1 Reply Latest reply on Aug 6, 2012 10:45 AM by mauricubo

    adding ws security to dynamic webservice call


      I'm looking for any kind of documentation, examples for adding a Username Password Token to the webservice call.


      The generation of client artefacts with wsimport or wsconsume is not an option, since the callback references are not defined until runtime.

      This is the way the webservice is called tried to access an example reliable messaging enabled webservice deployed on localhost:


      import javax.xml.namespace.QName;
      import javax.xml.soap.MessageFactory;
      import javax.xml.soap.SOAPBody;
      import javax.xml.soap.SOAPBodyElement;
      import javax.xml.soap.SOAPElement;
      import javax.xml.soap.SOAPHeader;
      import javax.xml.soap.SOAPMessage;
      import javax.xml.ws.BindingProvider;
      import javax.xml.ws.Dispatch;
      import javax.xml.ws.Service;
      import javax.xml.ws.WebServiceException;
      import javax.xml.ws.soap.SOAPBinding;

      // -------------


      public void sendRM() {
              String namespace = "http://ws.example.com/";
              String serviceName = "SimpleService";
              String portName = "SimpleServicePort";
              String methodName = "echoRequest";


              try {
                  // Qnames for service as defined in wsdl.
                  QName serviceQName = new QName(namespace, serviceName);


                  // QName for Port As defined in wsdl.
                  QName portQName = new QName(namespace, portName);


                  // Endpoint Address
                  String endpointAddress = "http://localhost:8080/SimpleWS/SimpleService";


                  // Create a dynamic Service instance
                  Service service = Service.create(serviceQName);


                  // Add a port to the Service
                  service.addPort(portQName, SOAPBinding.SOAP11HTTP_BINDING,


                  // Create a dispatch instance
                  Dispatch<SOAPMessage> dispatch = service.createDispatch(portQName,
                          SOAPMessage.class, Service.Mode.MESSAGE);


                  // Use Dispatch as BindingProvider
                  BindingProvider bp = (BindingProvider) dispatch;


                  // Optionally Configure RequestContext to send SOAPAction HTTP Header
                  Map<String, Object> rc = bp.getRequestContext();
                  rc.put(BindingProvider.SOAPACTION_USE_PROPERTY, Boolean.TRUE);
                  rc.put(BindingProvider.SOAPACTION_URI_PROPERTY, methodName);


                  // --- username, password (is NOT submitted)!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

                  rc.put(BindingProvider.USERNAME_PROPERTY, "myUsername");
                  rc.put(BindingProvider.PASSWORD_PROPERTY, "myPassword");


                  // Obtain a preconfigured SAAJ MessageFactory
                  MessageFactory factory = ((SOAPBinding) bp.getBinding()).getMessageFactory();


                  // Create SOAPMessage Request
                  SOAPMessage request = factory.createMessage();


                  // Request Header
                  SOAPHeader header = request.getSOAPHeader();


                  // Request Body
                  SOAPBody body = request.getSOAPBody();


                  // Compose the soap:Body payload
                  QName payloadName = new QName(namespace, methodName, "ns1");

                  SOAPBodyElement payload = body.addBodyElement(payloadName);

                  SOAPElement message = payload.addChildElement("input");



                  // Invoke the endpoint synchronously
                  SOAPMessage reply = null;


                  try {
                      // Invoke Endpoint Operation and read response
                      reply = dispatch.invoke(request);
                  } catch (WebServiceException wse) {

             } catch (Exception e) {



      Env Setting:

      JBossAS 4.2.2 JRE 1.5.0_19

      Webservice stack jbossws-metro-3.0.5.GA


      I'm suppose to support multiple different security protocols but i can't find any examples not even in the test classes

      for any of the different Tokens (Username, X509, SAML, RSA, etc)


      any hints are welcome

        • 1. Re: adding ws security to dynamic webservice call


          can solve this issue?



          I try to implement the same solution as I want to get the soap message that has implemented the ws security.



          What I have found is that when you create the message with "SoapMessage factory.createMessage request = ();" are creating an independent soap message that is created by the generic client and that is why the header is not modified.

          I guess what is happening to us is that.



          Either way, I need to add ws security and get the soap message that contains this security to modify the body, if you have the solution and want to share please answer me.


          Thanks in advance,


          Mauricio A.