<xsd:complextype name="SecurityHeaderType">
<xsd:annotation>
<xsd:documentation>This complexType defines header block to use for security-relevant data directed at a specific SOAP actor.</xsd:documentation>
</xsd:annotation>
<xsd:sequence>
<xsd:any maxoccurs="unbounded" minoccurs="0" processcontents="lax">
<xsd:annotation>
<xsd:documentation>The use of "any" is to allow extensibility and different forms of security data.</xsd:documentation>
</xsd:annotation>
</xsd:any>
</xsd:sequence>
<xsd:anyattribute namespace="##other" processcontents="lax">
</xsd:anyattribute></xsd:complextype>
You generate the Java code using xjc or wsimport and then are wondering how to use the generated SecurityHeaderType object to put something like a username and password inside of it.You may try to do something like this:
// build the security header
SecurityHeaderType headerWSSE = new SecurityHeaderType();
// Create the userName and password that will go in the security header
UsernameTokenType userNameToken = new UsernameTokenType();
AttributedString userNameAttribute = new AttributedString();
userNameAttribute.setValue("joebob");
userNameToken.setUsername(userNameAttribute );
PasswordString passwordString = new PasswordString();
passwordString.setValue("secret");
userNameToken.getAny().add(passwordString);
headerWSSE.getAny().add(userNameToken);
(NOTE: UsernameTokenType and PasswordString types are both defined in the ws-security schema found here.)
If you run with this code, you will most likely get an error like this when it attempts to create the XML:
javax.xml.ws.WebServiceException: com.sun.istack.internal.XMLStreamException2: javax.xml.bind.MarshalException
- with linked exception:
[com.sun.istack.internal.SAXException2: unable to marshal type "org.oasis_open.docs.wss._2004._01.oasis_200401_wss_wssecurity_secext_1_0.UsernameTokenType" as an element because it is missing an @XmlRootElement annotation]
The reason is that when xjc or wsimport generated the JAXB annotated classes it didn't create XmlRootElement annotations for UsernameTokenType or PasswordString. So, it doesn't know how to handle them properly when they are added to the "any" collection.
So, one fix, is to manually add the XmlRootElement annotations to the UsernameTokenType and PasswordString classes. However, I generally do not like the idea of manually modifying generated code. It should be throw away to a certain degree. That is if the schema changes and I need to re-generate I'd like to be able to just wipe the previously generated code and re-generate the new code.
Another option, is to use a plug-in like the annotate plugin to allow you to create a custom JAXB binding file that will add the XmlRootElement annotation as part of the code generation process.
You can find the annotate plugin here. http://confluence.highsource.org/display/J2B/Annotate+Plugin
The third option you have is to write your code in such a way that it wraps the UsernameTokenType and PasswordString objects in JAXBElement objects that can tell it how to create the root element names. Here's the code for that:
// build the security header
SecurityHeaderType headerWSSE = new SecurityHeaderType();
// Create the userName and password that will go in the security header
UsernameTokenType userNameToken = new UsernameTokenType();
AttributedString userNameAttribute = new AttributedString();
userNameAttribute.setValue("joebob");
userNameToken.setUsername(userNameAttribute );
PasswordString passwordString = new PasswordString();
passwordString.setValue("secret");
// Since SecurityHeaderType takes "any" type, we must create JAXBElements to properly set the root elements... stupid "any" type!
QName qnamePassword = new QName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "Password");
JAXBElement jaxbPassword = new JAXBElement(qnamePassword ,PasswordString.class,passwordString);
userNameToken.getAny().add(jaxbPassword);
QName qname = new QName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "UsernameToken");
JAXBElement jaxbUserName = new JAXBElement(qname ,UsernameTokenType.class,userNameToken);
// Add our JAXBElements to the headers "any" list.
headerWSSE.getAny().add(jaxbUserName);
This final approach requires you to create a QName instance to set the namespace and the root element name. Then you can create a JAXBElement that wraps your actual PasswordString and UsernameTokenType objects. In my case, I wanted the PasswordString inside the UsernameToken so that's why you see that I added PasswordString into the usernameToken's any collection.The code above produces the following XML:
<ns3:Security xmlns:ns3="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" >
<ns3:UsernameToken>
<ns3:Username>joebob</ns3:Username>
<ns3:Password>secret</ns3:Password>
</ns3:UsernameToken>
</ns3:Security>
Your namespace pre-fix may vary of course and I removed some of the extra namespace entries that were declared as part of the Security element since they weren't used in this node.
Hope this helps! If you have any questions, feel free to post them below.