WS-Security Username Tokens in Groovy

The  simplest of WS-Security tokens:  just send a username and password in the SOAP header. Ignoring the usual arguments about how insecure this might be, there are a number of systems that actually utitlise this and if you are using groovy-wslite, you might need to add it. The following code snippet generates the appropriate XML fix can be placed in the header.

	def user='me'
	def pass='mypassword'
	def ttlms=10000
	def id=UUID.randomUUID().toString()
	def timeStampId= "Timestamp-${id}"
	def tokenId="UsernameToken-${id}"
	def fmt=ISODateTimeFormat.dateTime()
	def created=new DateTime()
	def writer=new StringWriter()
	def builder=new MarkupBuilder(writer)
	builder.'wsse:Security'('xmlns:wsse':'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd') {
	'wsu:Timestamp'('wsu:Id':timeStampId, 'xmlns:wsu':'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd') {
	'wsu:Created'(fmt.print(created))
	'wsu:Expires'(fmt.print(expires))
	}
	'wsse:UsernameToken'('wsu:Id':tokenId, 'xmlns:wsu':'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd') {
	'wsse:Username'(user)
	'wsse:Password'(Type:'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText', pass)
	}
	}
	println writer.toString()

view raw ws-security.groovy hosted with ❤ by GitHub

If you place this in a seperate closure, the just call it from your message closure as using mkp.yieldUnescaped.