Adding WS-Security over soap using Apache Camel

WS-Security (Web Services Security) is a protocol which allows you to secure your soap web services. The client, who makes the soap request, has to provide a login and a password in the soap header.

The server receives the soap request, checks the credentials and validates or not the request. With Apache Camel, it is easy to work with soap web services (especially if you use Apache CXF), but handling with WS-Security can be tricky.

The idea is to create an xml template with all required information (including login and password) and add the template to the soap header.
 

public void addSoapHeader(Exchange exchange,String soapHeader){

        List<SoapHeader> soapHeaders = CastUtils.cast((List<?>) exchange.getIn().getHeader(Header.HEADER_LIST));
        SoapHeader newHeader;

        if(soapHeaders == null){

            soapHeaders = new ArrayList<SoapHeader>();
        }
        
        try {
            newHeader = new SoapHeader(new QName("soapHeader"), DOMUtils.readXml(new StringReader(soapHeader)).getDocumentElement());
            newHeader.setDirection(Direction.DIRECTION_OUT);

            soapHeaders.add(newHeader);

            exchange.getIn().setHeader(Header.HEADER_LIST, soapHeaders);

        } catch (Exception e) {
            //log error
        }
    }

Apache Camel uses an Exchange interface which has methods to retrieve or update headers. The soapHeader parameter is a string containing the xml template.

We retrieve the current headers and we add a new header named soapHeader. We convert the soapHeader property from string to XML thanks to the DOMUtils class.

The newHeader.setDirection(Direction.DIRECTION_OUT) instruction means that the header will be applied to a request either leaving a consumer endpoint or entering a producer endpoint (that is, it applies to a WS request message propagating through a route).

Now let’s create the xml template and call the addSoapHeader method:

public void addWSSESecurityHeader(Exchange exchange,String login,String password){

        String soapHeader = "<?xml version=\"1.0\" encoding=\"utf-8\"?><wsse:Security xmlns:wsse=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\"+ 
        "xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\"><wsse:UsernameToken wsu:Id=\"UsernameToken-50\"><wsse:Username>"
                + login
                + "</wsse:Username><wsse:Password Type=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText\">"
                + password + "</wsse:Password></wsse:UsernameToken></wsse:Security>";

        //Add wsse security header to the exchange

        addSoapHeader(exchange, soapHeader);

    }

As we can see, we need two namespaces in our xml (to handle with WS-Security):

We can then use interesting tags into our xml:

  • wsse :UsernameToken : Includes both username and password information
  • wsse :Username : Username required for authentication
  • wsse :Password : Password required for authentication

Next we just have to call our method addSoapHeaderto add our xml into the soap header. Here’s the full code with a complete Apache Camel route:

package com.example.test;

import java.io.StringReader;
import java.util.ArrayList;
import java.util.List;
import javax.xml.namespace.QName;
import org.apache.camel.Exchange;
import org.apache.camel.util.CastUtils;
import org.apache.cxf.binding.soap.SoapHeader;
import org.apache.cxf.headers.Header;
import org.apache.cxf.headers.Header.Direction;
import org.apache.cxf.helpers.DOMUtils;

public class MyRoute extends RouteBuilder {

    public void addSoapHeader(Exchange exchange,String soapHeader){

        List<SoapHeader> soapHeaders = CastUtils.cast((List<?>) exchange.getIn().getHeader(Header.HEADER_LIST));
        SoapHeader newHeader;

        if(soapHeaders == null){

            soapHeaders = new ArrayList<SoapHeader>();
        }
        
        try {
            newHeader = new SoapHeader(new QName("soapHeader"), DOMUtils.readXml(new StringReader(soapHeader)).getDocumentElement());
            newHeader.setDirection(Direction.DIRECTION_OUT);

            soapHeaders.add(newHeader);

            exchange.getIn().setHeader(Header.HEADER_LIST, soapHeaders);

        } catch (Exception e) {
            //log error
        }
    }

    public void addWSSESecurityHeader(Exchange exchange,String login,String password){

        String soapHeader = "<?xml version=\"1.0\" encoding=\"utf-8\"?><wsse:Security xmlns:wsse=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\"+ 
        "xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\"><wsse:UsernameToken wsu:Id=\"UsernameToken-50\"><wsse:Username>"
                + login
                + "</wsse:Username><wsse:Password Type=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText\">"
                + password + "</wsse:Password></wsse:UsernameToken></wsse:Security>";

        //Add wsse security header to the exchange

        addSoapHeader(exchange, soapHeader);

    }

    @Override
    public void configure() throws Exception {
        from("endpointIn")
        .process(new Processor(){
            @Override
            public void process(Exchange exchange) throws Exception {
                addWSSESecurityHeader(exchange, "login","password");
            }
        })
        .to("endointOut") ;
    }
}

Do you want to know how to develop your skillset to become a Java Rockstar?

Subscribe to our newsletter to start Rocking right now!

To get you started we give you two of our best selling eBooks for FREE!

JPA Mini Book

Learn how to leverage the power of JPA in order to create robust and flexible Java applications. With this Mini Book, you will get introduced to JPA and smoothly transition to more advanced concepts.

JVM Troubleshooting Guide

The Java virtual machine is really the foundation of any Java EE platform. Learn how to master it with this advanced guide!

Given email address is already subscribed, thank you!
Oops. Something went wrong. Please try again later.
Please provide a valid email address.
Thank you, your sign-up request was successful! Please check your e-mail inbox.
Please complete the CAPTCHA.
Please fill in the required fields.

One Response to "Adding WS-Security over soap using Apache Camel"

  1. Aakash says:

    Hi Michael,

    Thanks for the article. I’ve been trying to follow what you posted, but after the following lines i can see during debugging that inside newHeader wsse:security is null:

    newHeader = new SoapHeader(new QName(“soapHeader”), DOMUtils.readXml(new StringReader(soapHeader)).getDocumentElement());
    28
    newHeader.setDirection(Direction.DIRECTION_OUT);

    Do i need to do something else, such as add some dependencies etc?

    The error that i get while submiting the reqest to the endpoint is: “None of the policy alternatives can be satisfied”

Leave a Reply


− 5 = four



Java Code Geeks and all content copyright © 2010-2014, Exelixis Media Ltd | Terms of Use | Privacy Policy | Contact
All trademarks and registered trademarks appearing on Java Code Geeks are the property of their respective owners.
Java is a trademark or registered trademark of Oracle Corporation in the United States and other countries.
Java Code Geeks is not connected to Oracle Corporation and is not sponsored by Oracle Corporation.
Do you want to know how to develop your skillset and become a ...
Java Rockstar?

Subscribe to our newsletter to start Rocking right now!

To get you started we give you two of our best selling eBooks for FREE!

Get ready to Rock!
You can download the complementary eBooks using the links below:
Close