Using Handler Methods for
SOAP Headers in Java
The VMware vCenter Single Sign-On SDK
provides sample code that is an extension of the JAX-WS XML Web services
message handler (
javax.xml.ws.handler
). The sample code consists
of a set of SOAP header handler methods and a header handler resolver, to which
you add the handler methods. The handler methods insert timestamp, user
credential, and message signature data into the SOAP security header for the
request. A handler method extracts the SAML token from the vCenter Single
Sign-On server response.
The VMware vCenter Single Sign-On client SOAP
header handler files are located in the
soaphandlers
directory:
SDK/sso/java/JAXWS/samples/com/vmware/sso/client/soaphandlers
To access the SOAP handler implementation, the
example code contains the following import statements:
import com.vmware.sso.client.soaphandlers.HeaderHandlerResolver; import com.vmware.sso.client.soaphandlers.SSOHeaderHandler; import com.vmware.sso.client.soaphandlers.SamlTokenExtractionHandler import com.vmware.sso.client.soaphandlers.TimeStampHandler; import com.vmware.sso.client.soaphandlers.UserCredentialHandler; import com.vmware.sso.client.soaphandlers.WsSecurityUserCertificateSignatureHandler;
This example uses the following handler elements:
- HeaderHandlerResolver
- SamlTokenExtractionHandler
- TimestampHandler
- UserCredentialHandler
- WsSecurityUserCertificateSignatureHandler (SSOHeaderHandler)
The following sequence shows the operations and
corresponding Java elements for message security.
The following example creates a handler resolver
and adds the handler methods to the handler resolver. After the handlers have
been established, the client creates a token request and calls the
Issue
method. See
Sending a Request for a
Security Token in Java.
You must perform these steps
for message security before retrieving the STS service port. An example of
retrieving the STS service port is shown in
Sending a Request for a
Security Token in Java.
Acquiring a vCenter Single Sign-On Token –
Soap Handlers
/* * Instantiate the STS Service */ STSService_Service stsService = new STSService_Service(); /* * Instantiate the HeaderHandlerResolver. */ HeaderHandlerResolver headerResolver = new HeaderHandlerResolver(); /* * Add handlers to insert a timestamp and username token into the SOAP security header * and sign the message. * * -- Timestamp contains the creation and expiration time for the request * -- UsernameToken contains the username/password * -- Sign the SOAP message using the combination of private key and user certificate. * * Add the TimeStampHandler */ headerResolver.addHandler(new TimeStampHandler()); /* * Add the UserCredentialHandler. arg[1] is the username; arg[2] is the password. */ UserCredentialHandler ucHandler = new UserCredentialHandler(args[1], args[2]); headerResolver.addHandler(ucHandler); /* * Add the message signature handler (WsSecurityUserCertificateSignatureHandler); * The client is responsible for supplying the private key and certificate. */ SSOHeaderHandler ssoHandler = new WsSecurityUserCertificateSignatureHandler(privateKey, userCert); headerResolver.addHandler(ssoHandler); /* * Add the token extraction handler (SamlTokenExtractionHandler). */ SamlTokenExtractionHandler sbHandler = new SamlTokenExtractionHandler; headerResolver.addHandler(sbHandler); /* * Set the handlerResolver for the STSService to the HeaderHandlerResolver created above. */ stsService.setHandlerResolver(headerResolver);