I need to write a web service client to call a third party web service (SOAP based). The third party published a wsdl and the associated xsd files.
The third party secure their website and services using .p12 certificates
I used wsdl2java to generate my stubs. I modified the endpoints and called the service. I received the following error:
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-ENV:Header></SOAP-ENV:Header>
<SOAP-ENV:Body>
<SOAP-ENV:Fault>
<faultcode xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">wsse:InvalidSecurity</faultcode>
<faultstring>SECU1075: An error was discovered processing the <wsse:Security> header</faultstring>
<detail>SECU3510: Signature requirements validation failed: Element (/soapenv:Envelope/soapenv:Body) was not signed</detail>
</SOAP-ENV:Fault>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
Hmmm, ok. Makes sense that I should be signing the document.
The strange part (to me) is there isn't a security definition anywhere in the WSDL file. Is this normal? I contacted the third party and they sent me a pdf of what the SOAP message needs to look like. The following tags appear in the header: containing:
<wsse:BinarySecurityToken>
and
<dsig:SignedInfo>
so from what I gather, it requires my certificate and some digital signatures.
Can someone recommend how to generate these in Java? I started down the Axis2/Rampart path but honestly, it seems those are predicated on having the security requirements defined in the WSDL file (correct me if I'm wrong).