Using UsernameToken Profile

 

UsernameToken Profile describes how a web service client application can supply a user name and an optional password in the message request that  the web service server can use to authenticate the requestors identity.

 

If the P6 Web Services Server has been configured to use UsernameToken Profile for authentication when the server component was installed, the server uses both a user name and a password to authenticate the message.

 

The following example shows the syntax of the <UsernameToken> element:

 

<UsernameToken>

    <Username>...</Username>

    <Password Type="...">...</Password>

</UsernameToken>

 

 

 

Additionally, the Java and .NET examples below show how  to use the UsernameToken.  

 

UsernameToken: Java Client Example

 

Step one: Implement the client password callback Handler.  For example:

     

    import java.io.IOException;

    import javax.security.auth.callback.Callback;

    import javax.security.auth.callback.CallbackHandler;

    import javax.security.auth.callback.UnsupportedCallbackException;

    import org.apache.ws.security.WSPasswordCallback;

     

    public class ClientPasswordCallback implements CallbackHandler {

    public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {

    WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];

    // set the password

    pc.setPassword("admin");

     

    // ....

     

Step two: Configure the WSS4J outgoing properties for including UsernameToken Information.  For example:

    //Retrieve the client object from the port

    org.apache.cxf.endpoint.Client client = ClientProxy.getClient(port);

    org.apache.cxf.endpoint.Endpoint cxfEndpoint = client.getEndpoint();

     

    Map<String, Object> outProps = new HashMap<String, Object>();

    outProps.put(WSHandlerConstants.ACTION,"UsernameToken Timestamp");

    outProps.put(WSHandlerConstants.USER, "admin");

    outProps.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT);

     

    //Set the call client call back.This will set the password

    outProps.put(WSHandlerConstants.USERNAME_TOKEN,ClientPasswordCallback.class.getName());

    //Set the properties on the interceptor

    WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(outProps);

    cxfEndpoint.getOutInterceptors().add(wssOut);

    //Invoke Service

    port.methodName();

 

 

UsernameToken: .NET Client Example

Step one: Enable your .NET project to use Web Services Enhancements (WSE) 3.0.

See the  Using Web Service Enhancements with .NET projects topic for additional information.

 

Once you enable your .NET project to use Web Services Enhancements (WSE) 3.0, the web references that you create will have methods to support setting UsernameToken policy.

 

 

Step two: Create a Security Filter class which extends the SendSecurityFilter and override the SecureMessage method to add the UsernameToken.

 

 

using Microsoft.Web.Services;

using Microsoft.Web.Services.Security;

using Microsoft.Web.Services.Security.Tokens;

// ....    

 

class UTSecurityFilter : SendSecurityFilter

    {

    UTClientAssertion parentAssertion;

    FilterCreationContext filterContext;

public UTSecurityFilter(UTClientAssertion parentAssertion,
FilterCreationContext filterContext) : base(parentAssertion.ServiceActor, false, parentAssertion.ClientActor)

    {

        this.parentAssertion = parentAssertion;

        this.filterContext = filterContext;

    }

 

public override void SecureMessage(SoapEnvelope envelope, Security security)

    {

 

//Create the UserNameToken

        UsernameToken userToken = new UsernameToken(

            parentAssertion.username,

            parentAssertion.password,

            PasswordOption.SendPlainText);

security.Tokens.Add(userToken);

    }

 

// Create Assertion Class and override the CreateClientOutputFilter method

// to return the UTSecurityFilter  we have created in the previous step.

 

class UTClientAssertion : SecurityPolicyAssertion

    {

      

    public override SoapFilter

           CreateClientOutputFilter(FilterCreationContext context)

    {

        return new UTSecurityFilter(this, context);

    }    class UTSecurityFilter : SendSecurityFilter

    {

    UTClientAssertion parentAssertion;

    FilterCreationContext filterContext;

 

public UTSecurityFilter(UTClientAssertion parentAssertion,
FilterCreationContext filterContext) : base(parentAssertion.ServiceActor, false, parentAssertion.ClientActor)

    {

        this.parentAssertion = parentAssertion;

        this.filterContext = filterContext;

    }

 

    public override void SecureMessage(SoapEnvelope envelope, Security security)

    {

 

//Create the UserNameToken

        UsernameToken userToken = new UsernameToken(

            parentAssertion.username,

            parentAssertion.password,

            PasswordOption.SendPlainText);

  

         security.Tokens.Add(userToken);

    }

          

 

 

Step three: Create Assertion Class and override the CreateClientOutputFilter method to return the UTSecurityFilter  we have created in the previous step.  For example:

        

  class UTClientAssertion : SecurityPolicyAssertion

    {

      

    public override SoapFilter

           CreateClientOutputFilter(FilterCreationContext context)

    {

        return new UTSecurityFilter(this, context);

    }

 

//....

 

 

 

Step four: In the client class Create Policy, add the assertion to the policy.   For example:

 

ProjectPortBindingWse apb = new ProjectPortBindingWse();

apb.Url = P6WS_SERVICES_PROJECT_SERVICE;

 

UTClientAssertion assert =   new UTClientAssertion("admin", "admin");

 

// create policy and add the assertion

Policy policy = new Policy();

policy.Assertions.Add(assert);

         

//Set the policy on the proxy object

apb.SetPolicy(policy);

apb.CreateProjects(....);