7

I use a Maven plugin (org.codehaus.mojo > axistools-maven-plugin) + a WSDL file to generate a Soap Web Service.

Genarated files in target/generated-source/wsdl2java/com.comp.proj are:

  • Foo.java (java interface)
  • FooServiceLocator.java
  • FooSoapBindingImpl.java (java empty implementation)
  • FooSoapBindingSkeleton.java
  • FooSoapBindingStub.java

In my project, i create FooSoapBindingImpl.java in a package with the same name + add my custom code in this java implementation.

This Web services is ready for use in production.

So, today I add Basic authentication on my client (header => Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==)

How to add a check on this Basic authentication in my Axis Web Service?

Stéphane GRILLON
  • 11,140
  • 10
  • 85
  • 154
  • I know is old question but you can the guide here, with RPC and AXIS 1.x. https://www.ibm.com/docs/en/was/8.5.5?topic=SSEQTP_8.5.5/com.ibm.websphere.nd.multiplatform.doc/ae/twbs_confighttpbasicauthprog.html ``` StockQuote sq = (StockQuote)service.getPort(portQname, StockQuote.class); ((javax.xml.rpc.Stub) sq)._setProperty(javax.xml.rpc.Stub.USERNAME_PROPERTY, "myUser"); ((javax.xml.rpc.Stub) sq)._setProperty(javax.xml.rpc.Stub.PASSWORD_PROPERTY, "myPwd"); ``` – pazfernando Sep 07 '21 at 21:40

3 Answers3

1

The "Axis security section 'Authenticating the caller'" mentions:

Clients can authenticate themselves with client certificates, or HTTP basic authentication.
The latter is too weak to be trustable on a non-encrypted channel, but works over HTTPS.

The MessageContext class will be configured with the username and password of the sender when SOAP messages are posted to the endpoint;*

See an example here.

use the appropriate getters to see these values. Note that Axis does not yet integrate with the servlet API authentication stuff.

See a getter example in this answer.

VonC
  • 1,262,500
  • 529
  • 4,410
  • 5,250
0

How to add a check on this Basic authentication in my Axis Web Service?

Anwser: The basic credentials can be retrieved from WebServiceContext

@WebService
public class Service{
//Injected by whatever container you are using
@Resource
WebServiceContext wctx;

@WebMethod
public Integer fooServiceLocator(int x, int y){
    //Get The Message Context
    MessageContext mctx = wctx.getMessageContext();

    //Grab the HTTP Request Headers
    Map<Object, Object> object = (Map<Object, Object>) mctx.get(MessageContext.HTTP_REQUEST_HEADERS);

    //Grab the Authorization Values
    List<String> basicCredentials = (List<String>) object.get("Authorization");

    //Print out credentials
    basicCredentials.forEach(System.out::println);

    //Do a meaningful check of the credentials

The code above explains how to retrieve the Basic credentials from inside the web service. My recommendation is to let either the Servlet or EJB container handle any security your application needs. By letting the container handle your security, your code becomes more portable between environments.

cbones4321
  • 46
  • 1
  • 2
0

Simplest way to do this would be add SOAP header in WSDL for authentication. For example, user name and password can be added as new elements under a new SOAP header in the WSDL file and regenerate source files.

`<xs:element name="UsernameToken"> 
    <xs:complexType> 
        <xs:sequence> 
            <xs:element ref="Username"/> 
            <xs:element ref="Password" minOccurs="0"/> 
        </xs:sequence> 
    <xs:attribute name="Id" type="xs:ID"/>
</xs:complexType></xs:element>`

Using the above header in WSDL, if we generate source files, we can easily add authentication logic in impl.

Then verification of user name and password can be done in the *Impl.java class.

Srivignesh
  • 337
  • 3
  • 14