Ouertani Slim was born in Tunisia in 1981. Now he is a software engineer since 2004 and he is Java 6 and Spring certified with 100% and 94% respectively. He is very interested in Java technology, Scala and open source projects. He believes that programming is one of the hardest jobs and most beautiful in the world. Slim has posted 32 posts at DZone. You can read more from them at their website. View Full User Profile

JAX-WS Header : Part 1 the Client Side

  • submit to reddit
PurposeManipulating JAXWS header on the client Side like adding WSS username token or logging saop message.IntroductionOn Telecom IT environment and specially middelware solution, we will rarely do all the work but rather delegate some of business process to other tiers. Web service communications is heavy used between solutions. This tutorial aims to introduce using handler on client side by adding WSS UserToken or logging the soap message on console.Adding undeclared custom headerSome Ws client needs to add a custom header which are not declared on WSDL. Adding WSS Username Token is like adding this XML snippet on header element:
      <wsse:Security  xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
         <wsse:UsernameToken wsu:Id="UsernameToken-1">
            <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">XXXX</wsse:Password>        

Unlike LogicalHandler SOAPHandler have access to the entire Soap Message. Let's create an WSSUsernameTokenSecurityHandler Local Stateless Bean extending SOAPHandler to produce the previous header.
Below the WSSUsernameTokenSecurityHandler class

package me.slim.ouertani;

import java.util.Set;
import java.util.TreeSet;
import javax.annotation.Resource;
import javax.ejb.LocalBean;
import javax.ejb.Stateless;
import javax.xml.namespace.QName;
import javax.xml.soap.*;
import javax.xml.ws.handler.MessageContext;
import javax.xml.ws.handler.soap.SOAPHandler;
import javax.xml.ws.handler.soap.SOAPMessageContext;

public class WSSUsernameTokenSecurityHandler implements SOAPHandler<SOAPMessageContext> {

    @Resource(lookup = "login")
    private String login;
    @Resource(lookup = "pwd")
    private String pwd;

    public WSSUsernameTokenSecurityHandler() {

    public boolean handleMessage(SOAPMessageContext context) {

        Boolean outboundProperty =
                (Boolean) context.get(MessageContext.MESSAGE_OUTBOUND_PROPERTY);
        if (outboundProperty.booleanValue()) {

            try {
                SOAPEnvelope envelope = context.getMessage().getSOAPPart().getEnvelope();
                SOAPFactory factory = SOAPFactory.newInstance();
                String prefix = "wsse";
                String uri = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
                SOAPElement securityElem =
                        factory.createElement("Security", prefix, uri);
                SOAPElement tokenElem =
                        factory.createElement("UsernameToken", prefix, uri);
                tokenElem.addAttribute(QName.valueOf("wsu:Id"), "UsernameToken-2");
                tokenElem.addAttribute(QName.valueOf("xmlns:wsu"), "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
                SOAPElement userElem =
                        factory.createElement("Username", prefix, uri);
                SOAPElement pwdElem =
                        factory.createElement("Password", prefix, uri);
                pwdElem.addAttribute(QName.valueOf("Type"), "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText");
                SOAPHeader header = envelope.addHeader();

            } catch (Exception e) {
        } else {
            // inbound
        return true;

    public Set<QName> getHeaders() {
        return new TreeSet();

    public boolean handleFault(SOAPMessageContext context) {
        return false;

    public void close(MessageContext context) {

Next, declare the StatelessBean and inject both Webservice via @WebServiceRef and WSSUsernameTokenSecurityHandler via @EJB. A callback init method will add a HandlerResolver to the service. Below the full implementation

public class WebServiceClientBean {

    private WsService service;
    private WSSUsernameTokenSecurityHandler wSSUsernameTokenSecurityHandler;

    private void init() {
        service.setHandlerResolver( new HandlerResolver() {

            public List<Handler> getHandlerChain(PortInfo portInfo) {
                List<Handler> handlerList = new ArrayList<Handler>();
                return handlerList;

  public WsResponse getService(WsRequest wsRequest) {      
        WsPort port = service.getPort();
        return port.invoqueService(wsRequest);

Logging SOAP messagesLogging exchange xml message can be also using handlers, below the scala snippet handler used to log both in and out messages:

class RequestResponsePrinter  extends SOAPHandler[SOAPMessageContext] with LogHelper {
override def getHeaders(): Set[QName] = {
    return new TreeSet();

  override def handleMessage(context: SOAPMessageContext): Boolean = {
    val sb = new ToStringBuilder(this).append("Call operation", "handleMessage");

    val outboundProperty = context.get(MessageContext.MESSAGE_OUTBOUND_PROPERTY).asInstanceOf[Boolean]

      try {
            val msg = context.getMessage()
            val out = new ByteArrayOutputStream();
            val strMsg = new String(out.toByteArray());
            L.debug("outbound  : "+outboundProperty.booleanValue()+" [" + strMsg + "]");

      } catch {
        case e: Exception =>
          L.error(sb.append("EXCEPTION", e.getMessage()), e);
    return true;

  override def handleFault(context: SOAPMessageContext): Boolean = {
    return false;

  override def close(context: MessageContext) {
  • scala version of Handler resolver
new HandlerResolver() {

      override def getHandlerChain(portInfo: PortInfo): java.util.List[javax.xml.ws.handler.Handler[_ <: javax.xml.ws.handler.MessageContext]] = {
        import scala.collection.mutable.ArrayBuffer
        val handlerList = ArrayBuffer[Handler[_ <: javax.xml.ws.handler.MessageContext]]()       
        handlerList += new RequestResponsePrinter()
        return handlerList

ConclusionWe have heavily used handler on client side. On the server side things can change a bit, to be continued ...
Published at DZone with permission of its author, Slim Ouertani.

(Note: Opinions expressed in this article and its replies are the opinions of their respective authors and not those of DZone, Inc.)


Abhay Bakshi replied on Wed, 2012/06/27 - 5:02am

Useful.  This useful article needs some editing though.  We look forward to Part 2.

Slim Ouertani replied on Thu, 2012/06/28 - 5:09am in response to: Abhay Bakshi

Abhay Bakshi replied on Tue, 2012/08/28 - 9:28pm in response to: Slim Ouertani

Thank you Slim.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.