Using Handler Methods for SOAP Headers

The VMware vCenter Single Sign-On SDK provides sample code that is an extension of the JAX-WS XML Web services message handler (javax.xml.ws.handler). The sample code consists of a set of SOAP header handler methods and a header handler resolver, to which you add the handler methods. The handler methods insert timestamp, user credential, and message signature data into the SOAP security header for the request. A handler method extracts the SAML token from the vCenter Single Sign-On server response.

The VMware vCenter Single Sign-On client SOAP header handler files are located in the soaphandlers directory:

SDK/sso/java/JAXWS/samples/com/vmware/sso/client/soaphandlers

To access the SOAP handler implementation, the example code contains the following import statements:

import com.vmware.sso.client.soaphandlers.HeaderHandlerResolver;

import com.vmware.sso.client.soaphandlers.SSOHeaderHandler;

import com.vmware.sso.client.soaphandlers.SamlTokenExtractionHandler

import com.vmware.sso.client.soaphandlers.TimeStampHandler;

import com.vmware.sso.client.soaphandlers.UserCredentialHandler;

import com.vmware.sso.client.soaphandlers.WsSecurityUserCertificateSignatureHandler;

This example uses the following handler elements:

■	HeaderHandlerResolver

■	SamlTokenExtractionHandler

■	TimestampHandler

■	UserCredentialHandler

■	WsSecurityUserCertificateSignatureHandler (SSOHeaderHandler)

The following sequence shows the operations and corresponding Java elements for message security.

Example: Acquiring a vCenter Single Sign-On Token – Soap Handlers creates a handler resolver and adds the handler methods to the handler resolver. After the handlers have been established, the client creates a token request and calls the Issue method. See Sending a Request for a Security Token.

Important You must perform these steps for message security before retrieving the STS service port. An example of retrieving the STS service port is shown in Sending a Request for a Security Token.

Example: Acquiring a vCenter Single Sign-On Token – Soap Handlers

/*

* Instantiate the STS Service

*/

STSService_Service stsService = new STSService_Service();

 

/*

* Instantiate the HeaderHandlerResolver.

*/

HeaderHandlerResolver headerResolver = new HeaderHandlerResolver();

 

/*

* Add handlers to insert a timestamp and username token into the SOAP security header

* and sign the message.

*

* -- Timestamp contains the creation and expiration time for the request

* -- UsernameToken contains the username/password

* -- Sign the SOAP message using the combination of private key and user certificate.

*

* Add the TimeStampHandler

*/

headerResolver.addHandler(new TimeStampHandler());

 

/*

* Add the UserCredentialHandler. arg[1] is the username; arg[2] is the password.

*/

UserCredentialHandler ucHandler = new UserCredentialHandler(args[1], args[2]);

headerResolver.addHandler(ucHandler);

 

/*

* Add the message signature handler (WsSecurityUserCertificateSignatureHandler);

* The client is responsible for supplying the private key and certificate.

*/

SSOHeaderHandler ssoHandler =
new WsSecurityUserCertificateSignatureHandler( privateKey, userCert);

headerResolver.addHandler(ssoHandler);

 

/*

* Add the token extraction handler (SamlTokenExtractionHandler).

*/

SamlTokenExtractionHandler sbHandler = new SamlTokenExtractionHandler;

headerResolver.addHandler(sbHandler);

 

/*

* Set the handlerResolver for the STSService to the HeaderHandlerResolver created above.

*/

stsService.setHandlerResolver(headerResolver);