WAS v8.5 > Develop applications > Develop web services - Security (WS-Security) > Develop applications that use Web Services Security > Develop message-level security for JAX-WS web servicesDevelop JAX-WS based web services client applications that retrieve security tokens
The security handlers are responsible for propagating security tokens. These security tokens are embedded in the SOAP security header and passed to downstream servers. This information applies only to Java API for XML-based Web Services (JAX-WS) .
The security tokens are encapsulated in the implementation classes for the com.ibm.wsspi.wssecurity.auth.token.Token interface. We can retrieve the security token data from either a server application or a client application.
With a client application, the application serves as the request generator and the response consumer and runs as the Java EE client application. The consumer component for Web Services Security stores the security tokens that it receives in one of the properties of the MessageContext object for the current web services call. We can retrieve a set of token objects through the javax.xml.rpc.Stub interface of that web services call. You must know which security tokens to retrieve and their token IDs in case multiple security tokens are included in the SOAP security header. To retrieve the security token data from a client application:
- Use the com.ibm.wsspi.wssecurity.token.tokenPropergation key string to obtain the Hashtable for the tokens through a property value in the javax.xml.ws.Stub interface. The following example shows how to obtain the Hashtable:
java.util.Hashtable t; javax.xml.ws.Service serv = …; serv.addPort(...); javax.xml.ws.Dispatch<Object> dispatch = svc.createDispatch(...); Map<String, Object> requestContext = dispatch.getRequestContext(); requestContext.put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, ..); requestContext.put(BindingProvider.SOAPACTION_USE_PROPERTY, ..); requestContext.put(BindingProvider.SOAPACTION_URI_PROPERTY, ..); String response = dispatch.invoke(body.toString()); Map<String, Object> responseContext = dispatch.getResponseContext(); t = (Hashtable) responseContext.get( com.ibm.wsspi.wssecurity.Constants.WSSECURITY_TOKEN_PROPERGATION);- Search the targeting token objects in the Hashtable. Each token object in the Hashtable is set with its token ID as a key. You must have prior knowledge of the security token IDs to retrieve the security tokens. The following example shows how to retrieve a username token from the security header with a certain token ID value:
com.ibm.wsspi.wssecurity.auth.token.UsernameToken unt; if (t != null) { unt = (com.ibm.wsspi.wssecuty.auth.token.UsernameToken)t.get(“…”);}
Results
After completing these steps, we have retrieved the security tokens that are processed by the Web Services Security handler in a client application.
Related concepts:
Security token
Related
Develop JAX-WS based web services server applications that retrieve security tokens
Protecting system resources and APIs (Java 2 security) for developing applications
Configure Java 2 security policy files