I am trying to use a third party web service which is exposed through a WSDL.
I am generating stubs using wsdl2java (axis) tool.
Now when I am using the same service (the same wsdl) through a SOAP client (SOUP UI Pro) it asks for authentication header info for all APIs (aprt from the normal args).
But in proxy classes (stubs) I am not seeing any API asking for this authentication header info argument.
I am not sure how to send the authentication header info with a SOAP request.
FYI: WSDL2Java is generating the Authentication header info class also, but none of the API is asking for this object argument.
Finally I got the answer.
Actually there is two types of header (defined in WSDL).
Implicit.
Explicit.
In case of explicit header generated stubs takes header as an argument but in case of implicit header we need to bind the header at the client side.
Explained nicely here (worked for me.)
Related
I'm using the Apache CXF library to consume a SOAP Web Service. This service requires a saml:assertion (SAML 1, not 2) in the payload header. I want to use an encoded SAML token that is given to me. How do I add this token into every request going to the external SOAP Web Service?
I've been playing around with the AbstractSoapInterceptor and the SamlTokenInterceptor, but I haven't gotten it to work yet. The interceptors require a Phase string, and I'm not sure which one suits my needs.
You could take a look at the CXF system tests. See here for a SAML example:
https://github.com/apache/cxf/blob/9e6d2aa86c57e600baf66e42538036c927cadcf5/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/action/ActionTest.java#L423
Spring configuration:
https://github.com/apache/cxf/blob/9e6d2aa86c57e600baf66e42538036c927cadcf5/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/action/client.xml#L351
If you already have a SAML token you can set that on the SAMLCallbackHandler directly via this method:
https://github.com/apache/wss4j/blob/eb3dc39b397f571746ee9183ecb96eac3206fa9f/ws-security-common/src/main/java/org/apache/wss4j/common/saml/SAMLCallback.java#L313
I am using the CXF Web Client to call Soap Web Service.
WSDL2JAVA is used to generate Java Code from wsdl. There are information from the soap header but the generated code do not have method to access the header.
How can I get header information by the CXF Web Client?
try -exsh (true/false) as an option to wsdl2java
wsdl2java generate java code based on wsdl provided because the wsdl is the data contract between the producer and consumer.
If the consumer would like to get header information. The best is that the wsdl contains methods to get header data.
If the wsdl did not describe it, special handling may be required. You may directly get the header information by the response or by interceptors.
My way is that the interceptor capture the header information and then throws fault exception. The method catch the exception and then get the header information. It seems a dirty way but work for me.
I am working on an application, that will pass client input to a vendor using web services. As phase I of the project, the vendor provided us with the XSD's and WSDL information. I used apache CXF to build the client jar. Now the issue I am facing is that, as part of the requirement, I need to send them the SOAP Request in an encrypted(I have taken care of the encryption part) XML file, that they will manually process, and send me back the response in another XML file that I need to parse and retrieve the response object.
Is there anyway to use the client jar in a dummy mode or something, where it looks like we are calling the client, but all we are doing is getting the raw SOAP request to a file
I kind of a hit a dead end and I am not totally sure how to proceed here, any help or suggestions would be appreciated
You might try SoapUI, it's a free web service testing tool. I know you can view the raw data of your soap request and response with it. soapUI
I am currently working on a jax-ws webservice which is suppossed to provide internationalised search results from a database.
I've looked over the internet for finding a concrete sample of code where the languageCode/languageId is sent in a standard manner along with the SOAP envelope (in order to avoid sending the languageId as a parameter of the webservice method), but haven't found anything concrete so far.
Can anyone recommend me a good approach on how to tackle this problem?
In the meantime i've found a manner to transport the metadata (languageId, user, password) over HTTP Request Headers
javax.xml.ws.handler.MessageContext.HTTP_REQUEST_HEADERS
http://www.mkyong.com/webservices/jax-ws/application-authentication-with-jax-ws/
Does anybody see some clear drawbacks in making use of such a transport method (over HTTP headers and not in the SOAP envelope)?
As also noted in another answer you can make use of standard WS-I18N SOAP extension.
SOAP documents that need to send international preferences SHOULD
include the i18n:international element information item in a header.
When sent from the requester to a provider, the header represents the
preferences of the requester or its client application. When sent in a
response message from the provider, the header represents the settings
that the service used to process the request.
Check how you can add SOAP headers in JAX-WS/Metro in this blog post (it has links to specific steps details).
Adding JAX-WS handlers to web services and SOAP clients
Using SOAPHandler for adding SOAP Header
Hope this helps.
Not very surprisingly, but there is a standard for it. http://www.w3.org/TR/ws-i18n/
However I am not sure how viable it is.
Hi I am trying to evaluate a web service. I am using the Axis API to create the requests. I send requests with some attacks, and then want to validate the obtained response to the response schema. I don't have much idea as to how can I achieve this. Can some one help me to achieve this, or give me some pointers that would give me some idea to obtain this.
If you used the wsdl2java tool that comes with Axis2, the response message will be unmarshalled to the generated classes, and you will get an error if the reponse message does not correspond with the classes generated from the WSDL. So in this way you have a kind of implicit validation.
Jens-Martin is correct. If you're using the client generated by Axis wsdl2java, all the validation you need is happening behind the scenes. There are two kinds of validation going on:
SOAP has a schema definition, and the response must be a valid SOAP response or the client will throw an exception.
The WSDL you used to generate the client described what goes in the SOAP envelope of the response. If the response you get doesn't match, the client will throw an exception.
If you really feel compelled to write your own XML parser/validator and SOAP handler, you're on your own.
Try SOAPUI. It is quite a powerful open source testing tool for web services. You can construct test suites, do performance testing, and specify customized validation criteria.