I actually found this project last friday, did attempt to convince the specifications author to adhere to these standards, and he refused.
I am still missing something from this project, though, and that is how I can *clearly* annotate the requirements of this headers presence in the WSDL.
There 'aught to be something to outline that for me, but what, I'm not sure.
Thanks,
Scott S. McCoy
On 2/13/06, Rodrigo Ruiz
<[EMAIL PROTECTED]> wrote:
Hi Scott, take a look at the wss4j project (at
http://ws.apache.org/wss4j). It is a security framework that can do what
you describe, and some more things, like using client certificates
instead of name/password pairs. It is probably your best option if you
are looking for a standard implementation :-)
Even if your specification mandates a custom header (in that case I
would try to convince the author to adhere to the standard :-P), you can
get ideas from the code, as it uses handlers.
HTH,
Rodrigo Ruiz
Scott McCoy wrote:
> That is the client answer, sure.
>
> Virtually what I was looking for, but I wanted the server answer.!
>
> I want to use wsdl2java to build a service I will deploy with axis,
> rather than connect to. I am trying to figure out the most pragmatic
> fasion for building a "component", that I could stuff (possibly, in
> the <requestFlow/>) that checks the headers, and *stops* the request
> from getting to the main handler under the instance that my
> authentication failed.
>
> I really wanted to, if possible, use document or wrapped style
> services, rather than messages style services, also.
>
> Thanks!
>
> Scott S. McCoy
>
> On 2/10/06, * Rave, Mark* <[EMAIL PROTECTED]
> <mailto: [EMAIL PROTECTED]>> wrote:
>
> I don't know if this is what you are asking but it can't hurt to
> offer it. I used WSDL2Java to generate the stubs and I also had
> to have authentication information in the SOAP header, this is how
> I did it but it might not be the best way:
>
> SomethingService service = new SomethingServiceLocator();
>
> Something svc = service.getSomethingSOAPPort();
>
> SomethingSoapBindingStub stub = (SomethingSoapBindingStub)svc;
> SOAPHeaderElement she = new SOAPHeaderElement("namespace",
> "AuthInfo");
> SOAPElement ut = she.addChildElement("UserToken");
> SOAPElement un = ut.addChildElement("UserName");
> un.addTextNode("username");
> SOAPElement pw = ut.addChildElement("Password");
> pw.addTextNode("password");
> stub.setHeader(she);
>
> When I make the call something like this is generated:
>
> <SOAP-ENV:Envelope xmlns:SOAP-ENV="
> http://schemas.xmlsoap.org/soap/envelope/"
> xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/"
> xmlns:xsi=" http://www.w3.org/2001/XMLSchema-instance"
> xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:m="namespace">
> <SOAP-ENV:Header>
> <m:AuthInfo>
> <m:UserToken>
> <m:UserName>username</m:UserName>
> <m:Password>password</m:Password>
> </m:UserToken>
> </m:AuthInfo>
> </SOAP-ENV:Header>
> ......
> </SOAP-ENV:Envelop>
>
> Hope this helps.
>
> -----Original Message-----
> From: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
> [mailto: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>]On Behalf Of
> Scott McCoy
> Sent: Friday, February 10, 2006 2:06 PM
> To: [email protected] <mailto:[email protected]>
> Subject: Re: Arbitrary Authenitcation Types (based on SOAP Headers)
>
>
> I didn't get a response to this, so I thought I'd re-post it.
>
> I just want a handler, before my handler, to get some values from
> the header and have the ability to stop the request.
>
> How does that happen?
>
>
> On 2/8/06, Scott McCoy < [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>> wrote:
> Hello All,
> I have a specification that demands I use a SOAP Header
> element for credential verification, and from a technical
> perspective it needs to be highly reusable, with a technical
> requirement that it preceeds and stops processing of the SOAP
> Body. I've found what seems to be just the ticket, which is
> simply adding a component via the < requestFlow/> element in WSDL
> or WSDD...But the problem I'm having is that I'm having difficulty
> finding documentation on doing this.
>
> Essentially, I have the following (mock) request envelope:
>
> <Envelope xmlns="?soap">
> <Header>
> <authenticate username="..." password="..."/>
> </Header>
> <Body>
> <purchase>
> <order accountid=".." cardid=".." amount=".."/>
> <order accountid=".." cardid=".." amount=".."/>
> </purchase>
> </Body>
> </Envelope>
>
>
> Nevermind the details of the SOAP Body, handlers for this are
> easily generatable by WSDL2Java, but how do I deal with the SOAP
> Header in a respectible and logical fasion (Axis 1.3) ?
>
>
> Thanks,
> Scott S. McCoy
>
> _________________________________________________
>
> This message is for the designated recipient only and may contain
> privileged, proprietary, or otherwise private information. If you
> have received it in error, please notify the sender immediately
> and delete the original. Any other use of the email by you is
> prohibited.
>
> Espanol - Deutsch - Nederlands - Francais - Italiano - Norsk -
> Svenska: www.cardinalhealth.com/legal/email
> <http://www.cardinalhealth.com/legal/email>
>
>
> ------------------------------------------------------------------------
>
> No virus found in this incoming message.
> Checked by AVG Free Edition.
> Version: 7.1.375 / Virus Database: 267.15.6/257 - Release Date: 10/02/2006
>
