Monday, November 19, 2012

Call AXIS web service with security

AXIS web service uses .wsdd XML file to read username & passwordCallbackClass. Here, it shown sample .wsdd file.


<deployment xmlns=""
<transport name="http" pivot="java:org.apache.axis.transport.http.HTTPSender"/>
<globalConfiguration >
<requestFlow >
<handler type="" >
<parameter name="action" value="UsernameToken"/>
<parameter name="user" value="M_TICKET"/>
<parameter name="passwordType" value="PasswordText" />
<parameter name="passwordCallbackClass"
</requestFlow >
</globalConfiguration >

Then you have to implement "PWCallBackClass" class as below.

PWCallBackClass .java

public class PWCallBackClass implements CallbackHandler {

     private static final byte[] key = {
   (byte)0x31, (byte)0xfd, (byte)0xcb, (byte)0xda,
   (byte)0xfb, (byte)0xcd, (byte)0x6b, (byte)0xa8,
   (byte)0xe6, (byte)0x19, (byte)0xa7, (byte)0xbf,
   (byte)0x51, (byte)0xf7, (byte)0xc7, (byte)0x3e,
   (byte)0x80, (byte)0xae, (byte)0x98, (byte)0x51,
   (byte)0xc8, (byte)0x51, (byte)0x34, (byte)0x04,
public void handle(Callback[] callbacks)
   throws IOException, UnsupportedCallbackException {
   for (int i = 0; i < callbacks.length; i++) {
     if (callbacks[i] instanceof WSPasswordCallback) {
       WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];
        * here call a function/method to lookup the password for
        * the given identifier (e.g. a user name or keystore alias)
        * e.g.: pc.setPassword(passStore.getPassword(pc.getIdentfifier))
        * for testing we supply a fixed name/fixed key here.
       if (pc.getUsage() == WSPasswordCallback.KEY_NAME) {
       else {
     } else {
       throw new UnsupportedCallbackException(
         callbacks[i], "Unrecognized Callback");

Following code can be used to call web service with security implemented with AXIS.

import java.rmi.Remote;
import java.rmi.RemoteException;

import javax.xml.rpc.ServiceException;

import org.apache.axis.AxisFault;
import org.apache.axis.EngineConfiguration;
import org.apache.axis.client.Stub;
import org.apache.axis.configuration.FileProvider;

import com.comverse_in.prepaid.ccws.ServiceLocator;
import com.comverse_in.prepaid.ccws.ServiceSoap;
import com.comverse_in.prepaid.ccws.ServiceSoapProxy;
import com.comverse_in.prepaid.ccws.ServiceSoapStub;


public class TestWS {

public static void main(String args[]) throws ServiceException, RemoteException{

EngineConfiguration config = new FileProvider("client_deploy.wsdd");
ServiceLocator locator = new ServiceLocator(config);
Remote remote = locator.getPort(ServiceSoap.class);
Stub axisPort = (Stub)remote;

axisPort._setProperty(WSHandlerConstants.ACTION, WSHandlerConstants.USERNAME_TOKEN);
axisPort._setProperty(UsernameToken.PASSWORD_TYPE, WSConstants.PASSWORD_TEXT);
axisPort._setProperty(WSHandlerConstants.USER, "sujith");

axisPort._setProperty(WSHandlerConstants.PW_CALLBACK_CLASS, "PWCallBackClass");

ServiceSoap service = (ServiceSoapStub)axisPort;
System.out.println("Calling service...");
int ver = service.getVersionId();
System.out.println("get version id service returned " + ver);

Reference :-

Following jars needed to run web service client than AXIS jars.

  1. opensaml-1.0.1.jar
  2. wss4j-2.1.jar
  3. ws-security-5.1.0-M1.jar
  4. xmlsec-1.3.0.jar