Using Handler Methods for SOAP Headers in Java

The VMware vCenter Single Sign-On SDK provides sample code that is an extension of the JAX-WS XML Web services message handler (
javax.xml.ws.handler
). The sample code consists of a set of SOAP header handler methods and a header handler resolver, to which you add the handler methods. The handler methods insert timestamp, user credential, and message signature data into the SOAP security header for the request. A handler method extracts the SAML token from the vCenter Single Sign-On server response.
The VMware vCenter Single Sign-On client SOAP header handler files are located in the
soaphandlers
directory:
SDK/sso/java/JAXWS/samples/com/vmware/sso/client/soaphandlers
To access the SOAP handler implementation, the example code contains the following import statements:
import com.vmware.sso.client.soaphandlers.HeaderHandlerResolver; import com.vmware.sso.client.soaphandlers.SSOHeaderHandler; import com.vmware.sso.client.soaphandlers.SamlTokenExtractionHandler import com.vmware.sso.client.soaphandlers.TimeStampHandler; import com.vmware.sso.client.soaphandlers.UserCredentialHandler; import com.vmware.sso.client.soaphandlers.WsSecurityUserCertificateSignatureHandler;
This example uses the following handler elements:
  • HeaderHandlerResolver
  • SamlTokenExtractionHandler
  • TimestampHandler
  • UserCredentialHandler
  • WsSecurityUserCertificateSignatureHandler (SSOHeaderHandler)
The following sequence shows the operations and corresponding Java elements for message security.
Image shows the steps and software components involved in message headers and
     handlers.
The following example creates a handler resolver and adds the handler methods to the handler resolver. After the handlers have been established, the client creates a token request and calls the
Issue
method. See Sending a Request for a Security Token in Java.
You must perform these steps for message security before retrieving the STS service port. An example of retrieving the STS service port is shown in Sending a Request for a Security Token in Java.
Acquiring a vCenter Single Sign-On Token – Soap Handlers
/* * Instantiate the STS Service */ STSService_Service stsService = new STSService_Service(); /* * Instantiate the HeaderHandlerResolver. */ HeaderHandlerResolver headerResolver = new HeaderHandlerResolver(); /* * Add handlers to insert a timestamp and username token into the SOAP security header * and sign the message. * * -- Timestamp contains the creation and expiration time for the request * -- UsernameToken contains the username/password * -- Sign the SOAP message using the combination of private key and user certificate. * * Add the TimeStampHandler */ headerResolver.addHandler(new TimeStampHandler()); /* * Add the UserCredentialHandler. arg[1] is the username; arg[2] is the password. */ UserCredentialHandler ucHandler = new UserCredentialHandler(args[1], args[2]); headerResolver.addHandler(ucHandler); /* * Add the message signature handler (WsSecurityUserCertificateSignatureHandler); * The client is responsible for supplying the private key and certificate. */ SSOHeaderHandler ssoHandler = new WsSecurityUserCertificateSignatureHandler(privateKey, userCert); headerResolver.addHandler(ssoHandler); /* * Add the token extraction handler (SamlTokenExtractionHandler). */ SamlTokenExtractionHandler sbHandler = new SamlTokenExtractionHandler; headerResolver.addHandler(sbHandler); /* * Set the handlerResolver for the STSService to the HeaderHandlerResolver created above. */ stsService.setHandlerResolver(headerResolver);