Problem solve Get help with specific problems with your technologies, process and projects.

Implementing SOAP headers

Anne Thomas Manes discusses the two different approaches you can use to add and process SOAP headers in a message.

I am using a Websphere 5.0 Application server and WSAD 5.1.2 IDE for development purposes. I would like to add the authentication information within a SOAP header. Any ideas how can I add the appid/password along the SOAP header? Can I do it using a message handler? If yes, how do I implement it?

You have two options: you can use a message handler or you can use an intermediary. Both of these approaches allow you to add and process SOAP headers in your message. If you have any requirements at all to support interoperability, then you should make sure that your security header conforms to the OASIS WS-Security 2004 v1.0 specification. (See http://www.oasis-open.org/specs/index.php#wssv1.0).

I must warn you, though. The native SOAP engine in WAS 5.0 is very limited in its capabilities -- especially in terms of advanced features and interoperability. (It predates the WS-I Basic Profile.) I encourage you to either upgrade to WAS 5.1 or later or to install a third party SOAP engine, such as Apache Axis (open source) (see http://ws.apache.org/axis/) or Systinet Server (commercial) (see http://www.systinet.com/products/systinet_server). Apache WSS4J is an open source WS-Security provider (i.e., a pre-built handler that supports WS-Security) designed to work with Apache Axis or any JAX-RPC compliant SOAP engine. You can find a number of open source tools for Axis/WSS4J that plug into Eclipse/WSAD. Systinet Server has a built-in WS-Security provider, and it also provides an Eclipse plug-in.

If you prefer to stay with the WAS 5.0 native SOAP engine, then you might do better by using an intermediary. Apache Synapse (http://incubator.apache.org/synapse) is an open source intermediary, and it can work with WSS4J -- but be warned that the code is still very early stage (as of January 2006). You can also use a variety of commercial products from web services management vendors such as Amberpoint, Blue Titan, SOA Software, and Sonic Software (Actional). Or you can use a hardware-based XML Gateway (an appliance) from vendors such as IBM/DataPower, Forum Systems, Layer 7, and Reactivity.

Dig Deeper on Topics Archive

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.