Results 1 to 2 of 2

Thread: Integrating Spring WS with Axis (Security)

  1. Apr 16th, 2008, 02:45 PM #1
    litius
    litius is offline Senior Member
    Join Date
    Apr 2008
    Location
    Philadelphia, US
    Posts
    198

    Default Integrating Spring WS with Axis (Security)

    Hi cool Spring WS crowd!

    We are stuck to use Axis for some of our old web service client implementation. Hence the question ( Spring question, I promise )

    The request that has to be sent, needs to be injected with WSSE header - usual deal, right? However in Axis, the way it is done, there is a "wsdd" file that specifies a WsDoAllHandler with two things "injected in" (not Spring):

    1. WsPasswordCallbackHandler (custom)
    2. username

    WsPasswordCallbackHandler returns a password according to the username.

    This "wsdd" file is injected in Axis generated (from "wsdl") ServiceLocator stub, and this way it wraps the request with WSSE header by calling "WsDoAllHandler" behind the scenes.

    This works, BUT we would like to use much simpler approach ( to store username/password pairs in ONE place ) - we would like to use a Spring's Wss4jSecurityInterceptor:

    Code:
    	<bean id="wss4jInterceptor" class="org.springframework.ws.soap.security.wss4j.Wss4jSecurityInterceptor">

	    <property name="securementActions" value="UsernameToken"/>
	    <property name="securementUsername" value="vipUser"/>
	    <property name="securementPassword" value="t0p5ecret"/>
	    <property name="securementPasswordType" value="PasswordText"/>
	    <property name="securementUsernameTokenElements" value="Nonce Created"/>

	</bean>
    We still need to keep Axis (1.4) on - client's will. So we cannot just switch to Spring.

    How would we be able to use "Wss4jSecurityInterceptor" (or something as simple) with Axis auto-generated stubs to wrap our top secret requests with WSSE header?

    Thank you VERY much,
    litius
    Last edited by litius; Apr 16th, 2008 at 04:27 PM.
    Humans are stateful and mutable beings that have no problems processing many things concurrently and share state with others + they are usually "coupled"
    Reply With Quote Reply With Quote
  2. Apr 16th, 2008, 04:21 PM #2
    litius
    litius is offline Senior Member
    Join Date
    Apr 2008
    Location
    Philadelphia, US
    Posts
    198

    Default

    One possible solution that we found so far would be to mimic Spring's "Wss4jSecurityInterceptor" behavior, since internally it also uses a real Wss4j handler, but overwrites getPassword(), so if password is provided (to Wss4jSecurityInterceptor), it'll just return that, if not, it would look it up.

    Once I write a custom handler that just returns a password (if it is provided), I can pass "password" to the handler, and "username + handler" to my webservice client, and set it on the Axis Stub (username and handler that will just return a password).

    Any other, more elegant ideas?

    Thank you!
    Last edited by litius; Apr 16th, 2008 at 04:28 PM.
    Humans are stateful and mutable beings that have no problems processing many things concurrently and share state with others + they are usually "coupled"
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules