Web Service JAX-WS with application authentication
This listing corresponds to an extract of an EJB
with a session bean published as web service.
The yellow background code is the relevant
portion.
...
@Resource
WebServiceContext webServiceContext;
/**
* Default constructor.
*/
public WsEmpleados() {
// TODO Auto-generated constructor stub
}
// Las excepciones emitidas aqui se envian como SOAP Faults
public ArrayList<Empleados>
ObtenerEmpleados(ArrayList<Paises> paises,
String fecha) throws NonExistentData, InvalidUser {
MessageContext messageContext =
webServiceContext.getMessageContext();
// Mapeo de encabezados http
Map<?,?> requestHeaders =
(Map<?,?>) messageContext.get(MessageContext.HTTP_REQUEST_HEADERS);
List<?> userheaders= (List<?>)
requestHeaders.get("username");
List<?> paswordheaders= (List<?>)
requestHeaders.get("password");
String username = "";
String password = "";
if (userheaders!= null) {
username = userheaders.get(0).toString();
}
if (paswordheaders!= null) {
password
= paswordheaders.get(0).toString();
}
//The credential
validation can be done by a lot of options this is just one sample easy to
understand
if (!(username.equals("usr1") &&
password.equals("VFSkdaass"))) {
throw new InvalidUser();
}
...
return empleados;
}
}
C# code listing to consume the Java JAX-WS web service with application
authentication using http headers
Once you have created the proxy using the Java
Web service WSDL we can do the call of the exposed method by using the OperationContextScope in order to be able to send http headers or Soap headers depending on the WS Implementation.
//Web
service proxy generated by Visual Studio
Empleados.WsEmpleadosRemoteClient proxy
= new wsEmpNPrec.Empleados.WsEmpleadosRemoteClient ();
//Arreglo con el resultado de la invocación
wsEmpNPrec.Empleados.Empleado[] empleados = null;
//Adding
the http headers throught the OperationContext.
using (new
OperationContextScope(proxy.InnerChannel))
{
HttpRequestMessageProperty userHeader = new HttpRequestMessageProperty();
userHeader.Headers.Add("username", "usr1");
userHeader.Headers.Add("password", "VFSkdaass");
OperationContext.Current.OutgoingMessageProperties[HttpRequestMessageProperty.Name]
= userHeader;
empleados
= proxy.ObtenerEmpleados (parametros2);
}
This is not a good way to
implement application authentication but is still one and if you can add HTTPS to
this, you can have a not to bad and fast option to do it, anyway the http
headers can be used for other purposes too.