Using Handler Methods for
SOAP Headers
The VMware vCenter Single Sign-On SDK
provides sample code that is an extension of the JAX-WS XML Web services
message handler (
javax.xml.ws.handler
).
The sample code consists of a set of SOAP header
handler methods and a header handler resolver, to which you add the handler
methods. The handler methods insert timestamp, user credential, and message
signature data into the SOAP security header for the request. A handler method
extracts the SAML token from the vCenter Single Sign-On Server response.
The VMware vCenter Single Sign-On client SOAP
header handler files are located in the
soaphandlers
directory.
SDK/sso/java/JAXWS/samples/com/vmware/sso/client/soaphandlers
To access the SOAP handler implementation, the
example code contains the following import statements.
import com.vmware.sso.client.soaphandlers.HeaderHandlerResolver; import com.vmware.sso.client.soaphandlers.SSOHeaderHandler; import com.vmware.sso.client.soaphandlers.SamlTokenExtractionHandler import com.vmware.sso.client.soaphandlers.TimeStampHandler; import com.vmware.sso.client.soaphandlers.UserCredentialHandler; import com.vmware.sso.client.soaphandlers.WsSecurityUserCertificateSignatureHandler;
This example uses the following handler elements.
- HeaderHandlerResolver
- SamlTokenExtractionHandler
- TimestampHandler
- UserCredentialHandler
- WsSecurityUserCertificateSignatureHandler(SSOHeaderHandler)
The following sequence shows the operations and
corresponding Java elements for message security.
Create an STS service
object ( STSService_Service ). This
object will bind the handlers to the request and provide access to the issue
method.
| STSService_Service
|
Create a handler resolver
object ( HeaderHandlerResolver ). This
object acts as a receptacle for the handlers.
| HeaderHandlerResolver
|
Add the header handlers:
| 
|
Add the handler resolver
to the STS service.
| 
|
The following code fragment creates a handler
resolver and adds the handler methods to the handler resolver. After the
handlers have been established, the client creates a token request and calls
the
Issue
method. See
Sending a Request for a Security Token.
You must perform these steps
for message security before retrieving the STS service port. An example of
retrieving the STS service port is shown in
Sending a Request for a Security Token.
/* * Instantiate the STS Service */ STSService_Service stsService = new STSService_Service(); /* * Instantiate the HeaderHandlerResolver. */ HeaderHandlerResolver headerResolver = new HeaderHandlerResolver(); /* * Add handlers to insert a timestamp and username token into the SOAP security header * and sign the message. * * -- Timestamp contains the creation and expiration time for the request * -- UsernameToken contains the username/password * -- Sign the SOAP message using the combination of private key and user certificate. * * Add the TimeStampHandler */ headerResolver.addHandler(new TimeStampHandler()); /* * Add the UserCredentialHandler. arg[1] is the username; arg[2] is the password. */ UserCredentialHandler ucHandler = new UserCredentialHandler(args[1],args[2]); headerResolver.addHandler(ucHandler); /* * Add the message signature handler (WsSecurityUserCertificateSignatureHandler); * The client is responsible for supplying the private key and certificate. */ SSOHeaderHandler ssoHandler = new WsSecurityUserCertificateSignatureHandler(privateKey, userCert); headerResolver.addHandler(ssoHandler); /* * Add the token extraction handler (SamlTokenExtractionHandler). */ SamlTokenExtractionHandler sbHandler = new SamlTokenExtractionHandler; headerResolver.addHandler(sbHandler); /* * Set the handlerResolver for the STSService to the HeaderHandlerResolver created above. */ stsService.setHandlerResolver(headerResolver);