How do I call a WS-Secured SOAP web service implementing oasis standard
I am not sure whether HTTPbuilder can be used to access SOAP based web services. The popular groovy WSlite library can be used to access SOAP web services using basic authentication only.
Is there any groovy library or sample which could be used to access WS-security user name token implemented SOAP web service from groovy?
WS lite can be used to acess ws-secure web service. We have to build the security header and can generate nonce, password digest, time stamp and have then sent in the WSe security header.
Related
I need to clarify some problems regarding soap web services.
1) can I call a soap web service by just typing the url of the endpoint in the browser?
2) does the answer for question depend on what type of technologies used to develop the soap web service?
If I need to invoke a soap web service, i need to send a soap request. But by just sending a get or post request from a browser cannot generate a soap request. so by default I shouldn't be able to invoke a soap web service just using the browser.
but the following two resources are contradicting above assumptions of mine.Can someone explain me how these soap web services can be invoked without a soap request?
https://msdn.microsoft.com/en-us/library/aa719483%28v=vs.71%29.aspx
http://alvinalexander.com/blog/post/java/how-to-call-web-service-from-browser
I am learning SOAP and I have some questions:
If I have a SOAP service, and if my understanding is correct then the consumer will need to import the WSDL and generate the stubs to consume my service?
If now I have exposed the SOAP service with a RESTful API with the help of a ESB in between. Does that mean the consumer no longer need to import any WSDL to generate the stubs?
Yes -the idea behind SOAP specification (wsdl) is so that clients can use it to create a proxy for calling the service and not have to figure out the details for themselves. It is very hard to connect to a SOAP service without using a wsdl
In this case the ESB does the calls to the actual service and the REST interface is a new interface client should use to communicate with the service.
I built a web service using soap can i consume that service in another application using Rest Services that is by using get or Post Http methods?
Like wise Can i consume service using soap that is build using Rest
Both REST and SOAP protocols are published and consumed over HTTP. SOAP adds a layer on top of it for encoding data, that is not used on REST services nor clients.
So, for SOAP services use a SOAP client, and for REST services use a REST client. However, if you need to integrate different types of services, you could build an app that has both REST and SOAP clients, and publishes the result either as a SOAP service, a REST service, or both.
I have a webapp which has jsps. am not using any struts or mvc framework. We have JAX-RS service build using Apache CXF.
Now i want to do following
Allow user to login with username and password.
For all subsequent calls to webservice, same authentication info should be used.
Logged in user has some details (profile photo, full name), which i want to keep it constant across session.
Also, its role are defined. Based on role(s) only certain jax-rs calls will be allowed.
Roles are also used in JSP to restrict access to functionality.
Web services can be accessed outside so authentication and authorization info should be used.
As far as i understand, We should not use session in jax-rs services. What is the best way to handle above situation ?
The best way depends on how you estimate it.
My way of doing this is to
Run Rest service and JSP on the same instance
Use web.xml and CXF to set up security policy, which allows user/pw authentication and authorization, ROLES binded to both jax-rs urls and JSP urls.
Based on 2, jax-rs services can be called directly outside, but user/pw is required as you specified.
Hope this can help you a bit.
Think cxf security validation as any other http or https validation. you have to intercept the request and pass it to the rest service. You can use any of the tools like siteminder, else can write CXF interceptor to do your own security validation. In the interceptor you can call SSO kind of token generator server in case you have the infrastucture or call the DB if your architecture is built that way. You can use caching to reduce the resource hits and can look at custom or hibernate cache. enabling Https has to be done in server configuration. If you have certificate , you can use the same else you can generate your own using openssl.
I am having a SOAP web service. I am using Apache Axis2 to generate the Javabean skeleton from WSDL file and i implemented the functionality.Now i am looking to secure the web service using user name token. What is the option available to do that.
Axis2 is extensible by using modules and the security module for Axis2 is called Rampart. You can engage this module to provide the security functionality.
You might find this article useful: UsernameToken Authentication with Rampart