Category Archives: SOAP

How to add SOAP headers to Request/Response

Use Case

In this post, I show how to add SOAP headers to SOAP request/response. If you have Code First Webservice OR WSDL Contract based WebService, you will be responding to your client requests with a SOAP response. In my case, it was a WS-Trust Security Token Web Service and the endpoint was correctly responding with a WS-Trust Response. This SOAP response will include SAMLv1.1 OR SAMLv2.0 token. Now consumer of this web service can either trust the server response or also validate the response for few things like time validity, signature validity, and even security header validity.

If you are supporting Transport Binding on this Web Service endpoint, it will be straight forward. Web Service response will have security headers

But as per my use case, if you are merely using UsernameToken Binding , Web Service response will not include security headers, especially if you are using Apache CXF libraries, these libraries will not always add security headers.

Likewise, if a consumer needs security headers for validation purposes, how do you add these security headers in response from your server endpoint?

Solution

In this particular case, the Web Service response needed Security header with timestamp only.

What is the security header and why Timestamp is required?

In a SOAP request or response, you will need Security header element based on security policy that Web Service will be using. This header in a request will look like below:


<wsse:Security soapenv:mustUnderstand="true" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
     <wsu:Timestamp wsu:Id="TS-D3788B6EB508E3A553155173495342917">
         <wsu:Created>2019-03-04T21:29:13.429Z</wsu:Created>
         <wsu:Expires>2019-03-04T21:30:13.429Z</wsu:Expires>
     </wsu:Timestamp>
     <wsse:UsernameToken wsu:Id="UsernameToken-6CBAAFA3A8815F71FC15511581437664">
        <wsse:Username>john.doe@betterjavacode.com</wsse:Username>
        <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">********</wsse:Password>
     </wsse:UsernameToken>
</wsse:Security>

Once a Web Service endpoint receives this request, it will validate the username and password and will verify if timestamp validity is accurate. On successful validation, Web Service will generate a response that will also include Security header with Timestamp. Consumer will validate that timestamp. Having a timestamp in SOAP header minimizes the risk of Replay attack as in an attacker can’t either use the SOAP response after Expiration time or even can’t send the same request after Expiration time.

How do you add this security header of timestamp if using Apache CXF libraries?

Apache CXF libraries offer few ways to achieve this:

  1. JAX-WS standard way is to write a SOAP handler that will add headers to the SOAP message. To simplify this, you will have to register the SOAP handler on the client or server-side.
  2. JAX-WS offers another way through annotation @WebParam(header = true, mode = Mode.OUT).
  3. wsdl first way wherein your WSDL operation you specify SOAPHeader as part of your SOAP binding.
  4. CXF offers its own way to add these headers. In this post, I will show how you can leverage CXF libraries to add these headers.

How to add Security headers using CXF libraries?

Assumption is that you have used apache CXF libraries to build Web Service endpoint. JAX-WS offers a WebServiceContext which makes a Web Service endpoint to access message context. This message context can help to retrieve details for username, password, and other security headers from the request.

Same way, this message context can be used to grab a list of headers List<org.apache.cxf.headers.Header> . We will create our Soap header for security element and then add this header in the list of headers. The code for this will look like below:


SOAPFactory soapFactory = SOAPFactory.newInstance(SOAPConstants.SOAP_1_2_PROTOCOL);

SOAPElement securityElement = soapFactory.createElement("Security",
        "wsse", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
SOAPElement timestampElement = soapFactory.createElement("Timestamp",
        "wsu", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
timestampElement.setAttribute(WSTrustConstants.WSU_ID, "_0");

String created = getCurrentDateTime();
String expires = getCurrentDateTimePlusDelay(300L);
SOAPElement createdSOAPElement = soapFactory.createElement("Created",
        "wsu", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
createdSOAPElement.addTextNode(created);
SOAPElement expiresSOAPElement = soapFactory.createElement("Expires",
        "wsu", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
expiresSOAPElement.addTextNode(expires);

timestampElement.addChildElement(createdSOAPElement);
timestampElement.addChildElement(expiresSOAPElement);
securityElement.addChildElement(timestampElement);
SoapHeader soapHeader = new SoapHeader(securityElement.getElementQName(), securityElement);

List<Header> headers = new ArrayList<>();
headers.add(soapHeader);
webServiceContext.getMessageContext().put(Header.HEADER_LIST, headers); 

Conclusion

In this post, I showed how we can leverage Apache CXF libraries to add SOAP headers in a web service response. Similarly, the same libraries can be used to add these headers to the request.

References

  1. Apache CXF Libraries – Apache CXF
  2. Adding SOAP header – Adding SOAP header
  3. Interceptors – interceptors

 

 

How to consume OAuth secured SOAP Webservice

I faced this issue where I had to consume a SOAP service which was secured by OAuth1.0a. And Spring doesn’t provide any direct solution for consuming OAuth secured SOAP webservice.

In Producing and Consuming SOAP web service and Consuming SOAP web service over HTTPS, we saw how to consume a SOAP web service. In this post, we will go little beyond this and implement a solution to consume OAuth secured SOAP web service. Securing a web service is a general trend and you must secure a web service if you are letting others consume it. This is a secure way to transfer data between producer and consumer without compromising customer data.

Pre-requisites

  1. Spring web services
  2. OAuth library and knowledge

How to implement it?

Firstly, below is a code that shows how to send a SOAP request call to a web service if it is not OAuth secured.


public class UserClient extends WebServiceGatewaySupport
{
   public GetUserResponse getUserById (int userid)
   {
      GetUserRequest userrequest = new GetUserRequest();
      userrequest.setId(userid);
      GetUserResponse response = (GetUserResponse)getWebServiceTemplate().marshalSendAndReceive(userrequest, new 
       SoapActionCallback("https://localhost:8443/benefits/endpoints/getUserResponse"));
      return response;
   }
}

We are using a WebServiceTemplate to marshal a request and send it to a SOAP endpoint. SoapActionCallback is a callback which allows changing the marshalled message and sends to an endpoint and then it will retrieve a response.

Secondly, as part of this solution, we will implement a class SignedMessageSender that will sign the request with OAuth consumer key and secret.


public class SignedMessageSender extends HttpComponentsMessageSender
{
   private final CommonsHttpOAuthConsumer consumer;

   public SignedMessageSender(CommonsHttpOAuthConsumer consumer)
   {
     this.consumer = consumer;
   }

   public WebServiceConnection createConnection(URI uri)
   {
     HttpComponentsConnection conn = null;
     try
     {
       conn = (HttpComponentsConnection)super.createConnection(uri);
       consumer.sign(connection.getHttpPost());
     }
     catch (IOException e | OAuthException e)
     {
      throw new RuntimeException("I/O Error", e);
     }
    return conn;
  }
}

Now we build our bean for the client to use this message sender. Then we will assign a consumer key and consumer secret. This also uses JAXB marshaller. The code for this will look like below


@Bean
public UserClient getUserClient(Jaxb2Marshaller marshaller)
{
   UserClient us = new UserClient();
   us.setDefaultUri("https://localhost:8443/benefits/endpoints/users.wsdl");
   us.setMarshaller(marshaller);
   us.setUnmarshaller(marshaller);
   String consumerkey = "";
   String secretkey = "";
   CommonsHttpOAuthConsumer consumer = new CommonsHttpOAuthConsumer(consumerkey,secretkey);
   SignedMessageSender signedMessageSender = new SignedMessageSender(consumer);
   signedMessageSender.createConnection(new URL("https://localhost:8443/benefits/endpoints/users.wsdl").toURI());
   us.setMessageSender(signedMessageSender);
   return us;
}

This shows how we can implement a solution to consume a SOAP web service secured with OAuth 1.0a. I am sure we can add a similar solution if the service producer secures it with OAuth 2.0, but that will be another post.

Conclusion

In conclusion, I showed how to send OAuth signed SOAP message to SOAP webservice.

References

  1. Add Header to SOAP message
  2. SOAP WS-addressing
  3. https://www.avisi.nl/blog/2012/11/22/consuming-oauth-secured-soap-webservices-using-spring-ws-axiom-signpost/

Consuming a SOAP Webservice over HTTPS

In the previous post, we talked about producing and consuming a SOAP web service here. This post will be a sequel to that post since recently I faced a similar issue during my project. In this post, we will talk about how to consume a SOAP Webservice over HTTPS. Since this will be a small post, we will not be posting any code on GitHub.

Problem –

While consuming a SOAP web service which is behind SSL, if you don’t handle SSL certificates, you will run into the following error


sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
at sun.security.validator.Validator.validate(Validator.java:260)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1351)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:156)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:925)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:860)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1043)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1343)
at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:728)
at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:123)
at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:138)
at SSLPoke.main(SSLPoke.java:31)
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:145)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:131)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
... 15 more

 

Solution –

Basically this error is happening if your SOAP web service is on SSL and the client is trying to connect to web service, web service doesn’t recognize the client and throws this error.

To resolve this error, you can download an SSL certificate from the server where you are hosting the SOAP web service and import that certificate on your client machine’s Keystore. In a production environment, you should have a way to access this Keystore when a call is made to the web service.

Let’s assume that our web service from the post is on SSL, like https://localhost:8943/benefits/endpoints/users.wsdl. If you access this URL in the browser, you will be able to see the SSL certificate. Export this SSL certificate in base 64 format file, example sslcertificate.crt. Import this certificate in

keytool -import -alias sslcertificateofserver -keystore truststore.jks -storepass changeit -file sslcertificate.crt

Now, we will change the configuration class we wrote to configure web service components.


package com.betterjavacode.benefits.views;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.oxm.jaxb.Jaxb2Marshaller;

@Configuration
public class ClientAppConfig
{
   private Resource getKeyStore()
   {
     Environment.getProperty("betterjavacode.com.keystore");
   }

   private String getKeystorePassword()
   {
     Environment.getProperty("betterjavacode.com.keyStorePassword");
   }

   @Bean
   public Jaxb2Marshaller marshaller()
   {
     Jaxb2Marshaller marshaller = new Jaxb2Marshaller();
     marshaller.setContextPath("com.betterjavacode.benefits.soap");
     return marshaller;
   }

   @Bean
   public UserClient userClient(Jaxb2Marshaller marshaller) 
   {
     // WSDL URL - http://localhost:8080/benefits/endpoints/users.wsdl
     UserClient uc = new UserClient();
     uc.setDefaultUri("http://localhost:8080/benefits/endpoints/users.wsdl");
     uc.setMarshaller(marshaller);
     uc.setUnmarshaller(marshaller);

     FileInputStream fis = new FileInputStream(getKeyStore());
     KeyStore ks = KeyStore.getInstance("JKS");
     ks.load(fis, getKeyStorePassword().toCharArray());

     try 
     {
       fis.close();
     } 
     catch (IOException e) 
     {
     }
     KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
     keyManagerFactory.init(ks, keyStorePassword.toCharArray());

     FileInputStream fisTS = new FileInputStream(getKeyStore());
     KeyStore ts = KeyStore.getInstance("JKS");
     ts.load(fisTS, trustStorePassword.toCharArray());

     try 
     {
       fisTS.close();
     } 
     catch(IOException e) 
     {
     }
     TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
     trustManagerFactory.init(ts);

     HttpsUrlConnectionMessageSender messageSender = new HttpsUrlConnectionMessageSender();
     messageSender.setKeyManagers(keyManagerFactory.getKeyManagers());
     messageSender.setTrustManagers(trustManagerFactory.getTrustManagers());

     HostNameVerifier hv = new HostNameVerifier(){
        @Override
        public boolean verify( String hostname, SSLSession session)
        {
          return true;
        }
     }
     messageSender.setHostnameVerifier(hv);
     uc.setMessageSender(messageSender);
     return uc;
  } 
}

This change should fix the error about PKIX path building failed.

Conclusion –

In conclusion, we showed how to consume a SOAP Webservice over HTTPS by adding Keystore and Truststore check during runtime.

References

Producing and Consuming SOAP Webservice with Spring Boot – Part V

In this post, we will describe how to create a SOAP webservice from our existing Spring Boot REST API. In the last few posts, we have covered the following

  1. Spring Boot REST CRUD API – Part I
  2. Swagger Documentation for Spring Boot REST API – Part II
  3. Error Handling and logging in Spring Boot REST API – Part III
  4. Consuming RESTful Webservice – Part IV

This SOAP webservice will provide us user data from the database which is we have connected through Spring-data in Spring REST API.

1. Requirements

  1. Eclipse Mars2
  2. Maven 3.1 and above
  3. Spring 1.4 and above
  4. Java 7
  5. Tomcat 8

2. SOAP Web Service

We will use our existing Spring Boot REST API to build an application that will act as a SOAP web service to provide users data. For a given user id, web service will return user data.

Let’s create a schema file in src/main/resources directory and maven will create java classes based on this schema file.


<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:tns="https://betterjavacode.com/benefits/soap" targetNamespace="https://betterjavacode.com/benefits/soap" elementFormDefault="qualified">
	<xs:element name="getUserRequest">
		<xs:complexType>
			<xs:sequence>
				<xs:element name="id" type="xs:int"/>
			</xs:sequence>
		</xs:complexType>
	</xs:element>
	<xs:element name="getUserResponse">
		<xs:complexType>
			<xs:sequence>
				<xs:element name="user" type="tns:user"/>
			</xs:sequence>
		</xs:complexType>
	</xs:element>
	<xs:complexType name="user">
		<xs:sequence>
			<xs:element name="id" type="xs:int"/>
			<xs:element name="firstname" type="xs:string"/>
			<xs:element name="middlename" type="xs:string"/>
			<xs:element name="lastname" type="xs:string"/>
			<xs:element name="username" type="xs:string"/>
			<xs:element name="createdate" type="xs:date"/>
			<xs:element name="jobtitle" type="xs:string"/>
			<xs:element name="email" type="xs:string"/>
		</xs:sequence>
	</xs:complexType>
</xs:schema>

 

3. Update Maven dependencies

Now to generate classes from schema, we have to make sure we have all the right dependencies in our pom.xml. We will also add spring boot service dependency to create a SOAP web service.


<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
 <modelVersion>4.0.0</modelVersion>
 <groupId>com.betterjavacode</groupId>
 <artifactId>Benefits</artifactId>
 <packaging>war</packaging>
 <version>0.0.1-SNAPSHOT</version>
 <name>Benefits Maven Webapp</name>
 <url>http://maven.apache.org</url>
 <parent>
 <groupId>org.springframework.boot</groupId>
 <artifactId>spring-boot-starter-parent</artifactId>
 <version>1.4.2.RELEASE</version>
 </parent>
 <dependencies>
 <dependency>
 <groupId>org.springframework.boot</groupId>
 <artifactId>spring-boot-starter-web</artifactId>
 </dependency>
<dependency>
 <groupId>org.springframework.boot</groupId>
 <artifactId>spring-boot-starter-data-jpa</artifactId>
 </dependency>
 <dependency>
 <groupId>mysql</groupId>
 <artifactId>mysql-connector-java</artifactId>
 <scope>runtime</scope>
 </dependency>
 <dependency>
 <groupId>org.springframework.boot</groupId>
 <artifactId>spring-boot-starter-jdbc</artifactId>
 </dependency>
 <dependency>
 <groupId>org.springframework.boot</groupId>
 <artifactId>spring-boot-starter-test</artifactId>
 </dependency>
 <dependency>
 <groupId>org.slf4j</groupId>
 <artifactId>slf4j-api</artifactId>
 </dependency>
 <dependency>
 <groupId>io.swagger</groupId>
 <artifactId>swagger-jersey2-jaxrs</artifactId>
 <version>1.5.12</version>
 </dependency>
 <dependency>
 <groupId>io.springfox</groupId>
 <artifactId>springfox-swagger2</artifactId>
 <version>2.6.1</version>
 <scope>compile</scope>
 </dependency>
 <dependency>
 <groupId>io.springfox</groupId>
 <artifactId>springfox-swagger-ui</artifactId>
 <version>2.6.1</version>
 <scope>compile</scope>
 </dependency>
 <dependency>
 <groupId>org.apache.logging.log4j</groupId>
 <artifactId>log4j-api</artifactId>
 </dependency>
 <dependency>
 <groupId>org.apache.logging.log4j</groupId>
 <artifactId>log4j-core</artifactId>
 </dependency>
 <dependency>
 <groupId>org.springframework.boot</groupId>
 <artifactId>spring-boot-starter-web-services</artifactId>
 </dependency>
 <dependency>
 <groupId>wsdl4j</groupId>
 <artifactId>wsdl4j</artifactId>
 </dependency>
 <dependency>
 <groupId>javax.xml.bind</groupId>
 <artifactId>jaxb-api</artifactId>
 <version>2.1</version>
 </dependency>
 <dependency>
 <groupId>junit</groupId>
 <artifactId>junit</artifactId>
 <scope>test</scope>
 </dependency>
 </dependencies>
 <build>
 <plugins>
 <plugin>
 <artifactId>maven-compiler-plugin</artifactId>
 <version>3.3</version>
 <configuration>
 <source>1.8</source>
 <target>1.8</target>
 </configuration>
 </plugin>
 <plugin>
 <artifactId>maven-war-plugin</artifactId>
 <version>2.6</version>
 <configuration>
 <warSourceDirectory>WebContent</warSourceDirectory>
 <failOnMissingWebXml>false</failOnMissingWebXml>
 </configuration>
 </plugin>
 <plugin>
 <groupId>org.codehaus.mojo</groupId>
 <artifactId>jaxb2-maven-plugin</artifactId>
 <version>1.6</version>
 <executions>
 <execution>
 <id>xjc</id>
 <goals>
 <goal>xjc</goal>
 </goals>
 </execution>
 </executions>
 <configuration>
 <schemaDirectory>${project.basedir}/src/main/resources/</schemaDirectory>
 <outputDirectory>${project.basedir}/src/main/java</outputDirectory>
 <clearOutputDir>false</clearOutputDir>
 <schemaLanguage>WSDL</schemaLanguage>
 <generatePackage>com.betterjavacode.benefits.soap</generatePackage>
 <forceRegenerate>true</forceRegenerate>
 <scehmas>
 <schema>
 <url>http://localhost:8080/benefits/endpoints/users.wsdl</url>
 </schema>
 </scehmas>
 </configuration>
 </plugin>
 </plugins>
 <finalName>Benefits</finalName>
 </build>
 </project>

 

If we run the project with maven build now, the plugin jaxb2-maven-plugin will generate classes under com.betterjavacode.benefits.soap directory. It will also enable our wsdl SOAP url for users. This will generate following java objects

  • GetUserRequest
  • GetUserResponse
  • ObjectFactory
  • package-info
  • User

4. Defining the service

Next, we will define an interface for our service. This will look like below


package com.betterjavacode.benefits.services;

public interface UserAccountService
{
    public com.betterjavacode.benefits.soap.user.getUserDetails(int id);
}

Implementation of this service will be mapping out entity class User to generated class for soap service User. Using the id as a key to get user data from repository, we will map to soap service user. For post purposes, we will not show the implementation of this interface.

5. Creating the Service Endpoint

What is a service endpoint? When a SOAP request for defined URL is handled by Spring servlet, Spring servlet redirects that request to service endpoint. Service endpoint then processes that request to create a response. Our spring-boot-starter-web-services dependency will bring all the necessary classes for annotation purposes.


package com.betterjavacode.benefits.services.endpoints; 

import org.springframework.beans.factory.annotation.Autowired; 
import org.springframework.ws.server.endpoint.annotation.Endpoint; 
import org.springframework.ws.server.endpoint.annotation.PayloadRoot; 
import org.springframework.ws.server.endpoint.annotation.RequestPayload; 
import org.springframework.ws.server.endpoint.annotation.ResponsePayload; 
import com.betterjavacode.benefits.services.UserAccountService; 
import com.betterjavacode.benefits.soap.GetUserRequest; 
import com.betterjavacode.benefits.soap.GetUserResponse; 
import com.betterjavacode.benefits.soap.User; 

@Endpoint 
public class UserAccountServiceEndpoint 
{ 
  // private static final String TARGET_NAMESPACE ="http://com/betterjavacode/benefits/webservices/useraccountservice";  
  private static final String TARGET_NAMESPACE =   "https://betterjavacode.com/benefits/soap"; 
  @Autowired private UserAccountService userAccountService; 
  @PayloadRoot(localPart = "getUserRequest", namespace = TARGET_NAMESPACE) 

  public @ResponsePayload GetUserResponse getUserRequest(@RequestPayload    GetUserRequest request) 
  {  
     GetUserResponse response = new GetUserResponse(); 
     User user = userAccountService.getUserDetails(request.getId()); 
     response.setUser(user); 
     return response; 
   } 
}

@Endpoint annotation allows the class to be defined as service endpoint and included in @Component annotation for scanning. Make sure the namespace defined in this class matches with XSD schema definition. Otherwise, you can run into error for “No Endpoint defined for“.

6. Configuration

Next, we will configure our configuration class to generate wsdl endpoint. This configuration class will be annotated by @EnableWs to provide web service configuration.


package com.betterjavacode.benefits;

import org.springframework.boot.web.servlet.ServletRegistrationBean;
import org.springframework.context.ApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.io.ClassPathResource;
import org.springframework.ws.config.annotation.EnableWs;
import org.springframework.ws.config.annotation.WsConfigurerAdapter;
import org.springframework.ws.transport.http.MessageDispatcherServlet;
import org.springframework.ws.wsdl.wsdl11.DefaultWsdl11Definition;
import org.springframework.xml.xsd.SimpleXsdSchema;
import org.springframework.xml.xsd.XsdSchema;

@Configuration
@EnableWs
@ComponentScan("com.betterjavacode")
public class AppConfig extends WsConfigurerAdapter
{

    @Bean
	public ServletRegistrationBean messageDispatcherServlet(ApplicationContext applicationContext)
	{
		MessageDispatcherServlet servlet = new MessageDispatcherServlet();
		servlet.setApplicationContext(applicationContext);
		return new ServletRegistrationBean(servlet,"/benefits/endpoints/*");
	}

	@Bean(name="users")
	public DefaultWsdl11Definition defaultWsdl11Definition(XsdSchema usersSchema)
	{
		DefaultWsdl11Definition wsdl11definition = new DefaultWsdl11Definition();
		wsdl11definition.setPortTypeName("UserAccountService");
		wsdl11definition.setLocationUri("/endpoints");
		wsdl11definition.setTargetNamespace("http://com/betterjavacode/benefits/webservices/useraccountservice");
		wsdl11definition.setSchema(usersSchema);
		return wsdl11definition;
	}

	@Bean
	public XsdSchema usersSchema()
	{
		return new SimpleXsdSchema(new ClassPathResource("employees.xsd"));
	}
}

Few important points about this configuration class are

  • MessageDispatcherServlet is a required servlet to dispatch web service messages. We set this servlet with a bean to handle the URL from which request will be coming.
  • DefaultWsdl11Definition creates SOAP for the given XSD schema
  • XsdSchema provides an abstraction for our users XSD schema

7. Running the SOAP Webservice

Now build our project with maven. Run the spring boot application through eclipse to start the embedded tomcat server. Once the tomcat server starts, if we access url http://localhost:8080/benefits/endpoints/users.wsdl

Output in the browser will be as below

SOAP Webservice - wsdl endpoint

Here we showed how to create a simple SOAP webservice which we have combined with Spring Boot REST API service. We can also test this SOAP webservice using Soap UI, as shown in below screenshot

8. Consuming the SOAP web service

In previous steps, we showed how to produce a SOAP web service, now we will show how to consume this SOAP web service programmatically.

8.1 Create a client class

Under package com.betterjavacode.benefits.views, define a class UserClient which will extend a WebServiceGatewaySupport class. WebServiceGatewaySupport class provides web service methods.


package com.betterjavacode.benefits.views; 

import org.springframework.ws.client.core.support.WebServiceGatewaySupport; 
import org.springframework.ws.soap.client.core.SoapActionCallback; 
import com.betterjavacode.benefits.soap.GetUserRequest; 
import com.betterjavacode.benefits.soap.GetUserResponse; 

public class UserClient extends WebServiceGatewaySupport 
{

   public GetUserResponse getUserById(int userid) 
   { 
      GetUserRequest userrequest = new GetUserRequest(); userrequest.setId(userid); 
      GetUserResponse response = (GetUserResponse) getWebServiceTemplate().marshalSendAndReceive(userrequest, new SoapActionCallback("http://localhost:8080/benefits/endpoints/getUserResponse"));  
      return response;  
    }  
}

8.2 Configure the client for Spring Bean support

We will configure Jaxb2Marshaller to support JAXB to set context path. This will help us marshal and unmarshal our xml request and response through.


package com.betterjavacode.benefits.views; 

import org.springframework.context.annotation.Bean; 
import org.springframework.context.annotation.Configuration; 
import org.springframework.oxm.jaxb.Jaxb2Marshaller; 

@Configuration 
public class ClientAppConfig 
{ 

   @Bean 
   public Jaxb2Marshaller marshaller() 
   {  
       Jaxb2Marshaller marshaller = new Jaxb2Marshaller(); 
       marshaller.setContextPath("com.betterjavacode.benefits.soap"); 
       return marshaller;  
    } 
    
    @Bean 
    public UserClient userClient(Jaxb2Marshaller marshaller)  
    {  
        // WSDL URL - http://localhost:8080/benefits/endpoints/users.wsdl 
        UserClient uc = new UserClient(); 
        uc.setDefaultUri("http://localhost:8080/benefits/endpoints/users.wsdl"); 
        uc.setMarshaller(marshaller);  
        uc.setUnmarshaller(marshaller);
        return uc; 
     }  
}

8.3 Run the SOAP web service client

We will define a class with the main method to pass an argument of user id. Our client will call the web service with a passed argument to return the data if that user id exists in the database.

9. Conclusion

In this article, we showed how to create a SOAP web service and how to build a client to consume the same SOAP web service using Spring Boot. The code for this is available at github

10. References

  1. Spring Web services tutorial
  2. SOAP Web service producer and consumer
  3. Consuming a web service in java and SOAP UI