Not a problem, because with SOAP all you're doing is sending XML back
and forth--the web service provider is oblivious to the technology used
by the client--Python, Perl, Java, C++--to create the XML (SOAP) request
message. You will require--one way or another--for the XML SOAP request
envelope, in its SOAP header, to contain the UsernameToken user and
password information following the WS-Security standard. At that stage,
you're done.
The software developer creating the SOAP client has a choice of several
programming languages and frameworks to send the XML SOAP message over
HTTP. (You don't even need a web service stack--Java's
HTTPUrlConnection can send a raw stream of XML over the wire, and
probably most other languages have an equivalent.) Now I documented how
to create a Java client to access a web service. If somebody else wants
to use a different programming language, most fine, but he or she will
need to find documentation on how to create a SOAP client using that
language. If there's no documentation for that developer's choice,
well, then that person made a pretty poor choice and needs to choose
another language instead. :)
Glen
On 07/10/2011 03:26 AM, liav.ezer wrote:
Thank you Glen for the elaborated answer.
I now understand the 2 approaches.
One thing you mention which i want to make sure is the client step to invoke
my service (WSS4J based):
1. Create proxy objects based on the wsdl file
2. Create a CallBack class such as:
*public class ClientPasswordCallback implements CallbackHandler {
private static String password;
static {
password = "123"; *// we agreed on that over the phone/email*
}
public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException {
WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];
pc.setPassword(password);
}
}*
3. Invoke the Service with additional SOAP header params as follows:
*
UpdateDepositIndSvc ss = new UpdateDepositIndSvc(wsdlURL,
SERVICE_NAME);
DepositIntf port = ss.getDepositSvcPort();
Map outProps = new HashMap();
Client client = org.apache.cxf.frontend.ClientProxy.getClient(port);
Endpoint cxfEndpoint = client.getEndpoint();
* // Manual WSS4JOutInterceptor interceptor process*
outProps.put(WSHandlerConstants.ACTION,
WSHandlerConstants.USERNAME_TOKEN);
outProps.put(WSHandlerConstants.USER, "bob");
outProps.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT);
outProps.put(WSHandlerConstants.PW_CALLBACK_CLASS,
ClientPasswordCallback.class.getName());
WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(outProps);
cxfEndpoint.getOutInterceptors().add(wssOut);
long id = 1;
boolean ind = false;
java.lang.Boolean updateDepositIndSvc = port.updateDepositIndSvc(id,
ind);*
What if the client isn't a Java one but rather C++ or other platform?
Thanks.
--
View this message in context:
http://cxf.547215.n5.nabble.com/CXF-web-service-with-ws-security-Why-the-wsdl-doesn-t-demand-the-username-pwd-tp4566648p4569834.html
Sent from the cxf-user mailing list archive at Nabble.com.
--
Glen Mazza
Application Integration Division
Talend (http://www.talend.com/ai)
blog: http://www.jroller.com/gmazza
