Basic Authentication : (Jax -RPC)

Web.xml changes :

  <security-constraint>
    <web-resource-collection>
         <web-resource-name>Axis-Servlet</web-resource-name>
       <description>...text...</description>
       <url-pattern>/services/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
       <role-name>yourWebServiceUser</role-name>
    </auth-constraint>
    <user-data-constraint>
       <description>...text...</description>
       <transport-guarantee>NONE</transport-guarantee>
    </user-data-constraint>  
  </security-constraint>

  <login-config>
     <auth-method>BASIC</auth-method>
     <realm-name>myrealm</realm-name>
  </login-config>

  <security-role>
     <description>...text...</description>
     <role-name>yourWebServiceUser</role-name>
  </security-role>

Client Code :

      Call call = (Call) service.createCall();
      call.setUsername("yourWebServiceUser");
      call.setPassword("yourWebServiceUser");
         
                Or
               
       Stub stub = (Stub)(new
          MyHelloService_Impl().getHelloIFPort());
       
          stub._setProperty(
          javax.xml.rpc.Stub.USERNAME_PROPERTY, username);
        stub._setProperty(
          javax.xml.rpc.Stub.PASSWORD_PROPERTY, password);
        stub._setProperty
          (javax.xml.rpc.Stub.ENDPOINT_ADDRESS_PROPERTY, endpointAddress);

With WSS4J :

A number of pieces are needed to make this happen.

the SOAP client in ClientJAXRPC.java, which we've already seen
a client deployment descriptor, which tells WSS4J how to handle security for the request
on the client: client_deploy_sec.wsdd
a client-side handler that sets the password: PWCallbackClient.java
a server deployment descriptor, which tells WSS4J how to handle security for the request
on the server: deploy.wsdd
a server-side handler that checks whether the security requirements declared in the
deployment descriptor have been met: PWCallbackServer.java

Let's go through these one by one and examine the details. We'll omit the client, as
it hasn't changed. The important part of the client deployment descriptor is this:

        <handler type="java:org.apache.ws.axis.security.WSDoAllSender">
                <parameter name="action" value="UsernameToken"/>
                <parameter name="user" value="wsuser"/>
                <parameter name="passwordCallbackClass"
                              value="fibonacci.handler.PWCallbackClient"/>
                <parameter name="passwordType" value="PasswordText"/>
                <!--
                <parameter name="passwordType" value="PasswordDigest"/>
                -->
        </handler>

       
Spring : (Jax-Ws)

Using WS-Security with Spring Web Services

Witk CFX :

Using Apache CXF with WS-Security
 

With IBM Metro :

And finally with Metro

Back to top