cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Glen Mazza <glen.ma...@gmail.com>
Subject RE: Authorization for web service
Date Wed, 14 Apr 2010 19:43:12 GMT

That security header appears to be project-specific (not like UsernameToken
profile), so CXF won't have an out-of-the-box solution.  Besides an
interceptor, you can also use a JAX-WS handler[1] to insert the
AuthenticationHeader into the soap:header.  Alternatively, if you are
allowed to tweak the WSDL you use locally to generate the JAX-WS artifacts,
you can add implicit header declarations to the wsdl[2] so that when you run
wsdl2java those three parameters will be available to you in your soap
calls. 

HTH,
Glen

[1] http://www.jroller.com/gmazza/entry/adding_jax_ws_handlers_to
[2] http://www.jroller.com/gmazza/entry/using_implicit_soap_headers_with


De Bakker, Bjorn wrote:
> 
> No, that's not it.  In our message, we send a Soap Header to provide a
> username and password.  Problem is that I can't find how to add a header
> to the message.  Now I'm looking into an interceptor to make it work, but
> I really don't know how to do this.  
> 
> XML:
> 
> <soapenv:Envelope
> xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
> xmlns:soap="http://lalala" xmlns:con="http://lalala">
>    <soapenv:Header>
>       <soap:AuthenticationHeader>
>          <soap:ClientName>CLIENTNAME</soap:ClientName>
>          <soap:UserName>USERNAME</soap:UserName>
>          <soap:Password>PASSWORD</soap:Password>
>       </soap:AuthenticationHeader>
>    </soapenv:Header>
>    <soapenv:Body>
>       <con:GetContactsRequest>
>          <con:ContactSearchCriteria>
>          </con:ContactSearchCriteria>
>       </con:GetContactsRequest>
>    </soapenv:Body>
> </soapenv:Envelope>
> 
> ________________________________________
> Van: Glen Mazza [glen.mazza@gmail.com]
> Verzonden: woensdag 14 april 2010 15:43
> Aan: users@cxf.apache.org
> Onderwerp: Re: Authorization for web service
> 
> I think you're mixing up transport-layer with message-layer
> security--what's
> in the soap header or soap body wouldn't matter for https:// because it's
> all encrypted anyway.   You'll probably just need simple basic
> authentication for https (Step #7 of
> http://www.jroller.com/gmazza/entry/setting_up_ssl_and_basic).
> 
> As for soapUI, I believe there's a Preferences menu where you place in the
> basic auth username and password for https:// for it to work, but am less
> certain here.
> 
> HTH,
> Glen
> 
> 
> 
> De Bakker, Bjorn wrote:
>>
>> I'm currently developing a client, which has to communicate with a
>> webservice.  This webservice is accessible through https, so we have to
>> provide authentication.
>>
> 
> --
> View this message in context:
> http://old.nabble.com/Authorization-for-web-service-tp28241860p28242794.html
> Sent from the cxf-user mailing list archive at Nabble.com.
> 

-- 
View this message in context: http://old.nabble.com/Authorization-for-web-service-tp28241860p28247307.html
Sent from the cxf-user mailing list archive at Nabble.com.


Mime
View raw message