Spring WS Add Soap Header in Client

Sometimes you need to pass a soap header from the client to the server. This header can contain security information or other meta data. This example shows you how to add a soap header in the client using Spring WS.

We are using JAX-B to marshal the following object into the SOAP Header.

package com.memorynotfound.client;

import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlElement;
import javax.xml.bind.annotation.XmlRootElement;

@XmlRootElement(namespace = Authentication.AUTH_NS)
public class Authentication {

    public static final String AUTH_NS = "http://memorynotfound.com/security";

    @XmlElement(namespace = AUTH_NS)
    private String username;
    @XmlElement(namespace = AUTH_NS)
    private String password;

    public Authentication() {

    public Authentication(String username, String password) {
        this.username = username;
        this.password = password;

    public String getUsername() {
        return username;

    public void setUsername(String username) {
        this.username = username;

    public String getPassword() {
        return password;

    public void setPassword(String password) {
        this.password = password;

You can optionally add a package-info.java file to configure JAX-B to change the namespace prefix. In this example we changed the namespace prefix to auth.

        namespace = BeerEndpoint.NAMESPACE_URI,
        elementFormDefault = XmlNsForm.QUALIFIED,
        xmlns = {
                @XmlNs(prefix="auth", namespaceURI = Authentication.AUTH_NS)

package com.memorynotfound.client;

import com.memorynotfound.server.BeerEndpoint;
import javax.xml.bind.annotation.*;

Next, we create the SecurityHeader which implements the WebServiceMessageCallback interface. This allows us to override the doWithMessage() in which we can retrieve the SoapHeader and we marshal our custom Authentication object into the SOAP Header.

package com.memorynotfound.client;

import org.springframework.ws.WebServiceMessage;
import org.springframework.ws.client.core.WebServiceMessageCallback;
import org.springframework.ws.soap.SoapHeader;
import org.springframework.ws.soap.SoapMessage;

import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBException;
import javax.xml.bind.Marshaller;
import javax.xml.transform.TransformerException;
import java.io.IOException;

public class SecurityHeader implements WebServiceMessageCallback {

    private Authentication authentication;

    public SecurityHeader(Authentication authentication) {
        this.authentication = authentication;

    public void doWithMessage(WebServiceMessage message) throws IOException, TransformerException {
        SoapHeader soapHeader = ((SoapMessage)message).getSoapHeader();

        try {
            JAXBContext context = JAXBContext.newInstance(Authentication.class);

            Marshaller marshaller = context.createMarshaller();
            marshaller.marshal(authentication, soapHeader.getResult());

        } catch (JAXBException e) {
            throw new IOException("error while marshalling authentication.");

When we send the request using the WebServiceTemplate obtained from the WebServiceGetewaySupport, we pass in our custom SecurityHeader callback with an instance of the Authentication object. This callback is responsible for adding the SOAP Header to the request in the client.

package com.memorynotfound.client;

import com.memorynotfound.beer.GetBeerRequest;
import com.memorynotfound.beer.GetBeerResponse;
import org.springframework.ws.client.core.support.WebServiceGatewaySupport;

public class BeerClient extends WebServiceGatewaySupport {

    public GetBeerResponse getBeer(int id) {
        GetBeerRequest request = new GetBeerRequest();
        return (GetBeerResponse) getWebServiceTemplate()
                        new SecurityHeader(
                                new Authentication("username", "password")));

Last step is to configure the client using spring and java configuration.

package com.memorynotfound.client;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.oxm.jaxb.Jaxb2Marshaller;

public class SoapClientConfig {

    public Jaxb2Marshaller marshaller() {
        Jaxb2Marshaller marshaller = new Jaxb2Marshaller();
        return marshaller;

    public BeerClient weatherClient(Jaxb2Marshaller marshaller) {
        BeerClient client = new BeerClient();
        return client;


Finally, we can run the server. When we make the following request, the SOAP Header is added to the clients request.

package com.memorynotfound.client;

import com.memorynotfound.beer.GetBeerResponse;
import org.springframework.context.annotation.AnnotationConfigApplicationContext;

public class RunClient {

    public static void main(String[] args) {
        AnnotationConfigApplicationContext context = new AnnotationConfigApplicationContext(SoapClientConfig.class);
        BeerClient client = context.getBean(BeerClient.class);
        GetBeerResponse response = client.getBeer(1);


Example Request

When we execute the previous client, we can see that we have sent the following request.

<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
      <auth:authentication xmlns:auth="http://memorynotfound.com/security" xmlns:beer="http://memorynotfound.com/beer">
      <ns2:getBeerRequest xmlns:ns2="http://memorynotfound.com/beer">



You may also like...

  • menwn

    Thank you very much for this beautiful post! It was really helpful