Jay SenSharma

Jay SenSharma

Here we are going to develop a very simple example of webserivce (JAX-RPC) in which we can add the UserName & Token in the Clients SOAP Headers. This Sample can be run in any WebLogic Version which is higher than WLS 8.1

Step 1). We Need to Create a WebService using the “Auth.xml” Policy file. (Auth.xml is a Authentication policy file which comes along with WebLogic).

package examples.webservices.security_jws;

import weblogic.jws.WLHttpTransport;
import weblogic.jws.Policies;
import weblogic.jws.Policy;
import javax.jws.WebService;
import javax.jws.WebMethod;
import javax.jws.soap.SOAPBinding;

@WebService(name=”SecureHelloWorldPortType”,
serviceName=”SecureHelloWorldService”,
targetNamespace=”http://www.bea.com”)

@SOAPBinding(style=SOAPBinding.Style.DOCUMENT,
use=SOAPBinding.Use.LITERAL,
parameterStyle=SOAPBinding.ParameterStyle.WRAPPED)

@WLHttpTransport(contextPath=”SecureHelloWorldService”,
serviceUri=”SecureHelloWorldService”,
portName=”SecureHelloWorldServicePort”)

@Policies({ @Policy(uri=”policy:Auth.xml”, direction=Policy.Direction.inbound)})

public class SecureHelloWorldImpl
{
@WebMethod()
public String sayHello(String s)
{
System.out.println(“nnt sayHello(“+s+”) method invoked inside SecureHelloWorldImpl.”);
return “Hello ” + s;
}
}

Step 2). We need to write an ANT build script using JWSC Task sothat we can compile and build the WebService Application.

<project default=”all” basedir=”.”>
<property value=”SecureHelloWorldImpl” />
<property value=”${basedir}/webservicesSecurityeEar” />
<property value=”${basedir}/webservicesSecurity_client” />
<property value=”C:replicationcerts” />
<property value=”weblogic” />
<property value=”weblogic” />
<property value=”localhost” />
<property value=”7001″ />
<property value=”AdminServer” />

<path>
<pathelement path=”${client.dir}”/>
<pathelement path=”${java.class.path}”/>
</path>
<taskdef    classname=”weblogic.wsee.tools.anttasks.JwscTask” />
<taskdef    classname=”weblogic.wsee.tools.anttasks.ClientGenTask” />
<target depends=”clean,server,client,deploy,run” />
<target depends=”clean,server,client” />

<target>
<delete dir=”${ear.dir}”/>
<delete dir=”${client.dir}”/>
</target>

<target>
<mkdir dir=”${ear.dir}”/>
<jwsc srcdir=”${basedir}” destdir=”${ear.dir}”  classpath=”${java.class.path}”   fork=”true”  keepGenerated=”true”deprecation=”${deprecation}” debug=”true”  verbose=”true”>
<jws file=”${ws.file}.java” explode=”true”/>
</jwsc>
</target>

<target>
<wldeploy action=”deploy” source=”${ear.dir}” user=”${wls.username}” password=”${wls.password}” verbose=”true” adminurl=”t3://${wls.hostname}:${wls.port}” targets=”${wls.server.name}” />
</target>

<target>
<wldeploy action=”redeploy”  source=”${ear.dir}” user=”${wls.username}”  password=”${wls.password}” verbose=”true” failonerror=”${failondeploy}” adminurl=”t3://${wls.hostname}:${wls.port}”  targets=”${wls.server.name}” />
</target>

<target>
<mkdir dir=”${client.dir}”/>
<clientgen   wsdl=”http://${wls.hostname}:${wls.port}/SecureHelloWorldService/SecureHelloWorldService?WSDL” destDir=”${client.dir}” classpath=”${java.class.path}” packageName=”examples.webservices.security_jws.client”/>
<javac   srcdir=”${client.dir}” destdir=”${client.dir}”    classpath=”${java.class.path}” includes=”examples/webservices/security_jws/client/**/*.java”/>
<javac   srcdir=”${basedir}” destdir=”${client.dir}”    classpath=”${java.class.path};${client.dir}” includes=”SecureHelloWorldClient.java”/>
</target>

<target >
<java fork=”true” classname=”client.SecureHelloWorldClient” failonerror=”false” >
<classpath refid=”client.class.path”/>
<jvmarg line=” -Dweblogic.wsee.verbose=*”/>
<arg line=” weblogic   weblogic ” />
</java>
</target>

</project>

Step 3). Now we need to run the above ANT build.xml file which is going to generate the WebService EAR file. (before running the ANT we need to make sure that either we have run “setWLSEnv.sh”  or    “SetDomainEnv.sh” in the current command window)

Step 4). Now we need to write the Client to access the WebService:

package client;

import examples.webservices.security_jws.client.SecureHelloWorldService;
import examples.webservices.security_jws.client.SecureHelloWorldService_Impl;
import examples.webservices.security_jws.client.SecureHelloWorldPortType;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import javax.xml.rpc.Stub;

import weblogic.security.SSL.TrustManager;
//Import classes to create the Binary and Username tokens
//import weblogic.wsee.security.bst.ClientBSTCredentialProvider;
import weblogic.wsee.security.unt.ClientUNTCredentialProvider;
// Import classes for creating the client-side credential provider
import weblogic.xml.crypto.wss.WSSecurityContext;
import weblogic.xml.crypto.wss.provider.CredentialProvider;
public class SecureHelloWorldClient
{
public static void main(String[] args) throws Throwable
{
String username = args[0];
String password = args[1];
String wsdl = http://localhost:7001/SecureHelloWorldService/SecureHelloWorldService?WSDL;

SecureHelloWorldService service = new SecureHelloWorldService_Impl(wsdl);
SecureHelloWorldPortType port = service.getSecureHelloWorldServicePort();

//create emtpy list of credential providers
List credProviders = new ArrayList();
//Create client-side UsernameToken credential provider based on username and password parameters

CredentialProvider cp = new ClientUNTCredentialProvider(username.getBytes(),password.getBytes());
credProviders.add(cp);
Stub stub = (Stub)port;

// Set stub property to point to list of credential providers
stub._setProperty(WSSecurityContext.CREDENTIAL_PROVIDER_LIST, credProviders);
//Client runtime uses server’s certificate (embedded in WS-Policy file in the WSDL) to encrypt the SOAP  //request, so following code shows how the client can verify that this certificate is valid using the TrustManager.

stub._setProperty(WSSecurityContext.TRUST_MANAGER,new TrustManager()
{
public boolean certificateCallback(X509Certificate[] chain, int validateErr)
{
return true;
}
}
);

String response = port.sayHello(“Hello World !!! Auth.xml “);
System.out.println(“response = ” + response);
}
}

Now we can run the TestClient…

————————————

Regards

Jay SenSharma

If you enjoyed this post, please considerleaving a comment or subscribing to the RSS feed to have future articles delivered to your feed reader.