Adding elements in SOAP Header request for authentication

[butny]

Hi all,

I need to incorporate an authentication header (i.e. as a part of SOAP header request) in my new web service. That authentication header will verify the userId and password details. I have to verify the content of request header details for authentication in my Web Service. If authenticated, then the SOAP body of the request will be processed, else Invalid Authentication message will be send back by the Web Service to the client application invoking the service.

I am not able to understand how to create a web service where the SOAP Header will contain some elements(in my case, authentication elements such as userId and password).

Normally, whatever method exposed in the service will come as a part of the SOAP Body. Hence confused how to proceed with adding authentication elements in the SOAP Header.

Please help

Regards,

[butny]

After digging a bit into this, I got very little info such as:

1) If I use Basic Authentication, then there wont be any authentication details added in the SOAP Header request, but it will be added in the HTTP request.

2) If I use wsse then there will be osme elements related to authentication added in SOAP Header.

But don't have any idea like how to achieve any of these :(

In fact, i even don't need any complicated thing like the wsse, all i need is something like this to have added in the header:

Java Code:

 <soapenv:Header>
   	<authenticationInfo>
		<userId>?</userId>
		<password>?</password>
   	</authenticationInfo>
   <soapenv:Header/>

Please show me some pointers how to achieve this.

Thanks

[Tolls]

I haven't got involved here because I haven't had to handle SOAP authentication from scratch.
You have two options.
Learn WSSE, or put in a handler before the message goes out to the service.

The Oracle doc on handlers.
AGain, it's been a while since I had to write a handler, but they intercept the message either before it gets sent, or the response when it comes back. This allows you to preprocess it and add/remove things. That's where I'd look anyway.

[butny]

Hi,

The information you povided is really helpful. At least I got to know the possible ways and tried out the handler, it worked excellently.

Below is the link i followed:

Web services programming tips and tricks: How to create a simple JAX-RPC handler

But the as far the initial requirement goes, i have to embed the authentication details in soap header, like the one i posted in #2.

Since I am using JAX-RPC, hence wsse may not work in my case (wsse seems to be for JAX-WS).

Hence for the RPC, is there some possible way to embed the authentication in SOAP Header?

Please suggest. It will at least let me go the right way like the previous post did :)

Regards,