Skip to main content
Skip table of contents

Using W-S Security and WS-Addressing

SOAPam Client provides limited support for the WS-Addressing and WS-Security standards. This support includes:

WS-Security

Automatic generation of the Security header which can include the following elements:

  • UsernameToken
  • BinarySecurityToken (X509 only)
  • Signature

WS-Addressing

Automatic generation of the following WS-Addressing elements:

  • To
  • Action

Automatic generation of the WS-Security and WS-Addressing fields is controlled by the definition of a "policy" file which allows the generation to be controlled without altering the contents of the Client Definition File (CDF). The policy file is an XML file which consists of definitions of each Web service method that requires the addition of WS-Security and/or WS-Addressing headers and how those headers should be applied. The policy file location is passed to the SOAPAMCP process using the -wssepolicy option. A sample policy file for the SOAPam EchoString service is shown below:

CODE
<policy xmlns="http://www.nuwave-tech.com/schemas/soapam/2007/01/policy/"
xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
 <operation name="*">
   <request>
     <wsa:To>http://soapam.nuwave-tech.com/services/echostring/echostring</wsa:To>
     <wsse:UsernameToken />
     <wsse:BinarySecurityToken />
     <wsse:Signature />
   </request>
   <response>
     <wsse:Signature />  
   </response>
 </operation>
 <operation name="echoString">
   <request>
     <wsa:Action>echoString</wsa:Action>
   </request>
 </operation>
</policy>

 

This policy file consists of <operation/> elements for each method in the service. Specifying an operation name of '*' indicates that the included policies apply to all methods. This policy file contains the following definitions:

All methods should contain the following headers on request messages:

  • A WS-Addressing To header with the value "http://soapam.nuwave-tech.com/services/echostring/echostring"
  • A WS-Security header with a UsernameToken element. The userid and password are obtained from the -wsseauth startup option.
  • A WS-Security header with a BinarySecurityToken element. The certificate is obtained from the -sslclientcert startup option.
  • A WS-Security header with a Signature element.

All methods should contain the following headers on response messages:

  • A WS-Security hedaer with a Signature element. The Signature will be validated against the reply message.

The echoString method should contain the following header on request messages:

  • A WS-Addressing Action header with the value "echoString".
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.