I faced this issue where I had to consume a SOAP service which was secured by OAuth1.0a. And Spring doesn’t provide any direct solution for consuming OAuth secured SOAP webservice.
In Producing and Consuming SOAP web service and Consuming SOAP web service over HTTPS, we saw how to consume a SOAP web service. In this post, we will go little beyond this and implement a solution to consume OAuth secured SOAP web service. Securing a web service is a general trend and you must secure a web service if you are letting others consume it. This is a secure way to transfer data between producer and consumer without compromising customer data.
Pre-requisites
- Spring web services
- OAuth library and knowledge
How to implement it?
Firstly, below is a code that shows how to send a SOAP request call to a web service if it is not OAuth secured.
public class UserClient extends WebServiceGatewaySupport
{
public GetUserResponse getUserById (int userid)
{
GetUserRequest userrequest = new GetUserRequest();
userrequest.setId(userid);
GetUserResponse response = (GetUserResponse)getWebServiceTemplate().marshalSendAndReceive(userrequest, new
SoapActionCallback("https://localhost:8443/benefits/endpoints/getUserResponse"));
return response;
}
}
We are using a WebServiceTemplate to marshal a request and send it to a SOAP endpoint. SoapActionCallback is a callback which allows changing the marshalled message and sends to an endpoint and then it will retrieve a response.
Secondly, as part of this solution, we will implement a class SignedMessageSender that will sign the request with OAuth consumer key and secret.
public class SignedMessageSender extends HttpComponentsMessageSender
{
private final CommonsHttpOAuthConsumer consumer;
public SignedMessageSender(CommonsHttpOAuthConsumer consumer)
{
this.consumer = consumer;
}
public WebServiceConnection createConnection(URI uri)
{
HttpComponentsConnection conn = null;
try
{
conn = (HttpComponentsConnection)super.createConnection(uri);
consumer.sign(connection.getHttpPost());
}
catch (IOException e | OAuthException e)
{
throw new RuntimeException("I/O Error", e);
}
return conn;
}
}
Now we build our bean for the client to use this message sender. Then we will assign a consumer key and consumer secret. This also uses JAXB marshaller. The code for this will look like below
@Bean
public UserClient getUserClient(Jaxb2Marshaller marshaller)
{
UserClient us = new UserClient();
us.setDefaultUri("https://localhost:8443/benefits/endpoints/users.wsdl");
us.setMarshaller(marshaller);
us.setUnmarshaller(marshaller);
String consumerkey = "";
String secretkey = "";
CommonsHttpOAuthConsumer consumer = new CommonsHttpOAuthConsumer(consumerkey,secretkey);
SignedMessageSender signedMessageSender = new SignedMessageSender(consumer);
signedMessageSender.createConnection(new URL("https://localhost:8443/benefits/endpoints/users.wsdl").toURI());
us.setMessageSender(signedMessageSender);
return us;
}
This shows how we can implement a solution to consume a SOAP web service secured with OAuth 1.0a. I am sure we can add a similar solution if the service producer secures it with OAuth 2.0, but that will be another post.
Conclusion
In conclusion, I showed how to send OAuth signed SOAP message to SOAP webservice.
