0

I have created a web service using JAX-WS and trying to add Simple UsernameToken security to the web service. The application is deployed on Websphere 8.5.

I found the following link which helps to add the usernameToken from RAD -> Services tab quite easily for JAX-RPC based web services but the same feature is not available for JAX-WS type web services.

RAD - How to add username token for JAX RPC in websphere application server admin console

Can anybody help to provide some similar kind of steps or another possible simple solution to achieve the same for JAX-WS web services?

    <Soapenv:Header>
    <wsse:Security soapenv: mustUnderstand="1"
        xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wsswssecurity-secext-1.0.xsd">
        <wsse:UsernameToken>
            <wsse:Username>user</wsse: Username>
            <wsse:Password
                Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wssusername-token-profile-1.0#PasswordText">paas</wsse: Password>
        </wsse:UsernameToken>
    </wsse:Security>
</soapenv:Header>

Thanks.

Parth Kansara
  • 189
  • 1
  • 11

1 Answers1

0

Finally, I have managed to find a workaround for the problem above. Its as follows:

After googling a lot I came across a concept of Web-service Handler which can be invoked for every request and response that is either received or sent from the Webservice Provider respectively.

How to configure: 1. Create a Java File SecurityHandler and paste the following code in it:

public class SecurityHandler implements SOAPHandler<SOAPMessageContext>
{
    @Override
    public boolean handleMessage(SOAPMessageContext context)
    {
        boolean outbound = (Boolean)context.get(SOAPMessageContext.MESSAGE_OUTBOUND_PROPERTY);
        if(outbound) {
            //logic to handle a response
        }

        if (!outbound) {
            //logic to handle a request
        }

        return true;
    }

    @Override
    public boolean handleFault(SOAPMessageContext context) {
        return true;
    }

    @Override
    public void close(MessageContext context) {}

    @Override
    public Set<QName> getHeaders() {
        return Collections.emptySet();
    }

}

  1. Create an XML file with below code sample:

    <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <javaee:handler-chains xmlns:javaee="http://java.sun.com/xml/ns/javaee" xmlns:xsd="http://www.w3.org/2001/XMLSchema"> <javaee:handler-chain> <javaee:handler> <javaee:handler-class>your.package.path.SecurityHandler</javaee:handler-class> </javaee:handler> </javaee:handler-chain> </javaee:handler-chains>

  2. To activate the handler on each request or response to the web service you exposed add the annotation in your web service class as follows: 


    @HandlerChain(file="/your/package/path/handler-chain.xml") 
    public class my web services {
        //methods or web-services to be exposed.
    }
Parth Kansara
  • 189
  • 1
  • 11