Handling Authentications
In this lesson, we will learn how to make SOAP web service calls that are secured using plain text username and password.
We'll cover the following
We have already learned that SOAP can have its own implementation of security using WS-Security
. The following is a sample SOAP header to pass plain text username and password:
Sample SOAP authorization header
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" wsse:mustUnderstand="1">
<wsse:UsernameToken>
<wsse:Username>testuser</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">testpass</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
In the sample SOAP
header above, we pass plain text username and password. Please take a look at the password type, as passwords can be of 3 different types – PasswordDigest
, PasswordText
, UsernameToken
. To know more, please follow this link.
Sending authorization header in the request
For the demonstration, we are considering a plain PasswordText
.
We have already seen how to use WebServiceTemplate
to send the request and receive the response in the Sending requests using SOAP client lesson.
Here, we will see how to use the same to pass the additional authorization header in the request.
Get hands-on with 1400+ tech skills courses.