In the previous post of SOAP webservice using JAX-WS we explored how to host a SOAP webservice and test it using JAX-WS, here we will host a REST webservice.
Wednesday, 16 April 2014
Tuesday, 15 April 2014
SOAP spring-ws with username authentication security
Their are different ways to secure SOAP based webservices.
1. Username/Password
2. Timestamp
3. Encryption/ Decryption
4. Digital Signature
Among these the most common and easy type of security is username/password. This security is very similar to a web application having a login page at the start for Authentication.
Spring-ws provides API to do this kind of security.
Extending our example in the previous post to host a SOAP based webservice, here we apply username security
Following tag is needed to be added in *-servlet.xml.
Here XwsSecurityInterceptor is used as a interceptor to apply security. The Interceptor refers securityPolicy.xml mentioned below to apply security. The additional parameters used for security are mentioned in the callbackHandler bean tag.
securityPolicy.xml
The securityPolicy.xml below mentions that the request to the service should contain username/password parameters. If not then the response would be a FAULT
Once deployed the service can be tested using SOAP UI. The complete description is provided here.
For Web Service Introduction click here
Below are some posts that explain how to implement and test SOAP/REST Webservices
1. Username/Password
2. Timestamp
3. Encryption/ Decryption
4. Digital Signature
Among these the most common and easy type of security is username/password. This security is very similar to a web application having a login page at the start for Authentication.
Spring-ws provides API to do this kind of security.
Extending our example in the previous post to host a SOAP based webservice, here we apply username security
Following tag is needed to be added in *-servlet.xml.
<sws:interceptors> <bean class="org.springframework.ws.soap.server.endpoint.interceptor.PayloadValidatingInterceptor"> <property name="schema" value="/WEB-INF/login.xsd" /> <property name="validateRequest" value="true" /> <property name="validateResponse" value="true" /> </bean> <bean class="org.springframework.ws.server.endpoint.interceptor.PayloadLoggingInterceptor"> </bean> <bean class="org.springframework.ws.soap.security.xwss.XwsSecurityInterceptor"> <property name="policyConfiguration" value="/WEB-INF/securityPolicy.xml" /> <property name="callbackHandlers"> <list> <!-- <ref bean="keyStoreHandler" /> --> <ref bean="callbackHandler" /> </list> </property> </bean> </sws:interceptors> <bean id="callbackHandler" class="org.springframework.ws.soap.security.xwss.callback.SimplePasswordValidationCallbackHandler"> <property name="users"> <props> <prop key="admin">secret</prop> <prop key="clinetUser">pass</prop> </props> </property> </bean>
Here XwsSecurityInterceptor is used as a interceptor to apply security. The Interceptor refers securityPolicy.xml mentioned below to apply security. The additional parameters used for security are mentioned in the callbackHandler bean tag.
securityPolicy.xml
The securityPolicy.xml below mentions that the request to the service should contain username/password parameters. If not then the response would be a FAULT
<xwss:SecurityConfiguration xmlns:xwss="http://java.sun.com/xml/ns/xwss/config"> <xwss:RequireUsernameToken passwordDigestRequired="true" nonceRequired="true" /> </xwss:SecurityConfiguration>
Once deployed the service can be tested using SOAP UI. The complete description is provided here.
For Web Service Introduction click here
Below are some posts that explain how to implement and test SOAP/REST Webservices
| Host | |
| SOAP | REST |
| JAX-WS | JAX-RS |
| Spring-ws | Spring-MVC-REST |
| Client | |
| SOAP | REST |
| JAX-WS(wsimport) | Google REST APP |
| SOAP UI | Apache REST |
Monday, 7 April 2014
SOAP UI with username - digest security
SOAP UI can be used to test a SOAP based webservice with added security like username.
Below screen shots show this can be done.
Below screen shots show this can be done.
Saturday, 5 April 2014
SOAP webservice using Spring-ws
Spring-ws API works on the principal of contract first SOAP webservice. In this type of webservice implementation the wsdl is created first. In contract last SOAP webservice the JAVA code is created first which inturns creates the wsdl. The contract first webservice is a bit difficult to implement as compared to contract last webservice as the xsd and wsdl needs to be created manually. Contract first webservice is more advantageous though as it eliminates the impedance mismatch problem. Below code snippets explains how to use spring-ws to implement the SOAP based webservice.
Tuesday, 1 April 2014
Rest client java using apache http client
This blog explains how a rest web service can be called using Apache Http Client API.
Below class is a utility class that transforms a Java object to XML and also the other way around.
This class uses JAXB to marshal an unmarshal the objects and xml string.
Below class is a utility class that transforms a Java object to XML and also the other way around.
This class uses JAXB to marshal an unmarshal the objects and xml string.
XML Rest Client with Google Chrome Advanced Rest Client App
For Web Service Introduction click here
Below are some posts that explain how to implement and test SOAP/REST Webservices
| Host | |
| SOAP | REST |
| JAX-WS | JAX-RS |
| Spring-ws | Spring-MVC-REST |
| Client | |
| SOAP | REST |
| JAX-WS(wsimport) | Google REST APP |
| SOAP UI | Apache REST |
Subscribe to:
Posts (Atom)