The VMware vCenter Single Sign-On SDK provides sample code that is an extension of the JAX-WS XML Web services message handler (javax.xml.ws.handler). The sample code consists of a set of SOAP header handler methods and a header handler resolver, to which you add the handler methods. The handler methods insert timestamp, user credential, and message signature data into the SOAP security header for the request. A handler method extracts the SAML token from the vCenter Single Sign-On server response.
The VMware vCenter Single Sign-On client SOAP header handler files are located in the soaphandlers directory:
SDK/sso/java/JAXWS/samples/com/vmware/sso/client/soaphandlers
To access the SOAP handler implementation, the example code contains the following import statements:
import com.vmware.sso.client.soaphandlers.HeaderHandlerResolver; import com.vmware.sso.client.soaphandlers.SSOHeaderHandler; import com.vmware.sso.client.soaphandlers.SamlTokenExtractionHandler import com.vmware.sso.client.soaphandlers.TimeStampHandler; import com.vmware.sso.client.soaphandlers.UserCredentialHandler; import com.vmware.sso.client.soaphandlers.WsSecurityUserCertificateSignatureHandler;
This example uses the following handler elements:
■
| |
■
| |
■
| |
■
| |
■
|
WsSecurityUserCertificateSignatureHandler (SSOHeaderHandler) |
The following sequence shows the operations and corresponding Java elements for message security.
The following example creates a handler resolver and adds the handler methods to the handler resolver. After the handlers have been established, the client creates a token request and calls the Issue method. See Sending a Request for a Security Token in Java.
You must perform these steps for message security before retrieving the STS service port. An example of retrieving the STS service port is shown in Sending a Request for a Security Token in Java.
/* * Instantiate the STS Service */ STSService_Service stsService = new STSService_Service(); /* * Instantiate the HeaderHandlerResolver. */ HeaderHandlerResolver headerResolver = new HeaderHandlerResolver(); /* * Add handlers to insert a timestamp and username token into the SOAP security header * and sign the message. * * -- Timestamp contains the creation and expiration time for the request * -- UsernameToken contains the username/password * -- Sign the SOAP message using the combination of private key and user certificate. * * Add the TimeStampHandler */ headerResolver.addHandler(new TimeStampHandler()); /* * Add the UserCredentialHandler. arg[1] is the username; arg[2] is the password. */ UserCredentialHandler ucHandler = new UserCredentialHandler(args[1], args[2]); headerResolver.addHandler(ucHandler); /* * Add the message signature handler (WsSecurityUserCertificateSignatureHandler); * The client is responsible for supplying the private key and certificate. */ SSOHeaderHandler ssoHandler = new WsSecurityUserCertificateSignatureHandler(privateKey, userCert); headerResolver.addHandler(ssoHandler); /* * Add the token extraction handler (SamlTokenExtractionHandler). */ SamlTokenExtractionHandler sbHandler = new SamlTokenExtractionHandler; headerResolver.addHandler(sbHandler); /* * Set the handlerResolver for the STSService to the HeaderHandlerResolver created above. */ stsService.setHandlerResolver(headerResolver);