Webservice authentication mechanism SOAP Java

3

I'm building a Java webservice (wsdl) that will be consumed via SOAP. I need to implement a form of authentication in each webservice method so that every request is tested if the source is someone with permission.

I tried to follow this tutorial , but I did not get good results . My test code looks like this:

@WebMethod(operationName = "autentica")
public String autentica() {
    MessageContext mContext = wsContext.getMessageContext();

    Map http_headers = (Map) mContext.get(MessageContext.HTTP_REQUEST_HEADERS);
    List userList = (List) http_headers.get("Username");
    List passList = (List) http_headers.get("Password");

    String username = "";
    String password = "";

    if(userList != null) {
        username = userList.get(0).toString();
        System.out.println("User: " + userList.get(0).toString());
    }

    if(passList != null) {
        password = passList.get(0).toString();
        System.out.println("Pass: " + passList.get(0).toString());
    }

    if (username.equals("admin") && password.equals("admin")){
        return "Hello World JAX-WS - Valid User!";
    }else{
        return "Unknown User!";
    }
}

To consume webservice I tested with SOAPUI and an ionic app using angular soap 3.0 and both the headers arrived as null, causing it to be returned "Unknown User!"

Could someone tell me what I'm doing wrong or another form of authentication that I can use?

EDIT

IONIC App

Code used in the ionic app to make the request for the webservice:

$soap.setCredentials("admin","admin");
$soap.post(url, "autentica").then(
    function(response) {
        console.log(response);
    }
);

Console output: Unknown User!

SoapUI

Setting authentication settings:

Returnofrequest:

<S:Envelopexmlns:S="http://schemas.xmlsoap.org/soap/envelope/">
   <S:Body>
      <ns2:autenticaResponse xmlns:ns2="http://service.natal.rn.gov.br/">
          <return>Unknown User!</return>
      </ns2:autenticaResponse>
   </S:Body>
</S:Envelope>
    
asked by anonymous 11.01.2017 / 16:12

1 answer

0

The most likely answer is that you are not inserting headers User and Password when calling webservice .

In section 3 of the tutorial you described how to do it the right way. In section 4 it shows how HTTP headers should arrive on the server.

Regarding the use of angular-soap, the README.md of the same one indicates in example 5, how to configure credentials the way he thinks it should be :

$soap.setCredentials("username","password");

What in the end is something like:

xmlHttp.setRequestHeader("Authorization", "Basic " + SOAPClient._toBase64(SOAPClient.userName + ":" + SOAPClient.password));

That's nothing like your passwords and user passwords.

It seems that SOAPUI recommends doing almost the same thing: link

They are based on the HTTP Basic Authentication method.

I do not recommend using custom HTTP headers, because browsers did not accept it, and whenever someone needs to access your webservice , you need to write a much larger manual to understand exactly what correct mode. I prefer to use cookies , their behavior is standardized.

Some prefer to use HTTP Basic Authentication, it is also valid.

It's been a long time since I worked with SOAP, at that time it would be ideal to use SAML and WS-Security . Not that I recommend, just to state that it is also an option. In a way, it's a beautiful family of specifications. Most developers have abandoned SOAP to use REST , because of this, it's a mystery;)

    
17.01.2017 / 07:31