Handling Authentications

In this lesson, we will learn how to make SOAP web service calls that are secured using plain text username and password.

We have already learned that SOAP can have its own implementation of security using WS-Security. The following is a sample SOAP header to pass plain text username and password:

Sample SOAP authorization header

<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" wsse:mustUnderstand="1">
  <wsse:UsernameToken>
     <wsse:Username>testuser</wsse:Username>
     <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">testpass</wsse:Password>
  </wsse:UsernameToken>
</wsse:Security>

In the sample SOAP header above, we pass plain text username and password. Please take a look at the password type, as passwords can be of 3 different types – PasswordDigest, PasswordText, UsernameToken. To know more, please follow this link.

Sending authorization header in the request

For the demonstration, we are considering a plain PasswordText. We have already seen how to use WebServiceTemplate to send the request and receive the response in the Sending requests using SOAP client lesson.

Here, we will see how to use the same to pass the additional authorization header in the request.

Get hands-on with 1200+ tech skills courses.