SOAP Web Service Security: Authentication with MessageContext and BindingProvider
April 05, 2014
This page will provide how to do authentication in our soap based web service application. MessageContext and BindingProvider will play the role to achieve it. There will be a contract between producer and consumer for authentication metadata. We will set username and password in soap headers. The web service server will fetch the headers with the help of MessageContext and the client will set the headers with the help of BindingProvider.
Software Dependency
The below software is needed to run the program.1. JDK 6
2. Eclipse
Create Web Service Server Using MessageContext
We will first write code for our web service server. We will fetch MessageContext from WebServiceContext and MessageContext will provide headers. The header will contain user defined keys. In our case there is two keys username and password.Find the interface of our web service.
Welcome.java
package com.concretepage.endpoint; import javax.jws.WebMethod; import javax.jws.WebService; @WebService public interface Welcome { @WebMethod public String getWelcomeMsg(String name); }
Find the implementation of web service.
WelcomeImpl.java
package com.concretepage.endpoint; import java.util.List; import java.util.Map; import javax.annotation.Resource; import javax.jws.WebService; import javax.xml.ws.WebServiceContext; import javax.xml.ws.handler.MessageContext; @WebService(endpointInterface = "com.concretepage.endpoint.Welcome") public class WelcomeImpl implements Welcome { @Resource WebServiceContext ctx; @SuppressWarnings("unchecked") @Override public String getWelcomeMsg(String name){ MessageContext msgctx = ctx.getMessageContext(); Map headers = (Map) msgctx.get(MessageContext.HTTP_REQUEST_HEADERS); List<String> users = (List<String>) headers.get("username"); List<String> pwds = (List<String>) headers.get("password"); if(users!=null && pwds != null){ if("concretepage".equals(users.get(0))&& "cp1234".equals(pwds.get(0))){ return "Welcome "+name; }else{ return "Authentication failed."; } } return "Username and password not provided."; } }
WelcomeMsgPublisher.java
package com.concretepage; import javax.xml.ws.Endpoint; import com.concretepage.endpoint.WelcomeImpl; public class WelcomeMsgPublisher { public static void main(String[] args) { Endpoint.publish("http://localhost:8080/JAXWS/Welcome", new WelcomeImpl()); } }
Create Web Service Client Using BindingProvider
Now we will write code for our client. Before writing code we need to create stubs with the help of our web service URL. Go to the command prompt and reach to root directory of client project and run the command as below.wsimport -s src/main/java http://localhost:8080/JAXWS/Welcome?wsdl
Now we have stubs. Use these stubs to write client code. The important thing here is BindingProvider. It will provide request context. We will set username and password in the header with help of it.Find the client class.
WelcomeMsgClient.java
package com.concretepage.client; import java.util.Collections; import java.util.HashMap; import java.util.List; import java.util.Map; import javax.xml.ws.BindingProvider; import javax.xml.ws.handler.MessageContext; import com.concretepage.endpoint.Welcome; import com.concretepage.endpoint.WelcomeImplService; public class WelcomeMsgClient { public static void main(String[] args) { WelcomeImplService welService = new WelcomeImplService(); Welcome welcome = welService.getWelcomeImplPort(); BindingProvider bp = (BindingProvider) welcome; Map<String, Object> map = bp.getRequestContext(); Map<String, List<String>> headers = new HashMap<String, List<String>>(); headers.put("username", Collections.singletonList("concretepage")); headers.put("password", Collections.singletonList("cp1234")); map.put(MessageContext.HTTP_REQUEST_HEADERS, headers); System.out.println(welcome.getWelcomeMsg("Everyone!")); } }