Quick Notes: Security with soap

<?xml version=”1.0″ encoding=”UTF-8″ standalone=”yes”?>
<javaee:handler-chains
xmlns:javaee=”http://java.sun.com/xml/ns/javaee”
xmlns:xsd=”http://www.w3.org/2001/XMLSchema”>
<javaee:handler-chain>
<javaee:handler>
<javaee:handler-class>UserNameTokenInjectHandler</javaee:handler-class>
</javaee:handler>
</javaee:handler-chain>
</javaee:handler-chains>

 

package webservice.client;

import java.util.Set;

import javax.xml.namespace.QName;
import javax.xml.soap.SOAPElement;
import javax.xml.soap.SOAPEnvelope;
import javax.xml.soap.SOAPException;
import javax.xml.soap.SOAPFactory;
import javax.xml.soap.SOAPHeader;
import javax.xml.soap.SOAPMessage;
import javax.xml.ws.handler.MessageContext;
import javax.xml.ws.handler.soap.SOAPHandler;
import javax.xml.ws.handler.soap.SOAPMessageContext;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/**
* @author tim
*
*/
public class UserNameTokenInjectHandler implements SOAPHandler<SOAPMessageContext> {

private static final Logger log = LoggerFactory.getLogger(UserNameTokenInjectHandler.class);

@Override
public boolean handleMessage(SOAPMessageContext context) {
if (context != null) {
log.debug(Constants.HANDLE_MESSAGE_ERROR, context.toString());
}
else {
return true;
}

Boolean isRequest = (Boolean) context.get(MessageContext.MESSAGE_OUTBOUND_PROPERTY);

// if this is a request, true for outbound messages, false for inbound
if (isRequest) {

try {
context.put(Constants.REQUEST_TIME_OUT,Constants.TIMEOUT);
context.put(Constants.RECEIVE_TIME_OUT, Constants.TIMEOUT);
} catch (Exception e) {
log.error(Constants.TIMEOUT_ERROR_MESSAGE, e);
}
try {
SOAPMessage soapMsg = context.getMessage();
SOAPEnvelope soapEnv = soapMsg.getSOAPPart().getEnvelope();
SOAPHeader soapHeader = soapEnv.getHeader();

// if no header, add one
if (soapHeader == null) {
soapHeader = soapEnv.addHeader();
}
SOAPFactory soapFactory = SOAPFactory.newInstance();

// WSSecurity <Security> header
SOAPElement wsSecHeaderElm = soapFactory.createElement(
SVSConstants.SOAP_ENV_HEADER_LOCAL_NAME,
SVSConstants.SOAP_ENV_HEADER_PRE,
SVSConstants.SOAP_ENV_HEADER_XML_NS);
SOAPElement userNameTokenElm = soapFactory.createElement(Constants.SOAP_ENV_HEADER_USERNAME_TOKEN,
SVSConstants.SOAP_ENV_HEADER_PRE,
SVSConstants.SOAP_ENV_HEADER_XML_NS);
SOAPElement userNameElm = soapFactory.createElement(Constants.SOAP_ENV_HEADER_USERNAME_ELEMENT,
SVSConstants.SOAP_ENV_HEADER_PRE,
SVSConstants.SOAP_ENV_HEADER_XML_NS);
userNameElm.addTextNode(Constants.WSSE_USERNAME);

SOAPElement passwdElm = soapFactory.createElement(Constants.SOAP_ENV_HEADER_PASSWORD_ELEMENT,
SVSConstants.SOAP_ENV_HEADER_PRE,
SVSConstants.SOAP_ENV_HEADER_XML_NS);
passwdElm.addTextNode(Constants.WSSE_PASSWORD);

userNameTokenElm.addChildElement(userNameElm);
userNameTokenElm.addChildElement(passwdElm);

// add child elements to the root element
wsSecHeaderElm.addChildElement(userNameTokenElm);

// add SOAP element for header to SOAP header object
soapHeader.addChildElement(wsSecHeaderElm);

soapMsg.saveChanges();
soapMsg.writeTo(System.out);
} catch (SOAPException e) {
log.error(SVSConstants.SOAP_ERROR_MESSAGE, e);
} catch (Exception e) {
log.error(SVSConstants.SOAP_ERROR_MESSAGE, e);
}
}
// continue other handler chain
return true;
}

@Override
public void close(MessageContext arg0) {
return;
}

@Override
public boolean handleFault(SOAPMessageContext context) {
try {
if (context != null) {
SOAPMessage soapMsg = context.getMessage();
soapMsg.writeTo(System.out);
log.debug(Constants.SOAP_HANDLE_FAULT_MESSAGE, soapMsg.toString());
}
} catch (Exception e) {
log.error(Constants.SOAP_HANDLE_FAULT_MESSAGE2, e);
}
return true;
}

@Override
public Set<QName> getHeaders() {
return null;
}
}

Leave a Reply