Inserting Authentication Headers

The Jade web service WSDL import feature imports only headers that are defined in the WSDL. There are cases where the headers are not defined in the WSDL but are required by the web service. An example of this is web services security (WS-Security).

The following example shows how we can insert a header into the SOAP message before it is sent. The example demonstrates the use of the UserNameToken Profile.

Refer to https://groups.oasis-open.org/higherlogic/ws/public/document?document_id=16782 for a detailed explanation on the use of this profile in web services security.

First, we create an insertSecurityHeader method in the JadeWebServiceConsumer subclass, as follows.

insertSecurityHeader(userName, password: String): String;
vars
    header: String;
begin
    header := '<soap:Header>' & CrLf;
    header := header & '<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss
              /2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">' & CrLf;
    header := header & '<wsse:UsernameToken>' & CrLf;
    header := header & '<wsse:Username>' & userName & '</wsse:Username>' & CrLf;
    header := header & '<wsse:Password>' & password & '</wsse:Password>' & CrLf;
    header := header & '</wsse:UsernameToken>' & CrLf;
    header := header & '</wsse:Security>' & CrLf;
    header := header & "</soap:Header>" & CrLf;
    return header;
end;

We then re-implement the JadeWebServiceConsumer class invoke method, as follows.

invoke(inputMessage: String): String updating;
vars
    msg: String;
    p: Integer;
begin
    p := inputMessage.pos("<soap:Body>", 1);
    msg := inputMessage[1 : p - 1];
    msg := msg & insertSecurityHeader('fredbloggs', 'password');
    // put the appropriate username and password in here
    msg := msg & inputMessage[p : end];
    return inheritMethod(msg);
end;

This will then generate a SOAP message that looks like the following.

<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:tns="https://tpvs.hmrc.gov.uk/dpsauthentication">
    <soap:Header>
        <wsse:Security xmlns:wsse="http://docs.oasis-
        open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
            <wsse:UsernameToken>
                <wsse:Username>fredbloggs</wsse:Username>
                <wsse:Password>password</wsse:Password>
            </wsse:UsernameToken>
        </wsse:Security>
    </soap:Header>
    <soap:Body>
        ...
    </soap:Body>
</soap:Envelope>