1 Reply Latest reply: Aug 6, 2012 10:45 AM by Mauricio Alpuin RSS

adding ws security to dynamic webservice call

Patrik Jetzer Newbie

I'm looking for any kind of documentation, examples for adding a Username Password Token to the webservice call.


The generation of client artefacts with wsimport or wsconsume is not an option, since the callback references are not defined until runtime.

This is the way the webservice is called tried to access an example reliable messaging enabled webservice deployed on localhost:


import javax.xml.namespace.QName;
import javax.xml.soap.MessageFactory;
import javax.xml.soap.SOAPBody;
import javax.xml.soap.SOAPBodyElement;
import javax.xml.soap.SOAPElement;
import javax.xml.soap.SOAPHeader;
import javax.xml.soap.SOAPMessage;
import javax.xml.ws.BindingProvider;
import javax.xml.ws.Dispatch;
import javax.xml.ws.Service;
import javax.xml.ws.WebServiceException;
import javax.xml.ws.soap.SOAPBinding;

// -------------


public void sendRM() {
        String namespace = "http://ws.example.com/";
        String serviceName = "SimpleService";
        String portName = "SimpleServicePort";
        String methodName = "echoRequest";


        try {
            // Qnames for service as defined in wsdl.
            QName serviceQName = new QName(namespace, serviceName);


            // QName for Port As defined in wsdl.
            QName portQName = new QName(namespace, portName);


            // Endpoint Address
            String endpointAddress = "http://localhost:8080/SimpleWS/SimpleService";


            // Create a dynamic Service instance
            Service service = Service.create(serviceQName);


            // Add a port to the Service
            service.addPort(portQName, SOAPBinding.SOAP11HTTP_BINDING,


            // Create a dispatch instance
            Dispatch<SOAPMessage> dispatch = service.createDispatch(portQName,
                    SOAPMessage.class, Service.Mode.MESSAGE);


            // Use Dispatch as BindingProvider
            BindingProvider bp = (BindingProvider) dispatch;


            // Optionally Configure RequestContext to send SOAPAction HTTP Header
            Map<String, Object> rc = bp.getRequestContext();
            rc.put(BindingProvider.SOAPACTION_USE_PROPERTY, Boolean.TRUE);
            rc.put(BindingProvider.SOAPACTION_URI_PROPERTY, methodName);


            // --- username, password (is NOT submitted)!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

            rc.put(BindingProvider.USERNAME_PROPERTY, "myUsername");
            rc.put(BindingProvider.PASSWORD_PROPERTY, "myPassword");


            // Obtain a preconfigured SAAJ MessageFactory
            MessageFactory factory = ((SOAPBinding) bp.getBinding()).getMessageFactory();


            // Create SOAPMessage Request
            SOAPMessage request = factory.createMessage();


            // Request Header
            SOAPHeader header = request.getSOAPHeader();


            // Request Body
            SOAPBody body = request.getSOAPBody();


            // Compose the soap:Body payload
            QName payloadName = new QName(namespace, methodName, "ns1");

            SOAPBodyElement payload = body.addBodyElement(payloadName);

            SOAPElement message = payload.addChildElement("input");



            // Invoke the endpoint synchronously
            SOAPMessage reply = null;


            try {
                // Invoke Endpoint Operation and read response
                reply = dispatch.invoke(request);
            } catch (WebServiceException wse) {

       } catch (Exception e) {



Env Setting:

JBossAS 4.2.2 JRE 1.5.0_19

Webservice stack jbossws-metro-3.0.5.GA


I'm suppose to support multiple different security protocols but i can't find any examples not even in the test classes

for any of the different Tokens (Username, X509, SAML, RSA, etc)


any hints are welcome

  • 1. Re: adding ws security to dynamic webservice call
    Mauricio Alpuin Newbie


    can solve this issue?



    I try to implement the same solution as I want to get the soap message that has implemented the ws security.



    What I have found is that when you create the message with "SoapMessage factory.createMessage request = ();" are creating an independent soap message that is created by the generic client and that is why the header is not modified.

    I guess what is happening to us is that.



    Either way, I need to add ws security and get the soap message that contains this security to modify the body, if you have the solution and want to share please answer me.


    Thanks in advance,


    Mauricio A.