All geek questions in one place

Adding a BinarySecurityToken header to cxf

I am pulling my hair out because of this, and I just can't get it to work. I have a web service that I call that generates a security token, which then needs to be passed to subsequent service calls inside the SOAP header. I got this part working fine, but the header part disables me (I created the client using cxf wsdl2java). This is the part to be added:

<wsse:BinarySecurityToken ValueType="XXXX" EncodingType="wsse:Base64Binary" wsu:Id="SecurityToken"> My token </wsse:BinarySecurityToken>

I tried using WSS4JOutInterceptor as follows:

 Endpoint endpoint = client.getEndpoint(); Map<String, Object> outProps = new HashMap<String, Object>(); outProps.put("SecurityToken", MY-TOKEN); endpoint.getOutInterceptors().add(new WSS4JOutInterceptor(outProps));

but it didn’t work. And I tried directly adding it to the header like this (like this question ):

 List<Header> headers = new ArrayList<Header>(); SOAPFactory sf = SOAPFactory.newInstance(); SOAPElement authElement = sf.createElement(new QName(null, "wsse:BinarySecurityToken")); authElement.setAttribute("ValueType", "XXXX"); authElement.setAttribute("EncodingType", "wsse:Base64Binary"); authElement.setAttribute("wsu:Id", "SecurityToken"); authElement.addTextNode(MY-TOKEN); SoapHeader tokenHeader = new SoapHeader( new QName(null, "wsse:BinarySecurityToken"), authElement); headers.add(tokenHeader); ((BindingProvider) service).getRequestContext().put(Header.HEADER_LIST, headers);

and looks almost normal

 <soap:Header><BinarySecurityToken EncodingType="wsse:Base64Binary" ValueType="XXXX" wsu:Id="SecurityToken">MY-TOKEN</BinarySecurityToken></soap:Header>

In the BinarySecurityToken part, the wsse: while prefix is ​​missing, and the call fails.

Has anyone gotten something like work - or am I doing this completely wrong?

+6
source share
2 answers

@zengr Yes, I finally figured it out, I didn't have a namespace, so I did this:

 private static final String XMLNS_WSU = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; private static final String XSD_WSSE = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; final List<Header> headers = new ArrayList<Header>(); final SOAPFactory sf = SOAPFactory.newInstance(); final SOAPElement securityElement = sf.createElement("Security", "wsse", XSD_WSSE); final SOAPElement authElement = sf.createElement("BinarySecurityToken", "wsse", XSD_WSSE); authElement.setAttribute("ValueType", "WASP"); authElement.setAttribute("EncodingType", "wsse:Base64Binary"); authElement.setAttribute("wsu:Id", "SecurityToken"); authElement.addAttribute(new QName("xmlns:wsu"), XMLNS_WSU); authElement.addTextNode(StringUtils.replace(SessionToken.getEncodedSessionToken(), "\n", "")); securityElement.addChildElement(authElement); final SoapHeader securityHeader = new SoapHeader( new QName(null, "Security"), securityElement); headers.add(securityHeader); ((BindingProvider) interactiveService).getRequestContext().put(Header.HEADER_LIST, headers);

And this trick

+6
source

Thanks. I had a similar case, except that I had to add a token to the element of the element under the heading. This is trivial, but here I am inserting a solution for more complete documentation.

  String token = "authentication token given from service"; SOAPFactory sf = SOAPFactory.newInstance(); SOAPElement authElement = sf.createElement(new QName("urn:example.com", "Authentication")); SOAPElement tokenElement = sf.createElement(new QName(null, "AuthenticationToken")); tokenElement.addTextNode(token); authElement.addChildElement(tokenElement); List<Header> headers = new ArrayList<Header>(); Header dummyHeader = new Header(new QName("urn:example.com"), authElement); headers.add(dummyHeader);

as a result

 <S:Header><Authentication xmlns="urn:example.com"><AuthenticationToken>authentication token given from service</AuthenticationToken></Authentication></S:Header>
+2
source

Source: https://habr.com/ru/post/886004/

More articles:


All Articles