We Keep Coding

Spring-WS: How to include a soapheader in the response message

I'm using Spring-WS to build a web service (contract first). I defined an endpoint like below
#Endpoint
public class ReportingEndpoint {
private static final Logger LOGGER = LoggerFactory.getLogger(ReportingEndpoint.class);
private static final String NAMESPACE_URI = "http://localhost/reporting";
#PayloadRoot(namespace = NAMESPACE_URI, localPart = "RequestDocument")
#ResponsePayload
public ResponseDocument accountReporting(
#RequestPayload JAXBElement<RequestDocument> request,
#SoapHeader(value = "{http://localhost/reporting}Hdr") SoapHeaderElement header) {
try {
ApplicationHeader headers = ((JAXBElement<ApplicationHeader>) JAXBUtils
.unmarshal(header.getSource(), ObjectFactory.class)).getValue();
LOGGER.info(headers.getSystemName());
LOGGER.info("Hello world.");
ResponseDocument response = new ResponseDocument();
response.setReportTitle("Report Title");
return response;
} catch (Exception ex) {
return null;
}
}
}
This code can receive and read the soap header sent from client but when I return a response message, I don't know how to send back to client the server soap header as the client did.
Can anybody help me to solve this issue?

Getting content of a SOAP Header using Spring WS

I'm trying to build an endpoint that will receive SOAP messages from a client. The message I'm receiving contains a username and password inside the soap header ...
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns="http://www.company.com/Application">
<soapenv:Header xmlns:wsse="http://__________.xsd">
<wsse:Security >
<wsse:UsernameToken>
<wsse:Username>username</wsse:Username>
<wsse:Password>password</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
<soapenv:Body>
I'm using Spring WS - the obvious solution is to create a filter inside web.xml that will bypass Spring WS completely, parse the SOAP message, extract the username and password and then continue to Spring WS which will parse the SOAP again.
Is there a way to get the content of the header without circumventing Spring WS?
I've tried adding a bean inside sws:interceptors:
<sws:interceptors>
<!-- extract Security details from Header -->
<bean class="com.company.application.service.SecurityInterceptorService" />
<!-- log full Body of request -->
<bean class="org.springframework.ws.server.endpoint.interceptor.PayloadLoggingInterceptor"/>
<!-- validate Request against XSD to make sure it's a valid request -->
<bean id="CompanyApplication" class="com.company.application.interceptor.ValidatingInterceptor">
<property name="schema" value="/WEB-INF/_______________.xsd" />
<property name="validateRequest" value="true" />
<property name="validateResponse" value="true" />
</bean>
</sws:interceptors>
and then implementing that class:
public class SecurityInterceptorService implements EndpointInterceptor {
#Override
public boolean handleRequest(MessageContext messageContext, Object endpoint) throws Exception {
System.out.println("---------------");
System.out.println("handleRequest") ;
System.out.println("---------------");
return true;
}
#Override
public boolean handleResponse(MessageContext messageContext, Object endpoint) throws Exception {
System.out.println("---------------");
System.out.println("handleResponse");
System.out.println("---------------");
return true;
}
#Override
public boolean handleFault(MessageContext messageContext, Object endpoint) throws Exception {
System.out.println("---------------");
System.out.println("handleFault");
System.out.println("---------------");
return true;
}
#Override
public void afterCompletion(MessageContext messageContext, Object endpoint, Exception ex) throws Exception {
System.out.println("---------------");
System.out.println("afterCompletion");
System.out.println("---------------");
}
}
endpoint only contains data about the endpoint inside handleRequest and after traversing through many layers and layers inside messageContext while in debug mode, I can't seem to spot the content of the header.
Is the content I'm looking for inside messageContext and if so, how do I access it?

From the messageContext object, you can retrieve either the request or the response (In your case, I guess you need the request).
The request/response is basically a WebServiceMessage. If you examine the webServiceMessage, you will see that the object can be casted to a SoapMessage. From the soap message, you can now get the soap header.
WebServiceMessage webServiceMessageRequest = messageContext_.getRequest();
SoapMessage soapMessage = (SoapMessage) webServiceMessageRequest;
SoapHeader soapHeader = soapMessage.getSoapHeader()
Afterwards, You might want to get the source object and convert it to a DOMSource object and then get the Node object which make the information retrieval much easier.
Source bodySource = soapHeader .getSource();
DOMSource bodyDomSource = (DOMSource) bodySource;
Node bodyNode = _bodyDomSource.getNode();

If you are using spring-boot you can use this kind of configuration:
#EnableWs
#Configuration
public class WebServiceConfig extends WsConfigurerAdapter {
#Override
public void addInterceptors(List<EndpointInterceptor> interceptors) {
PayloadValidatingInterceptor validatingInterceptor = new PayloadValidatingInterceptor();
validatingInterceptor.setValidateRequest(true);
validatingInterceptor.setValidateResponse(true);
validatingInterceptor.setXsdSchema(resourceSchema());
interceptors.add(validatingInterceptor);
}
#Bean
public ServletRegistrationBean messageDispatcherServlet(ApplicationContext applicationContext) {
MessageDispatcherServlet servlet = new MessageDispatcherServlet();
servlet.setApplicationContext(applicationContext);
servlet.setTransformWsdlLocations(true);
return new ServletRegistrationBean(servlet, "/api/*");
}
#Bean(name = "registros")
public DefaultWsdl11Definition defaultWsdl11Definition(XsdSchema countriesSchema) {
DefaultWsdl11Definition wsdl11Definition = new DefaultWsdl11Definition();
wsdl11Definition.setPortTypeName("ResourcePort");
wsdl11Definition.setLocationUri("/api");
wsdl11Definition.setTargetNamespace("http://resource.com/schema");
wsdl11Definition.setSchema(resourceSchema());
return wsdl11Definition;
}
#Bean
public XsdSchema resourceSchema() {
return new SimpleXsdSchema(new ClassPathResource("registro.xsd"));
}
}
In this example the addInterceptors method is the important one, the others 3 are basic to expose a WSDL API.
Maybe it'll be useful for someone else.

There is no easy way to unmarshall Soap headers with Spring-ws (it's currently not supported)
However, you can access the SoapHeaderElement in your #PayloadRoot annotated method, and do the process of unmarshalling with JAXB.
#Endpoint
public class SubmitEndpoint implements EndpointInterface {
private static final String NAMESPACE_URI = "http://www.example.com/namespace";
private Security unmarshallSecurityFromSoapHeader(SoapHeaderElement header) {
Security security = null;
try {
JAXBContext context = JAXBContext.newInstance(Security.class);
Unmarshaller unmarshaller = context.createUnmarshaller();
security = (Security) unmarshaller.unmarshal(header.getSource());
} catch (JAXBException e) {
e.printStackTrace();
}
return security;
}
#PayloadRoot(namespace = NAMESPACE_URI, localPart = "submit")
#ResponsePayload
public SubmitResponse submit(#RequestPayload Submit submit, #SoapHeader(
value = "{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security") SoapHeaderElement wsseSecurityHeader) throws JAXBException {
Security security = unmarshallSecurityFromSoapHeader(wsseSecurityHeader);
}
}
Security.java
#Getter
#Setter
#XmlAccessorType(XmlAccessType.FIELD)
#XmlRootElement(namespace = Security.SECURITY_NS, name = "Security")
public class Security {
public static final String SECURITY_NS = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
#XmlElement(namespace = SECURITY_NS, name = "UsernameToken")
private UsernameToken usernameToken;
}
UsernameToken.java
#Getter
#Setter
#XmlAccessorType(XmlAccessType.FIELD)
#XmlRootElement(namespace = Security.SECURITY_NS, name = "UsernameToken")
public class UsernameToken {
#XmlElement(name = "Username", namespace = Security.SECURITY_NS)
private String username;
#XmlElement(name = "Password", namespace = Security.SECURITY_NS)
private String password;
}

Eway Payment Gateway: Add Headers using SOAP Service in Recuring payment Using Java

I am trying to use eway payment gateway. In this i am using Recurring payment. For recurring they provide WSDL file, by using Maven Generator, i was creating java classes from WSDL file. When i was trying to call services, it generate an error, because the service need authentication information in SOAP header. From this Link i found the Solution to add header in SOAP request using Jaxb Object. After that, when i call the SOAP services it generates different error, which confused me. following is my code for handle eway recurring services:
1. SOAP Handler
public class EwaySOAPHandler implements SOAPHandler<SOAPMessageContext>{
private JAXBElement<EWAYHeader> jaxbElement = null;
public EwaySOAPHandler(JAXBElement<EWAYHeader> jaxbElement) {
this.jaxbElement = jaxbElement;
}
public boolean handleMessage(SOAPMessageContext context) {
Boolean outBoundProperty = (Boolean) context.get(MessageContext.MESSAGE_OUTBOUND_PROPERTY);
try{
if(outBoundProperty != null && outBoundProperty.booleanValue()){
Marshaller marshaller = JAXBContext.newInstance(EWAYHeader.class).createMarshaller();
SOAPHeader header = context.getMessage().getSOAPPart().getEnvelope().addHeader();
marshaller.marshal(jaxbElement, header);
}
return false;
}catch(Exception ex){
System.out.println("Problem In Handel Message");
ex.printStackTrace();
}
return true;
}
public boolean handleFault(SOAPMessageContext context) {
throw new UnsupportedOperationException("Not Supported Yet");
}
public void close(MessageContext context) {
}
public Set<QName> getHeaders() {
return new TreeSet<QName>();
}
}
2. SOAP Client
public class SOAPClient {
#Test
public void test() {
ManageRebill manageRebill = new ManageRebill();
ManageRebillSoap manageRebillSoap = manageRebill.getManageRebillSoap();
Binding binding = ((BindingProvider) manageRebillSoap).getBinding();
List<Handler> handlersList = new ArrayList<Handler>();
EWAYHeader header = new EWAYHeader();
header.setEWAYCustomerID("87654321");
header.setPassword("test");
header.setUsername("test#eway.com.au");
ObjectFactory factory = new ObjectFactory();
JAXBElement<EWAYHeader> jaxbElement = factory.createEWAYHeader(header);
EwaySOAPHandler ewaySOAPHandler = new EwaySOAPHandler(jaxbElement);
handlersList.add(ewaySOAPHandler);
binding.setHandlerChain(handlersList);
manageRebillSoap.createRebillCustomer("Mr", "Pritpal", "Singh",
"Mohali", "CHD", "Punjab", "netsol", "1610032", "india",
"abc#abc.com", "123456789", "123456789", "987654321", "Ref123",
"JavaEE Developer", "comments", "http://google.com");
}}
Following error is generate when i try to run SOAPClient test case:
com.sun.xml.internal.ws.streaming.XMLStreamReaderException: unexpected XML tag. expected: {http://www.eway.com.au/gateway/rebill/manageRebill}CreateRebillCustomerResponse but found: {http://www.eway.com.au/gateway/rebill/manageRebill}CreateRebillCustomer.
According to this error, in response they need CreateRebillCustomerResponse but return CreateRebillCustomer object. the problem is that, how i change the object and where these objects are define ?.

How to add chain of certificate in spring ws client request

I have simply spring ws client which sending request to some url:
#SuppressWarnings("unchecked")
private JAXBElement<O> sendSyncSoapRequest(final JAXBElement<I> req, final String iszrUrl) {
if (iszrUrl != null) {
return (JAXBElement<O>) this.wsTemplate.marshalSendAndReceive(iszrUrl, req);
} else {
return (JAXBElement<O>) this.wsTemplate.marshalSendAndReceive(req);
}
}
Now I need attach chain of certificate to the soap request. How should I do this ? Please help

I'm not aware of any syntactic sugar in Spring for using certificate authentication on the client. However there may now be something I have missed. In the absence of someone else pointing out that there's a simple annotation that you can apply to your web service template, here's my thinking.
This isn't a fully step-by-step answer, but it should get you part way there. By using a WebServiceMessageCallback, you can modify the headers in your SOAP message before the message is sent. The code below demonstrates doing that to add a username and password to the headers.
You should be able to use the same mechanism to add certificates to the security headers in a similar manner. Take a look at the following document, which explains SOAP certificate-based authentication and shows example security headers for this on page 9.
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0.pdf
Object response = getWebServiceTemplate().marshalSendAndReceive(
exposureRequests,
new WebServiceMessageCallback() {
/**
* The doWithMessage callback enables us to modify the message after it has
* been built using the nice Spring/JAXB marshalling, just before it gets
* sent out.
*/
#Override
public void doWithMessage(WebServiceMessage message)
throws IOException, TransformerException {
applySecurityHeaders(message, SOAP_ACTION);
}
}
);
/**
* Add security headers to the outgoing message, so that the client is
* authenticated against the web service.
*/
private void applySecurityHeaders(WebServiceMessage message, String soapAction)
throws IOException, TransformerException {
Assert.isInstanceOf(SoapMessage.class, message);
SoapMessage soapMessage = (SoapMessage) message;
soapMessage.setSoapAction(soapAction);
SoapHeader header = soapMessage.getSoapHeader();
Transformer transformer = TransformerFactory.newInstance().newTransformer();
transformer.transform(getSecurityHeaderSource(), header.getResult());
soapMessage.writeTo(new LoggingOutputStream(log));
}
/**
* Returns the content required for a basic SOAP security header.
*/
private StringSource getSecurityHeaderSource() {
return new StringSource(
"<Security xmlns=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\">\n "
+ "<UsernameToken>\n"
+ "<Username><![CDATA[" + username + "]]></Username>\n "
+ "<Password><![CDATA[" + password + "]]></Password>\n "
+ "</UsernameToken>\n"
+ "</Security>\n");
}

So I already solve this problem. I need to create WebServiceMessageSender with new httpClient which contains sslFactory with my certificates:
WebServiceMessageSender sender = new HttpComponentsMessageSender(HttpClients.custom()
.addInterceptorFirst(new RemoveSoapHeadersInterceptor()).setSSLSocketFactory(factory));
wsTemplate.setMessageSender(sender);
// copy & paste from HttpComponentsMessageSender:
/**
* HttpClient {#link org.apache.http.HttpRequestInterceptor} implementation that removes {#code Content-Length} and
* {#code Transfer-Encoding} headers from the request. Necessary, because SAAJ and other SOAP implementations set
* these headers themselves, and HttpClient throws an exception if they have been set.
*/
public static class RemoveSoapHeadersInterceptor implements HttpRequestInterceptor {
#Override
public void process(HttpRequest request, HttpContext context) throws HttpException, IOException {
if (request instanceof HttpEntityEnclosingRequest) {
if (request.containsHeader(HTTP.TRANSFER_ENCODING)) {
request.removeHeaders(HTTP.TRANSFER_ENCODING);
}
if (request.containsHeader(HTTP.CONTENT_LEN)) {
request.removeHeaders(HTTP.CONTENT_LEN);
}
}
}
}

How to add soap header when making a soap request using the java objects generated by wsdl

I generated client java objects using JAX-WS RI. I am trying to make a SOAP request to a web service. Service requires authentication in the header which looks like below:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Header>
<xsd:authHeader>
<xsd:user>username#gmail.com</xsd:user>
<xsd:password>password1</xsd:password>
</xsd:authHeader>
</soapenv:Header>
<soapenv:Body>
<ns:searchAssetsParam>
<ns:includeSubfolders>true</ns:includeSubfolders>
<ns:resultsPage>2</ns:resultsPage>
</ns:searchAssetsParam>
</soapenv:Body>
</soapenv:Envelope>
The generated java objects have methods for calling the service, creating the objects and constructing the header. But, I am having trouble setting the header while making the call.
Here's the code that I am using:
IpsApiService service = new IpsApiService();
IpsApiPortType port = service.getIpsApiSoapPort();
SearchAssetsParam searchAssetsParam = buildSearchAssetsParam();
SearchAssetsReturn response = port.searchAssets(searchAssetsParam);
buildSearchAssetsParam() constructs the request object.
I created the header object as follows:
AuthHeader header = new AuthHeader();
header.setUser("username#gmail.com");
header.setPassword("password1");
How do I set this AuthHeader to the service request?
Thanks,
Venu

Once I had the same problem. I needed to modify the JAX-WS web service SOAP header at every request. To solve this problem I have created a handler like this:
public class MyHandler implements SOAPHandler<SOAPMessageContext> {
private static final Logger LOGGER = LoggerFactory.getLogger(MyHandler.class);
private String username;
private String password;
#Override
public boolean handleMessage(SOAPMessageContext context) {
try {
SOAPMessage message = context.getMessage();
SOAPHeader header = message.getSOAPHeader();
SOAPEnvelope envelope = message.getSOAPPart().getEnvelope();
if (header == null) {
header = envelope.addHeader();
}
QName qNameUserCredentials = new QName("https://your.target.namespace/", "UserCredentials");
SOAPHeaderElement userCredentials = header.addHeaderElement(qNameUserCredentials);
QName qNameUsername = new QName("https://your.target.namespace/", "Username");
SOAPHeaderElement username = header.addHeaderElement(qNameUsername );
username.addTextNode(this.username);
QName qNamePassword = new QName("https://your.target.namespace/", "Password");
SOAPHeaderElement password = header.addHeaderElement(qNamePassword);
password.addTextNode(this.password);
userCredentials.addChildElement(username);
userCredentials.addChildElement(password);
message.saveChanges();
//TODO: remove this writer when the testing is finished
StringWriter writer = new StringWriter();
message.writeTo(new StringOutputStream(writer));
LOGGER.debug("SOAP message: \n" + writer.toString());
} catch (SOAPException e) {
LOGGER.error("Error occurred while adding credentials to SOAP header.", e);
} catch (IOException e) {
LOGGER.error("Error occurred while writing message to output stream.", e);
}
return true;
}
//TODO: remove this class after testing is finished
private static class StringOutputStream extends OutputStream {
private StringWriter writer;
public StringOutputStream(StringWriter writer) {
this.writer = writer;
}
#Override
public void write(int b) throws IOException {
writer.write(b);
}
}
#Override
public boolean handleFault(SOAPMessageContext context) {
LOGGER.debug("handleFault has been invoked.");
return true;
}
#Override
public void close(MessageContext context) {
LOGGER.debug("close has been invoked.");
}
#Override
public Set<QName> getHeaders() {
LOGGER.debug("getHeaders has been invoked.");
return null;
}
public void setUsername(String username) {
this.username = username;
}
public void setPassword(String password) {
this.password = password;
}
}
It adds the needed parameters to my SOAP header and it is invoked on every request. All you need to do is to modify handleMessage method to suit your needs.

It works for me by overriding the public void setAttribute(String namespace, String localName, String value) method.
import javax.xml.namespace.QName;
import org.apache.axis.Constants;
import org.apache.axis.message.SOAPHeaderElement;
#SuppressWarnings("serial")
public class ADESHeaderElement extends SOAPHeaderElement
{
public ADESHeaderElement(QName qname, Object value)
{
super(qname, value);
}
#Override
public void setAttribute(String namespace, String localName, String value)
{
if (!Constants.ATTR_MUST_UNDERSTAND.equals(localName))
{ // Or any other attribute name you'd want to avoid
super.setAttribute(namespace, localName, value);
}
}
}
Create header element like this:
ADESHeaderElement custheader = new ADESHeaderElement(qname, clientserv);
custheader.setActor(null);

When you create your service from classess generated by cxf, add custom interceptor
Service service = new MyService(wsdlURL, new QName("http://myservice.com/MyService/", "MyService"));
MyPort port = service.getMyPort();
Client client = ClientProxy.getClient(port);
// adding interceptor programmatically
client.getOutInterceptors().add(new MyHeaderHandler());
Your can extend AbstractSoapInterceptor to implement your custom interceptor to handle message.
import javax.xml.bind.JAXBException;
import javax.xml.namespace.QName;
import org.apache.cxf.binding.soap.interceptor.AbstractSoapInterceptor;
import org.apache.cxf.headers.Header;
import org.apache.cxf.jaxb.JAXBDataBinding;
import org.apache.cxf.phase.Phase;
import com.rpc.core.utils.DomainContext;
public class MyHeaderHandler extends AbstractSoapInterceptor {
/**
* Constructor
*/
public MyHeaderHandler() {
super(Phase.PRE_LOGICAL);
}
#Override
public void handleMessage(org.apache.cxf.binding.soap.SoapMessage message) throws org.apache.cxf.interceptor.Fault {
try {
message.getHeaders().add(new Header(new QName("MyCustomHeader"),"value", new JAXBDataBinding(String.class)));
} catch (JAXBException e) {
e.printStackTrace();
}
};
}
}

Yes, I did the same that Rangappa Tungal, following this example:
Service w = new ServiceLocator();
ServiceSoap ws = new ServiceSoapStub(new URL(w.getServiceSoapAddress()),w); Stub mystub = (Stub) ws;
AuthHeader up = new AuthHeader("user","pass");
mystub.setHeader("namespace", "AuthHeader", up);
ws.get***();
Link to the example!