The security handlers are
responsible for propagating security
tokens. These security tokens are embedded in the SOAP security header
and passed to downstream servers.
About this task
This information applies only to Java API
for XML-based Web Services (JAX-WS) .
The security tokens are
encapsulated in the implementation classes for the com.ibm.wsspi.wssecurity.auth.token.Token
interface. You can retrieve the security token data from either a
server application or a client application.
With a client application,
the application serves as the request generator and the response consumer
and runs as the Java Platform, Enterprise Edition
(Java EE) client application. The consumer component
for Web Services Security stores the security tokens that it receives
in one of the properties of the MessageContext object for the current
web services call. You can retrieve a set of token objects through
the javax.xml.rpc.Stub interface of that web services call. You must
know which security tokens to retrieve and their token IDs in case
multiple security tokens are included in the SOAP security header.
Complete the following steps to retrieve the security token data from
a client application:
Procedure
- Use the com.ibm.wsspi.wssecurity.token.tokenPropergation
key string to obtain the Hashtable for the tokens through a property
value in the javax.xml.ws.Stub interface. The following
example shows how to obtain the Hashtable:
java.util.Hashtable t;
javax.xml.ws.Service serv = …;
serv.addPort(...);
javax.xml.ws.Dispatch<Object> dispatch = svc.createDispatch(...);
Map<String, Object> requestContext = dispatch.getRequestContext();
requestContext.put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, ..);
requestContext.put(BindingProvider.SOAPACTION_USE_PROPERTY, ..);
requestContext.put(BindingProvider.SOAPACTION_URI_PROPERTY, ..);
String response = dispatch.invoke(body.toString());
Map<String, Object> responseContext = dispatch.getResponseContext();
t = (Hashtable) responseContext.get(
com.ibm.wsspi.wssecurity.Constants.WSSECURITY_TOKEN_PROPERGATION);
- Search the targeting token objects in the Hashtable.
Each token object in the Hashtable is set with its token ID
as a key. You must have prior knowledge of the security token IDs
to retrieve the security tokens. The following example shows how to
retrieve a username token from the security header with a certain
token ID value:
com.ibm.wsspi.wssecurity.auth.token.UsernameToken unt;
if (t != null) {
unt = (com.ibm.wsspi.wssecuty.auth.token.UsernameToken)t.get(“…”);
}
Results
After completing these steps,
you have retrieved the security
tokens that are processed by the Web Services Security handler in
a client application.