{"id":26030,"date":"2014-06-03T08:55:38","date_gmt":"2014-06-03T05:55:38","guid":{"rendered":"http:\/\/www.javacodegeeks.com\/?p=26030"},"modified":"2018-10-09T23:33:00","modified_gmt":"2018-10-09T20:33:00","slug":"adding-ws-security-over-soap-using-apache-camel","status":"publish","type":"post","link":"https:\/\/www.javacodegeeks.com\/2014\/06\/adding-ws-security-over-soap-using-apache-camel.html","title":{"rendered":"Adding WS-Security over soap using Apache Camel"},"content":{"rendered":"

WS-Security (Web Services Security) is a protocol which allows you to secure your soap web services. The client, who makes the soap request, has to provide a login and a password in the soap header.<\/p>\n

The server receives the soap request, checks the credentials and validates or not the request. With Apache Camel, it is easy to work with soap web services (especially if you use Apache CXF), but handling with WS-Security can be tricky.<\/p>\n

The idea is to create an xml template with all required information (including login and password) and add the template to the soap header.<\/p>\n

public void addSoapHeader(Exchange exchange,String soapHeader){\r\n\r\n        List<SoapHeader> soapHeaders = CastUtils.cast((List<?>) exchange.getIn().getHeader(Header.HEADER_LIST));\r\n        SoapHeader newHeader;\r\n\r\n        if(soapHeaders == null){\r\n\r\n            soapHeaders = new ArrayList<SoapHeader>();\r\n        }\r\n        \r\n        try {\r\n            newHeader = new SoapHeader(new QName(\"soapHeader\"), DOMUtils.readXml(new StringReader(soapHeader)).getDocumentElement());\r\n            newHeader.setDirection(Direction.DIRECTION_OUT);\r\n\r\n            soapHeaders.add(newHeader);\r\n\r\n            exchange.getIn().setHeader(Header.HEADER_LIST, soapHeaders);\r\n\r\n        } catch (Exception e) {\r\n            \/\/log error\r\n        }\r\n    }<\/pre>\n
Apache Camel uses an Exchange<\/code> interface which has methods to retrieve or update headers.\u00a0The soapHeader<\/code> parameter is a string containing the xml template.<\/p>\n
We retrieve the current headers and we add a new header named soapHeader<\/code>. We convert the soapHeader<\/code> property from string to XML thanks to the DOMUtils<\/code> class.<\/p>\n
The newHeader.setDirection(Direction.DIRECTION_OUT)<\/code> instruction means that the header will be applied to a request either leaving a consumer endpoint or entering a producer endpoint (that is, it applies to a WS request message propagating through a route).
 
<\/div> <\/div><\/p>\n
Now let\u2019s create the xml template and call the addSoapHeader<\/code> method:<\/p>\n
public void addWSSESecurityHeader(Exchange exchange,String login,String password){\r\n\r\n        String soapHeader = \"<?xml version=\\\"1.0\\\" encoding=\\\"utf-8\\\"?><wsse:Security xmlns:wsse=\\\"http:\/\/docs.oasis-open.org\/wss\/2004\/01\/oasis-200401-wss-wssecurity-secext-1.0.xsd\\\"+ \r\n        \"xmlns:wsu=\\\"http:\/\/docs.oasis-open.org\/wss\/2004\/01\/oasis-200401-wss-wssecurity-utility-1.0.xsd\\\"><wsse:UsernameToken wsu:Id=\\\"UsernameToken-50\\\"><wsse:Username>\"\r\n                + login\r\n                + \"<\/wsse:Username><wsse:Password Type=\\\"http:\/\/docs.oasis-open.org\/wss\/2004\/01\/oasis-200401-wss-username-token-profile-1.0#PasswordText\\\">\"\r\n                + password + \"<\/wsse:Password><\/wsse:UsernameToken><\/wsse:Security>\";\r\n\r\n        \/\/Add wsse security header to the exchange\r\n\r\n        addSoapHeader(exchange, soapHeader);\r\n\r\n    }<\/pre>\n
As we can see, we need two namespaces in our xml (to handle with WS-Security):<\/p>\n