The Laboratory: Configuring WS-Security for Axis 1.4 client

I was looking how to enable WS-Security features in the Axis client to my web service application. The article I found describes how to do this.

I have tested it with Axis 1.4 client.

The things you need to configure axis client are:

Copy wss4j.jar (rev. 1.5.1), opensaml-1.1.jar and xmlsec-20050514.jar (from the openSAML distribution) to classpath (WEB-INF/lib)
Add handler to client.wsdd:
 <deployment xmlns="http://xml.apache.org/axis/wsdd/" java="http://xml.apache.org/axis/wsdd/providers/java"> <transport name="http" pivot="java:org.apache.axis.transport.http.HTTPSender"> <globalconfiguration> <requestflow> <handler type="java:org.apache.ws.axis.security.WSDoAllSender"> <parameter name="action" value="UsernameToken"> <parameter name="passwordType" value="PasswordDigest"> <parameter name="mustUnderstand" value="false"> </handler> </requestflow> </globalconfiguration> </transport> </deployment>

You dont need to hardcode username and password as a handler parameters as described in the article. Just call setUsername(...) and setPassword(...) methods of your Stub.

4 comments:

HegdeJanuary 16, 2009 7:26 am
This does not work when invoking a secure weblogic service..any ideas how this can be done?

Thanks
Konstantin PavlovJanuary 20, 2009 12:22 am
Does your weblogic server require SSL?
Given example does not switch web client to secure mode (SSL). It just modifies SOAP request (adds SOAP Header).
You may trace your requests via Apache TCP monitor, HTTP Analyzer or similar tool to verify that SOAP contains required headers.
The given example was tested with JBoss Server.
Alexey ZavizionovJanuary 25, 2011 12:35 pm
Where is the "transport" tag closed?
Konstantin PavlovJanuary 25, 2011 12:55 pm
Yep, 'transport' tag was not closed were expected. Fixed.

The Laboratory

23/05/2007

Configuring WS-Security for Axis 1.4 client

4 comments:

redirect