WssTokenCompare Username/Password Authentication
To use the WssTokenCompare feature, the Policy element must be present, and specify the username and password that are used for authentication. The username and password extracted from the HTTP Authorization request header are compared with the username and password specified in the Policy's WssUsernameToken10 and WssPassword elements.
The following sample WSDL contains the policy and its reference to use WssTokenCompare. Note that an application variable token is used for the password so that the password is not exposed in the WSDL. The value of the password can be specified in the component's Application Variable property in NetBeans.
<wsdl:service name="echoService">
<wsdl:port name="echoPort" binding="tns:echoBinding">
<soap:address location="http://pponnala-tecra-xp.stc.com:18181/
echoService/echoPort"/>
<wsp:PolicyReference URI="#HttpBasicAuthBindingBindingPolicy"/>
</wsdl:port>
</wsdl:service>
<wsp:Policy wsu:Id="HttpBasicAuthBindingBindingPolicy">
<mysp:MustSupportBasicAuthentication on="true">
<mysp:BasicAuthenticationDetail>
<mysp:WssTokenCompare/>
</mysp:BasicAuthenticationDetail>
</mysp:MustSupportBasicAuthentication>
<mysp:UsernameToken mysp:IncludeToken="http://schemas.xmlsoap.org/ws/
2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
<sp:WssUsernameToken10>wilma</sp:WssUsernameToken10>
<sp:WssPassword>${pass_token}</sp:WssPassword>
</wsp:Policy>
</mysp:UsernameToken>
</wsp:Policy>
|
Note –
The code displayed above is wrapped for display purposes.
- © 2010, Oracle Corporation and/or its affiliates