and WS-Security as I'd like to be. I'm hoping that I'm missing something that obvious to somebody else - maybe I need to implement some kind of handler?

A: 

The easiest approach is to pull the username and password from the SOAP header by specifying it as a parameter to your JAX-WS method:

@WebMethod
public String performAction( @WebParam(name="credentials", header=true)
                             Credentials credentials,
                             @WebParam( name="...")....

You could also create a SOAPHandler:

public class AuthenticationHandler implements SOAPHandler<SOAPMessageContext>
{
    //Implement appropriate methods here
}

This is registered in standard-jaxws-endpoint-config.xml:

<jaxws-config xmlns="urn:jboss:jaxws-config:2.0" 
              xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
              xmlns:javaee="http://java.sun.com/xml/ns/javaee"
              xsi:schemaLocation="urn:jboss:jaxws-config:2.0 jaxws-config_2_0.xsd">
   <endpoint-config>
      <config-name>WebService Endpoint</config-name>
      <pre-handler-chains>
         <javaee:handler-chain>
            <javaee:protocol-bindings>##SOAP11_HTTP</javaee:protocol-bindings>
            <javaee:handler>
                <javaee:handler-name>AuthHandler</javaee:handler-name>
                <javaee:handler-class>com.example.AuthenticationHandler</javaee:handler-class>
            </javaee:handler>
         </javaee:handler-chain>
      </pre-handler-chains>
   </endpoint-config>
</jaxws-config>
mtpettyp  2010-05-13 18:28:02
This looks exactly like what I'm looking for. If I add a parameter to my service method with the header=true flag, does that force any clients consuming the webservice to change their implementation, or is the parameter mapped from the header without the client having to do anything?
Chad  2010-05-23 03:56:51

related questions

Displaying Version Information in a Web Service
Example Web Service
SoapException: Root element is missing occurs when .NET web service called from Flex
Best practice for webservices
What is your preferred method of sending complex data over a web service?
.Net - Returning DataTables in WCF
Is it possible to return objects from a WebService?
How much extra overhead is generated when sending a file over a web service as a byte array?
Returning Large Results Via a Webservice
File Uploads via Web Services
best way to persist data in .NET Web Service
What is the difference between an endpoint, a service, and a port when working with webservices?
Calling REST web services from a classic asp page
Best way to write a RESTful service "client" in .Net?
Where can I find some good WS-Security introductions and tutorials?
ASP.NET Web Service Results, Proxy Classes and Type Conversion
Web Services -- WCF vs. Standard
C# WCF Service - Backward compatibility issue
Document or RPC based web services
How to easily consume a web service from PHP
Timer-based event triggers
How to pass enumerated values to a web service
Homegrown consumption of web services
How do I print an HTML document from a web service?
How do I fill a DataSet or a DataTable from a LINQ query resultset ?