How does Webservice SOAP/Rest work with JAX-WS?

Asked

Viewed 1,110 times

2

I spent a whole day studying and finally managed to perform authentication with Webservice SOAP using JAX-WS, using Eclipse generated client.

When adding the password and password to the SOAP message, how is this done? It places encoded?

Code of the client:

RealizarBuscaSOAPService servico_ = servico.getRealizarBuscaSOAPServicePort();
Stub stub = (Stub) servico_;
stub._setProperty(Stub.USERNAME_PROPERTY, "usuario");
stub._setProperty(Stub.PASSWORD_PROPERTY, "senha");

Service code:

    @Resource
WebServiceContext webServiceContext;

@SuppressWarnings("rawtypes")
private boolean validaClient(){
    MessageContext mc = webServiceContext.getMessageContext();
    Map http_headers = (Map) mc.get(MessageContext.HTTP_REQUEST_HEADERS);
    System.out.println(http_headers);

    String username = null;
    String password = null;

    List t = (List)http_headers.get("Authorization");
    if(t == null || t.size() == 0) {
        throw new RuntimeException("Auth failed");
    }

    String encodedText = ((String) t.get(0)).substring(5);
    System.out.println("ENCODED TEXT:"+encodedText);


    byte[] buf = null;
    try {
        buf = Base64.decode(encodedText.getBytes());
    } catch (Base64DecodingException e) {
        e.printStackTrace();
    }
    String credentials = new String(buf);
    System.out.println("decoded text: "+credentials);

    int p = credentials.indexOf(":");

    if(p > -1){
        username = credentials.substring(0,p);
        password = credentials.substring(p+1);
    } else {
        throw new RuntimeException("Error in decoding");
    }

    return autentica(username, password);
}

Why this Base64 decoding? When password and password are placed in the header, are they encoded using base 64?? Service and customer exchange some key?

The only authentication that exists in REST would be in HTTP level and direct in the service URL with some key or user and password in the service URL?

1 answer

1

About Base64 coding: it is necessary because it is a way to ensure that the user’s login and password content does not change during client-server transfers. It consists of 64 characters (A-Z, a-z, 0-9, / and +, besides the suffix =)

It is used in the protocol HTTP for authentication, which you are using in:

List t = (List)http_headers.get("Authorization"); 

Whereas the HTTP sets the authentication in the following format:

username:password

The server receives Base64-encoded authentication and the format above. That’s why in your code, you had to decode and break the string in ::

int p = credentials.indexOf(":");

if(p > -1){
    username = credentials.substring(0,p);
    password = credentials.substring(p+1);
} else {
    throw new RuntimeException("Error in decoding");
}

Browser other questions tagged

You are not signed in. Login or sign up in order to post.