How to consume a secure SOAP Web service by adding WS-SECURITY SOAP header in Spring Boot Application
Introduction
Consuming a SOAP based web service is one of the common use cases a developer will come across. There are different implementations like JAX-WS, Axis1/2 and CXF which helps us in calling the web services easily.
While the JAX-WS is the basic implementation built into JDK library for any complex stuff like WS-Security etc we can use Axis or CXF. Apache CXF is JAX-Ws compliant and supports exposing REST as well as SOAP.
For below tutorial, I am going to use CXF implementation
To consume a secure web service we need to follow things in nutshell
- Generate Java Classes from WSDL using Maven plugin
- Add UserName Password to WS-Header
- Calling the Web Service
Adding Maven dependency
To make a call to a secure web service we need to download the associated CXF jars which will be used later.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 | <dependencies> <dependency> <groupId>org.apache.cxf</groupId> <artifactId>cxf-rt-frontend-jaxws</artifactId> <version>${cxf.version}</version> </dependency> <dependency> <groupId>org.apache.cxf</groupId> <artifactId>cxf-rt-ws-policy</artifactId> <version>${cxf.version}</version> </dependency> <dependency> <groupId>org.apache.cxf</groupId> <artifactId>cxf-tools-common</artifactId> <version>${cxf.version}</version> </dependency> <dependency> <groupId>org.apache.cxf</groupId> <artifactId>cxf-rt-ws-security</artifactId> <version>${cxf.version}</version> </dependency> <dependency> <groupId>org.apache.cxf</groupId> <artifactId>cxf-rt-transports-http</artifactId> <version>${cxf.version}</version> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-web</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-actuator</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-devtools</artifactId> <optional>true</optional> </dependency> </dependencies> |
Generate Java Classes
Apache CXF has CXF-code gen-plugin which can be used to generate Java Classes from WSDL.It can be configured in different ways I have configured it below to generate all the classes in src/main/generated folder under the package com.example.generated
- We need to do following
- Provide the WSDL file location
- CXF will generate classes in the specified directory, In our case I have specified it to src/main/generated
- The generated artifacts can be put in a package by using the <extraargs> parameter.
Here is how the plugin looks like
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 | <plugin> <groupId>org.apache.cxf</groupId> <artifactId>cxf-codegen-plugin</artifactId> <version>${cxf.version}</version> <executions> <execution> <id>generate-sources</id> <phase>generate-sources</phase> <configuration> <additionalJvmArgs> -Djavax.xml.accessExternalDTD=all -Djavax.xml.accessExternalSchema=all </additionalJvmArgs> <sourceRoot>${basedir}/src/main/generated</sourceRoot> <wsdlOptions> <wsdlOption> <extraargs> <extraarg>-verbose</extraarg> <extraarg>-p</extraarg> <extraarg>com.example.generated</extraarg> <extraarg>-exsh</extraarg> <extraarg>true</extraarg> </extraargs> <wsdl>${basedir}/src/main/resources/wsdl/MyWSDL.wsdl</wsdl> </wsdlOption> </wsdlOptions> </configuration> <goals> <goal>wsdl2java</goal> </goals> </execution> </executions> </plugin> |
Adding Source folder
Since in previous step the artifacts were generated under src/main/generated folder we need to make the generated folder as a source folder so all classes will be available and code can be compiled.
- In eclipse, click on your project -> Properties -> Java Build Path and add the src/main/generated as a source folder
- Also, we need to make sure that maven also picks this folder while assembling the code and creating executable file, we can use build-helper-maven-plugin as shown below
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 | <plugin> <groupId>org.codehaus.mojo</groupId> <artifactId>build-helper-maven-plugin</artifactId> <version>3.0.0</version> <executions> <execution> <id>add-source</id> <phase>generate-sources</phase> <goals> <goal>add-source</goal> </goals> <configuration> <sources> <source>${basedir}/src/main/generated</source> </sources> </configuration> </execution> </executions> </plugin> |
The complete POM
POM should have this plugin to be an executable spring boot jar.
1 2 3 4 5 6 | <plugin> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-maven-plugin</artifactId> </plugin> |
Here is how the complete POM looks like, By running mvn generate-sources, CXF will generate artifacts in the defined folder in our case (src/main/generated)
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 | <?xml version="1.0" encoding="UTF-8"?> <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> <modelVersion>4.0.0</modelVersion> <artifactId>sample-api</artifactId> <groupId>com.example</groupId> <name>MY API</name> <description>Example API </description> <version>0.0.1-SNAPSHOT</version> <properties> <main.basedir>${basedir}/../..</main.basedir> <maven.compiler.source>1.8</maven.compiler.source> <maven.compiler.target>1.8</maven.compiler.target> <cxf.version>3.1.10</cxf.version> </properties> <parent> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-parent</artifactId> <version>1.4.3.RELEASE</version> </parent> <dependencies> <dependency> <groupId>org.apache.cxf</groupId> <artifactId>cxf-rt-frontend-jaxws</artifactId> <version>${cxf.version}</version> </dependency> <dependency> <groupId>org.apache.cxf</groupId> <artifactId>cxf-rt-ws-policy</artifactId> <version>${cxf.version}</version> </dependency> <dependency> <groupId>org.apache.cxf</groupId> <artifactId>cxf-tools-common</artifactId> <version>${cxf.version}</version> </dependency> <dependency> <groupId>org.apache.cxf</groupId> <artifactId>cxf-rt-ws-security</artifactId> <version>${cxf.version}</version> </dependency> <dependency> <groupId>org.apache.cxf</groupId> <artifactId>cxf-rt-transports-http</artifactId> <version>${cxf.version}</version> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-web</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-actuator</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-devtools</artifactId> <optional>true</optional> </dependency> </dependencies> <build> <plugins> <plugin> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-maven-plugin</artifactId> </plugin> <plugin> <groupId>org.apache.cxf</groupId> <artifactId>cxf-codegen-plugin</artifactId> <version>${cxf.version}</version> <executions> <execution> <id>generate-sources</id> <phase>generate-sources</phase> <configuration> <additionalJvmArgs> -Djavax.xml.accessExternalDTD=all -Djavax.xml.accessExternalSchema=all </additionalJvmArgs> <sourceRoot>${basedir}/src/main/generated</sourceRoot> <wsdlOptions> <wsdlOption> <extraargs> <extraarg>-verbose</extraarg> <extraarg>-p</extraarg> <extraarg>com.example.generated</extraarg> <extraarg>-exsh</extraarg> <extraarg>true</extraarg> </extraargs> <wsdl>${basedir}/src/main/resources/wsdl/MyWSDL.wsdl</wsdl> </wsdlOption> </wsdlOptions> </configuration> <goals> <goal>wsdl2java</goal> </goals> </execution> </executions> </plugin> <plugin> <groupId>org.codehaus.mojo</groupId> <artifactId>build-helper-maven-plugin</artifactId> <version>3.0.0</version> <executions> <execution> <id>add-source</id> <phase>generate-sources</phase> <goals> <goal>add-source</goal> </goals> <configuration> <sources> <source>${basedir}/src/main/generated</source> </sources> </configuration> </execution> </executions> </plugin> </plugins> </build> </project> |
Identifying the Service Interface and Port Class
From our generated classes we need to find the Service Class and right operation which we need to call. The code will generate classes like ObjectFactory which contains various namespaces along with a ServiceInterface which contains the service operations
Open the interface and look for methods which have annotation @WebMethod(action = "serviceOperation") these are the various service operations which have been exposed by WSDL
1 2 3 4 5 6 7 8 9 10 | @WebService(targetNamespace = "http://crmCommon/content/outboundMessage/", name = "MYServicePortType") @XmlSeeAlso({ObjectFactory.class}) public interface MyService { @WebMethod(action = "serviceOperation") @RequestWrapper(localName = "serviceOperation", targetNamespace = "http://crmCommon/content/outboundMessage/types/", className = "com.gen.lookup.ProcessType") @ResponseWrapper(localName = "serviceOperationResponse", targetNamespace = "http://crmCommon/content/outboundMessage/types/", className = "com.gen.lookup.ProcessResponseType") public void serviceOperation( |
Another class is also known as Port which implements the service endpoint interface defined by Service will also be in generated folder. We Will use these classes to make a call to web service.
1 2 3 4 5 6 7 8 9 10 11 12 | @WebServiceClient(name = "Source_WEB_Contact_Contact_ENDPOINTPortType", wsdlLocation = "file://src/main/resources/wsdl/LookUp.wsdl", targetNamespace = "http:///crmCommon/content/outboundMessage/") public class MyServicePort extends Service { public final static URL WSDL_LOCATION; public final static QName SERVICE = new QName("http:///crmCommon/content/outboundMessage/", "Source_WEB_Contact_Contact_ENDPOINTPortType"); public final static QName SourceWEBContactContactENDPOINTPortTypePt = new QName("http:///crmCommon/content/outboundMessage/", "Source_WEB_Contact_Contact_ENDPOINTPortType_pt"); static { |
Calling the web service
Create a new instance of Service class
1 2 3 | MyServicePort service = new MyServicePort(); |
The method getPort returns a proxy. The parameter in below method specifies the service endpoint interface that is supported by the returned proxy.
1 2 3 | MyService port = service.getPort(MyService.class); |
Use the BindingProvider interface and type cast port to be of type BindingProvider
1 2 3 | BindingProvider provider = (BindingProvider) port; |
Adding UserName Password
Use the properties ws-security.username and ws-security.password to define the UserName and Password
1 2 3 4 | provider.getRequestContext().put("ws-security.username", "myusername"); provider.getRequestContext().put("ws-security.password", "mypassword"); |
Override the defaultWSDL URL
1 2 3 4 | provider.getRequestContext().put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, "https://mycustomerURL/replacethis"); |
Adding TimeStamp
If the security policy is defined in the WSDL requires a timestamp to avoid replay attacks CXF will automatically add the timestamp to the request.
Call the Web Service
Invoke the port’s method(service operation)
1 2 3 | port.serviceOperation(request); |
That’s all, You can add below Logging In and Logging Out interceptor to print request response in code
1 2 3 4 5 6 7 | org.apache.cxf.endpoint.Client client = org.apache.cxf.frontend.ClientProxy.getClient(port); org.apache.cxf.endpoint.Endpoint cxfEndpoint = client.getEndpoint(); cxfEndpoint.getOutInterceptors().add(new LoggingInInterceptor()); cxfEndpoint.getOutInterceptors().add(new LoggingOutInterceptor()); |
5 thoughts to “How to consume a secure SOAP Web service in Spring Boot Application”
Hi!
Can I get the full code?
Thank you
Could you please publish the code
please publish full code sir
Thanks for this. I’ve tried to follow a few guides to this – yours explains what’s going on which meant I was able to address the differences I found with the particular WSDL I was using.
I know this is a couple of years old now – but my IDE is telling me LoggingInInterceptor etc are now deprecated.
Would you please provide the code regarding to the final step for “Call the Web Service”?
I got confused with how to create it, and how to setup the “request”?