Using Handler Methods for SOAP Headers
The VMware vCenter Single Sign-On SDK provides sample code that is an extension of the JAX-WS XML Web services message handler (javax.xml.ws.handler).
The sample code consists of a set of SOAP header handler methods and a header handler resolver, to which you add the handler methods. The handler methods insert timestamp, user credential, and message signature data into the SOAP security header for the request. A handler method extracts the SAML token from the vCenter Single Sign-On Server response.
The VMware vCenter Single Sign-On client SOAP header handler files are located in the soaphandlers directory.
SDK/sso/java/JAXWS/samples/com/vmware/sso/client/soaphandlers
To access the SOAP handler implementation, the example code contains the following import statements.
import com.vmware.sso.client.soaphandlers.HeaderHandlerResolver; import com.vmware.sso.client.soaphandlers.SSOHeaderHandler; import com.vmware.sso.client.soaphandlers.SamlTokenExtractionHandler import com.vmware.sso.client.soaphandlers.TimeStampHandler; import com.vmware.sso.client.soaphandlers.UserCredentialHandler; import com.vmware.sso.client.soaphandlers.WsSecurityUserCertificateSignatureHandler;
This example uses the following handler elements.
- HeaderHandlerResolver
- SamlTokenExtractionHandler
- TimestampHandler
- UserCredentialHandler
- WsSecurityUserCertificateSignatureHandler (SSOHeaderHandler)
The following sequence shows the operations and corresponding Java elements for message security.
| Create an STS service object (STSService_Service). This object will bind the handlers to the request and provide access to the issue method. |
STSService_Service |
| Create a handler resolver object (HeaderHandlerResolver). This object acts as a receptacle for the handlers. |
HeaderHandlerResolver |
Add the header handlers:
|
|
| Add the handler resolver to the STS service. |
|
The following code fragment creates a handler resolver and adds the handler methods to the handler resolver. After the handlers have been established, the client creates a token request and calls the Issue method. See Sending a Request for a Security Token.
/* * Instantiate the STS Service */ STSService_Service stsService = new STSService_Service(); /* * Instantiate the HeaderHandlerResolver. */ HeaderHandlerResolver headerResolver = new HeaderHandlerResolver(); /* * Add handlers to insert a timestamp and username token into the SOAP security header * and sign the message. * * -- Timestamp contains the creation and expiration time for the request * -- UsernameToken contains the username/password * -- Sign the SOAP message using the combination of private key and user certificate. * * Add the TimeStampHandler */ headerResolver.addHandler(new TimeStampHandler()); /* * Add the UserCredentialHandler. arg[1] is the username; arg[2] is the password. */ UserCredentialHandler ucHandler = new UserCredentialHandler(args[1],args[2]); headerResolver.addHandler(ucHandler); /* * Add the message signature handler (WsSecurityUserCertificateSignatureHandler); * The client is responsible for supplying the private key and certificate. */ SSOHeaderHandler ssoHandler = new WsSecurityUserCertificateSignatureHandler(privateKey, userCert); headerResolver.addHandler(ssoHandler); /* * Add the token extraction handler (SamlTokenExtractionHandler). */ SamlTokenExtractionHandler sbHandler = new SamlTokenExtractionHandler; headerResolver.addHandler(sbHandler); /* * Set the handlerResolver for the STSService to the HeaderHandlerResolver created above. */ stsService.setHandlerResolver(headerResolver);