Login

Consultor Eletrônico



Kbase P140169: How to implement the Web Services Security UsernameToken with SOAP Headers?
Autor   Progress Software Corporation - Progress
Acesso   Público
Publicação   4/28/2010
Status: Unverified

GOAL:

How to implement the Web Services Security UsernameToken with SOAP Headers?

GOAL:

How to implement WSSE UsernameToken Security?

GOAL:

How to manually add WS-Security UsernameToken into SOAP Headers?

GOAL:

How to manually add WSS UsernameToken into SOAP Headers?

GOAL:

How to use the UsernameToken with the Web Services Security specification?

FACT(s) (Environment):

OpenEdge 10.1x
All Supported Operating Systems

FIX:


The OpenEdge client does not support WS-Security out-of-the-box, but it is possible to manually create SOAP Headers that contain the required WS-Security UsernameToken. The following sample shows how to create the SOAP Header containing UsernameToken element:

DEFINE VARIABLE hWebService AS HANDLE NO-UNDO.
DEFINE VARIABLE hTMMWebSvcs AS HANDLE NO-UNDO.
DEFINE VARIABLE hXdoc AS HANDLE.
DEFINE VARIABLE hXnoderef1 AS HANDLE.
DEFINE VARIABLE hXnoderef2 AS HANDLE.
DEFINE VARIABLE hXnoderef3 AS HANDLE.
DEFINE VARIABLE hXtext AS HANDLE.
DEFINE VARIABLE cUsername AS CHARACTER INIT "Scott".
DEFINE VARIABLE cPassword AS CHARACTER INIT "Administrator".
DEFINE VARIABLE g_header AS HANDLE.
/* Build global SOAP request header containing UsernameToken element */
RUN BuildRequestHeader (OUTPUT g_header).
CREATE SERVER hWebService.
hWebService:CONNECT("-WSDL ...").
RUN <operation> SET hPortType ON hWebService.
/* Associate the request callback with the port type */
hPortType :SET-CALLBACK-PROCEDURE("REQUEST-HEADER", "ReqHandler").
RUN method IN hPortType ( ... )
DELETE OBJECT hPortType.
hWebService:DISCONNECT().
DELETE OBJECT hWebService.

/**************** Internal Procedures ****************/
PROCEDURE ReqHandler:
/* Define procedure parameters */
DEFINE OUTPUT PARAMETER hHeader AS HANDLE.
DEFINE INPUT PARAMETER cNamespace AS CHARACTER.
DEFINE INPUT PARAMETER cLocalNS AS CHARACTER.
DEFINE OUTPUT PARAMETER lDeleteOnDone AS LOGICAL.
/* Pass in global header reused for every request */
hHeader = g_header.
lDeleteOnDone = FALSE.
END PROCEDURE.

PROCEDURE BuildRequestHeader:
/* Define procedure parameter */
DEFINE OUTPUT PARAMETER hHeader AS HANDLE.
DEFINE VARIABLE hHeaderEntryref AS HANDLE.
DEFINE VARIABLE ClientNS AS CHARACTER initial "http://ServiceHost/SOAPHeader" .
ClientNS = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd".
/* Create SOAP header and server objects */
CREATE SOAP-HEADER hHeader.
CREATE SOAP-HEADER-ENTRYREF hHeaderEntryref.
/* Create x-doc objects to build header */
CREATE X-DOCUMENT hXdoc.
CREATE X-NODEREF hXnoderef1.
CREATE X-NODEREF hXnoderef2.
CREATE X-NODEREF hXnoderef3.
CREATE X-NODEREF hXtext.
/* Create the header entry */
hHeader:ADD-HEADER-ENTRY(hHeaderEntryref).
/* Create the header namespace data */
hXdoc:CREATE-NODE-NAMESPACE(hXnoderef3, ClientNS, "Security", "ELEMENT").
hXdoc:CREATE-NODE-NAMESPACE(hXnoderef1, ClientNS, "UsernameToken", "ELEMENT").
hXdoc:INSERT-BEFORE(hXnoderef1, ?).
/* Create the Username/Password data */
hXdoc:CREATE-NODE-NAMESPACE(hXnoderef2, ClientNS, "Username", "ELEMENT").
hXnoderef1:APPEND-CHILD(hXnoderef2).
hXdoc:CREATE-NODE(hXtext,"","text").
hXnoderef2:APPEND-CHILD(hXtext).
hXtext:NODE-VALUE = cUsername.
hXdoc:CREATE-NODE-NAMESPACE(hXnoderef2, ClientNS, "Password", "ELEMENT").
hXnoderef1:APPEND-CHILD(hXnoderef2).
hXdoc:CREATE-NODE(hXtext, "", "text").
hXnoderef2:APPEND-CHILD(hXtext).
hXtext:NODE-VALUE = cPassword.
hXnoderef3:APPEND-CHILD( hXnoderef1 ).
/* Fill the header entry using a deep copy */
hHeaderEntryref:SET-NODE(.hXnoderef3).
hHeaderEntryref:SET-MUST-UNDERSTAND ( TRUE ).
/* Procedure/header cleanup */
DELETE OBJECT hXdoc.
DELETE OBJECT hXnoderef1.
DELETE OBJECT hXnoderef2.
DELETE OBJECT hXtext.
DELETE OBJECT hHeaderEntryref.
END PROCEDURE..