Adding User/Password to SOAPHeader for WebService client call with AXIS2

Adding User/Password to SOAPHeader for WebService client call with AXIS2

Please help: I am trying to call a WebService from SOAPUI and I notice that the service requires username and password which I am providing through the request parameters. I notice that raw XML contains user/password snippet added to SOAPHeader. The snippet is as below:

<wsse:Security soapenv:mustUnderstand="1" xmlns:wsse=""><wsse:UsernameToken wsu:Id="UsernameToken-3" xmlns:wsu=""><wsse:Username>testuser</wsse:Username><wsse:Password Type="">testpassword&amp;</wsse:Password><wsse:Nonce EncodingType="">RYadQak91mr7dB+5hyt8yw==</wsse:Nonce><wsu:Created>2011-10-24T20:13:43.039Z</wsu:Created></wsse:UsernameToken>

Now the same thing I want to achieve by adding user/password details as in the below code: code snippet is:

org.tempuri.myService.MyServiceStub stub = new  org.tempuri.myService.MyServiceStub();

ServiceClient sc = stub._getServiceClient();
HttpTransportProperties.Authenticator auth = new HttpTransportProperties.Authenticator();


org.tempuri.myService.MyServiceDocument myService4 = (org.tempuri.myService.MyServiceDocument)getTestObject(org.tempuri.myService.MyServiceDocument.class);

MyService lval = MyService4.addNewMyService();

MyServiceParameters lvParams = lval.addNewParameters();


But I get following Axis fault exception, Need help in the mistake I am doing with the above code. Axis Fault Exception details:

org.apache.axis2.AxisFault: Exception occurred while executing service 'MyService'.
    at org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(
    at org.apache.axis2.description.OutInAxisOperationClient.handleResponse(
    at org.apache.axis2.description.OutInAxisOperationClient.send(
    at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(
    at org.apache.axis2.client.OperationClient.execute(
    at org.tempuri.myService.MyServiceStub.myService(
    at org.tempuri.myService.MyServiceTest.main(

MyServiceResponseDocument lvdoc = stub.myService(myService4);

I resolved the issue myself, this snippet might help some one who want to add additional parameters (atleast this works for me):

The code snippet is as below:

OMFactory omFactory = OMAbstractFactory.getOMFactory();
OMElement omSecurityElement = omFactory.createOMElement(new QName( "", "Security", "wsse"), null);

OMElement omusertoken = omFactory.createOMElement(new QName("", "UsernameToken", "wsu"), null);

OMElement omuserName = omFactory.createOMElement(new QName("", "Username", "wsse"), null);

OMElement omPassword = omFactory.createOMElement(new QName("", "Password", "wsse"), null);
omPassword.addAttribute("Type","",null );


Adding Custom Headers Using Client API. Step 1: First you need to get hold of the ServiceClient API. If you are not using generated stubs, then you should use ServiceClient to call the method. But if you are using generated stubs, using Axis2 WSDL2Code mechansim, call _getServiceClient() you can get hold of the ServiceClient.

For anyone else struggling with Invalid Security Header - the answer from Shiv Gopal did not work for me - i received WSS1613: The element UsernameToken inside security header is not supported.

After basically comparing my metro client to my axis2 client and tinkering with every fragment to be 1:1 it boiled down to this:


OMElement omusertoken = omFactory.createOMElement(new QName("", "UsernameToken", "wsu"), null);


OMElement omusertoken = omFactory.createOMElement(new QName(null, "wsse:UsernameToken", "wsse"), null);

And now authentication works

Hi Sanjoy, Please use AbstractHandler. Write a class extending AbstractHandler and orverride invoke() method. Invoke method will provide you with a provision to get soap envelope and set header in the response.

This dirty code within the Stub class, generated by the axis2:wsdl2code, helped me:

    public void addWsSecurityHeader(String wsUser, String wsPass)

    OMFactory omFactory = OMAbstractFactory.getOMFactory();
    OMElement omSecurityElement = omFactory.createOMElement(new QName( "", "Security", "wsse"), null);
            omSecurityElement.addAttribute("xmlns:wsu", "",  null);

    OMElement omusertoken = omFactory.createOMElement(new QName("", "UsernameToken", "wsse"), null);
    omusertoken.addAttribute("wsu:Id","UsernameToken-87",null );

    OMElement omuserName = omFactory.createOMElement(new QName("","Username", "wsse"), null);

    OMElement omPassword = omFactory.createOMElement(new QName("","Password", "wsse"), null);
    omPassword.addAttribute("Type","",null );


it produced the correct values for the

 ...<wsse:UsernameToken wsu:Id="UsernameToken-87">


because when the namespaces of the child element coincide with parents' ones, the out put child elements are without it. So you shouldn't use empty namespace for producing tags without it. But i haven't fount how to set several xmlns for the same tag, so I made a dirty hack to create the second xmlns as a tag attribute. May be I was wrong, but it worked.

Usually soap protocol uses http as the transport protocol and hence web service call using soap protocol will have all the freedom to modify any thing related to http transport protocol. Please go through the sample server side and client side codes which I have attached for simple application level authentication using soap.

Adding User/Password to SOAPHeader for WebService client call with AXIS2 at org.apache.axis2.client.OperationClient.execute(

The client calls a web service method called test() but adds a simple SOAP header containing a username and a password. The web service has a BasicHandler, defined in the deployment descriptor as a request handler, which checks each request and makes sure it contains the correct SOAP header with the correct username and password.

For the SAAJ client, two system properties (axis2.repo and axis2.xml) must be set, while for the Axis API, these can be set programmatically (and thus are passed in via command line parameters). The build.xml file shows how to do that for both.