SOAP Web Service Security: Authentication with MessageContext and BindingProvider

By Arvind Rai, April 05, 2014
This page will provide how to do authentication in our soap based web service application. MessageContext and BindingProvider will play the role to achieve it. There will be a contract between producer and consumer for authentication metadata. We will set username and password in soap headers. The web service server will fetch the headers with the help of MessageContext and the client will set the headers with the help of BindingProvider.

Software Dependency

The below software is needed to run the program.
1. JDK 6
2. Eclipse

Create Web Service Server Using MessageContext

We will first write code for our web service server. We will fetch MessageContext from WebServiceContext and MessageContext will provide headers. The header will contain user defined keys. In our case there is two keys username and password.
Find the interface of our web service.
package com.concretepage.endpoint;
import javax.jws.WebMethod;
import javax.jws.WebService;
public interface Welcome {
  public String getWelcomeMsg(String name);

Find the implementation of web service.
package com.concretepage.endpoint;
import java.util.List;
import java.util.Map;
import javax.annotation.Resource;
import javax.jws.WebService;
@WebService(endpointInterface = "com.concretepage.endpoint.Welcome")
public class WelcomeImpl implements Welcome {
        WebServiceContext ctx;
	public String getWelcomeMsg(String name){
	  MessageContext msgctx = ctx.getMessageContext();
	  Map headers = (Map) msgctx.get(MessageContext.HTTP_REQUEST_HEADERS);
          List<String> users = (List<String>) headers.get("username");
          List<String> pwds = (List<String>) headers.get("password");
             if(users!=null && pwds != null){
        	if("concretepage".equals(users.get(0))&& "cp1234".equals(pwds.get(0))){
       		 return "Welcome "+name;
        		return "Authentication failed.";
             return "Username and password not provided.";
Create a main class that will start the server with a given URL.
package com.concretepage;
import com.concretepage.endpoint.WelcomeImpl;
public class WelcomeMsgPublisher {
	public static void main(String[] args) {
	   Endpoint.publish("http://localhost:8080/JAXWS/Welcome", new WelcomeImpl());	
So our web service is up on the URL http://localhost:8080/JAXWS/Welcome

Create Web Service Client Using BindingProvider

Now we will write code for our client. Before writing code we need to create stubs with the help of our web service URL. Go to the command prompt and reach to root directory of client project and run the command as below.

wsimport -s src/main/java http://localhost:8080/JAXWS/Welcome?wsdl

Now we have stubs. Use these stubs to write client code. The important thing here is BindingProvider. It will provide request context. We will set username and password in the header with help of it.Find the client class.
package com.concretepage.client;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import com.concretepage.endpoint.Welcome;
import com.concretepage.endpoint.WelcomeImplService;
public class WelcomeMsgClient {
	public static void main(String[] args) {
	  WelcomeImplService welService = new WelcomeImplService();
	  Welcome welcome = welService.getWelcomeImplPort();
	  BindingProvider bp = (BindingProvider) welcome;
	  Map<String, Object> map = bp.getRequestContext();
	  Map<String, List<String>> headers = new HashMap<String, List<String>>();
	  headers.put("username", Collections.singletonList("concretepage"));
	  headers.put("password", Collections.singletonList("cp1234"));
	  map.put(MessageContext.HTTP_REQUEST_HEADERS, headers);
Output will be Welcome Everyone!

Download Source Code


©2022 | Privacy Policy | Contact Us