I have a flex client connecting to a web service that needs an authentication token added as a header, named \"Identity\". An example of the expected message is:
There's a couple of ways of doing it. I personally prefer overriding the native SOAPEncoder class which given you access to the actual soap envelope before it is sent. This enables you to have more control and add things like ws-addressing and custom authenication headers.
public class myEncoder
extends SOAPEncoder
{
private const WSSE_NS:Namespace = new Namespace("wsse", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wsswssecurity-secext-1.0.xsd");
//--------------------------------------------------------------------------
//
// Constructor
//
//--------------------------------------------------------------------------
public function wsseEncoder()
{
super();
}
//--------------------------------------------------------------------------
//
// Methods
//
//--------------------------------------------------------------------------
/**
* override super classes method and recieve raw soap message to manpulate soap envelope
*
*/
public override function encodeRequest(args:* = null, headers:Array = null):XML
{
//get soap envelope from super class
var SOAPEnvelope:XML = super.encodeRequest(args, headers);
//create a header in xml and append it at as a child
securityHeaderXml = ;
securityHeaderXml.setNamespace(WSSE_NS);
securityHeaderXml.@[mustUnderstand] = 1;
//set deafult ws-security namespace - filters to all child nodes
securityHeaderXml.setNamespace(WSSE_NS);
var id:XML = ;
id.appendChild('value here');
SOAPEnvelope.prependChild(id);
SOAPEnvelope.prependChild(headerXml);
return SOAPEnvelope;
}
}
}
Then all you need to do is change the default encoder to this one, if your using generate web service classes go to the serviceBase and look for the method 'Call' and change this line to this
var enc:SOAPEncoder = new myEncoder(); //instead of this -> new SOAPEncoder();
if not iots something like myService.encoder = new myEncoder();
As simple as that.
Obviously override the encoder class gives you alot more control. You can also do the same with the SOAPDecoder class to catch the soap envelope before it get de-serialised.
Hope this helps
Jon