Hi,

Jay SenSharma

Jay SenSharma

Here is a Simple demonstration of WebLogic  JAXWS Based WebService which uses  “policy:Wssp1.2-2007-Https-UsernameToken-Plain.xml” Policy.

Step  1). Create a Domain which runs on 7001 Port with the AdminServer Name as “AdminServer”.

Step 2). Start The Domain And Login to Admin Console And Enable the SSL Listen Port to 7002 Port.

Step 3). Now Create a Directory “C:Basic_UserName_WSsrc”  Directory… Or Based on your File System you can create the “Basic_UserName_WS” firectory any where.

Step4). Now Copy “configWss.py” file from “<BEA_HOME>wlserver_10.3samplesserverexamplessrcexampleswebserviceswss1.1” and paste it in “C:Basic_UserName_WSsrc” directory.

Step5). Write the WebService Application… “”C:Basic_UserName_WSsrcBank_BankSOAPImpl.java

package ws;
import javax.annotation.Resource;
import javax.jws.WebMethod;
import javax.jws.WebService;
import javax.xml.ws.BindingType;
import javax.xml.ws.WebServiceContext;
import weblogic.jws.*;
@WebService(portName = "BankSOAP", serviceName = "Bank", targetNamespace = "http://ws/Bank/")
@BindingType("http://schemas.xmlsoap.org/wsdl/soap/http")
@Policies( {@Policy(uri = "policy:Wssp1.2-2007-Https-UsernameToken-Plain.xml")})
public class Bank_BankSOAPImpl{
@Resource
private WebServiceContext context;

public Bank_BankSOAPImpl() {
System.out.println("nnt Bank_BankSOAPImpl Service Instentiated...");
}

@WebMethod()
public String getBalance(String accountNo) {
String principal = context.getUserPrincipal().getName();
System.out.println("Hello! Here is the passed=in message: " + accountNo+ ". And here is the user principal: " + principal+ ".");
return "1000";
}
}
Step6). Write the WebService Application… “”C:Basic_UserName_WSsrcBankSecureClient.java
package client;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import javax.xml.ws.BindingProvider;
import javax.xml.ws.WebServiceRef;
import weblogic.security.SSL.TrustManager;
import weblogic.wsee.security.bst.ClientBSTCredentialProvider;
import weblogic.wsee.security.unt.ClientUNTCredentialProvider;
import weblogic.wsee.security.util.CertUtils;
import weblogic.xml.crypto.wss.WSSecurityContext;
import weblogic.xml.crypto.wss.provider.CredentialProvider;
public class BankSecureClient
{
final static String serverCertFile = "F:\DELETE\SecureService\Without_Secvice_BankClient\Certificates/ServerCert.der";
final static String clientKeyStore = "F:\DELETE\SecureService\Without_Secvice_BankClient\Certificates/ClientIdentity.jks";
final static String clientKeyStorePass = "ClientKey";
final static String clientKeyAlias = "identity";
final static String clientKeyPass = "ClientKey";
public static void main(String ar[])   throws Exception
{
  Bank service=new  Bank();
  BankBankSOAPImpl port=service.getBankSOAP();
System.out.println("-----------1"+port);
List credProviders = new ArrayList();
ClientUNTCredentialProvider unt = new ClientUNTCredentialProvider("weblogic".getBytes(), "weblogic".getBytes());
credProviders.add(unt);
System.out.println("-----------2");
X509Certificate serverCert = (X509Certificate)CertUtils.getCertificate(serverCertFile);
serverCert.checkValidity();
CredentialProvider cp =new ClientBSTCredentialProvider(clientKeyStore, clientKeyStorePass,clientKeyAlias, clientKeyPass,"JKS", serverCert);
credProviders.add(cp);
System.out.println("-----------3");
Map<String, Object> requestContext = ((BindingProvider)port).getRequestContext();
requestContext.put(WSSecurityContext.CREDENTIAL_PROVIDER_LIST,credProviders);
requestContext.put(WSSecurityContext.TRUST_MANAGER,new TrustManager() {
public boolean certificateCallback(X509Certificate[] chain,int validateErr) {
  boolean result = false;
  try{
result = chain[0].equals((X509Certificate)CertUtils.getCertificate(serverCertFile));
  }catch(Exception e){  e.printStackTrace();}
return result;
}
});
System.out.println("-----------4");
System.out.println("nnt Service returned: "+port.getBalance("1000"));
}
}
Step7). Now Write the ANT  “build.xml” file in the directory “C:Basic_UserName_WS“.

<project name="webservices-hello_world" default="all">
<!-- set global properties for this build -->
<property name="wls.username" value="weblogic" />
<property name="wls.password" value="weblogic" />
<property name="wls.hostname" value="localhost" />
<property name="wls.port" value="7001" />
<property name="wls.server.name" value="AdminServer" />
<property name="ear.deployed.name" value="helloWorldEar" />
<property name="example-output" value="output" />
<property name="ear-dir" value="${example-output}/helloWorldEar" />
<property name="clientclass-dir" value="./clientclasses"  />
<property name="certificates" value="./${clientclass-dir}/certificates"  />

<path id="client.class.path">
<pathelement path="${clientclass-dir}"/>
<pathelement path="${java.class.path}"/>
</path>

<taskdef name="jwsc" classname="weblogic.wsee.tools.anttasks.JwscTask" />
<taskdef name="clientgen"  classname="weblogic.wsee.tools.anttasks.ClientGenTask" />
<taskdef name="wldeploy" classname="weblogic.ant.taskdefs.management.WLDeploy"/>

<target name="all" depends="clean,CreateCertificates,message" />

<target name="clean" depends="undeploy">
<delete dir="${example-output}"/>
</target>

<target name="CreateCertificates">
<mkdir dir="${clientclass-dir}" />
<mkdir dir="${certificates}" />
<java classname="utils.CertGen" fork="true" failonerror="true" >
<classpath refid="client.class.path"/>
<arg  line="-certfile ${certificates}/ClientCert -keyfile ${certificates}/ClientKey -keyfilepass ClientKey" />
</java>
<java classname="utils.CertGen" fork="true" failonerror="true" >
<classpath refid="client.class.path"/>
<arg  line="-certfile ${certificates}/ServerCert -keyfile ${certificates}/ServerKey -keyfilepass ServerKey" />
</java>
<java classname="utils.ImportPrivateKey" fork="true" failonerror="true" >
<classpath refid="client.class.path"/>
<arg  line="-certfile ${certificates}/ClientCert.der -keyfile ${certificates}/ClientKey.der -keyfilepass ClientKey -keystore ${certificates}/ClientIdentity.jks -storepass ClientKey -alias identity -keypass ClientKey" />
</java>
<java classname="utils.ImportPrivateKey" fork="true" failonerror="true" >
<classpath refid="client.class.path"/>
<arg  line="-certfile ${certificates}/ServerCert.der
-keyfile ${certificates}/ServerKey.der
-keyfilepass ServerKey
-keystore ${certificates}/ServerIdentity.jks
-storepass ServerKey
-alias identity
-keypass ServerKey" />
</java>
<java classname="weblogic.WLST" fork="true" failonerror="true" >
<classpath refid="client.class.path"/>
<arg  line="./src/configWss.py weblogic weblogic localhost 7001 ./ServerIdentity.jks ServerKey identity ServerKey" />
</java>
</target>

<target name="message">
<echo message="********************************************************" />
<echo message="Now You Need to Restart Your Server ....Because WebService Security Configurations are done in the Server" />
<echo message="********************************************************" />
<echo message="Please copy ${certificates}/ServerIdentity.jks  file in Domain Root Directory.." />
<echo message="EXAMPLE: C:/bea103/ser_projects/domains/WS_Security_Domain/ServerIdentity.jks" />
<echo message="----------- After Restart Of Your Server You Can run Ant Run -----------" />
</target>

<target name="build-service">
<jwsc srcdir="src" destdir="${ear-dir}">
<jws file="Bank_BankSOAPImpl.java" type="JAXWS"/>
</jwsc>
</target>

<target name="deploy" depends="build-service">
<wldeploy action="deploy"  name="${ear.deployed.name}" source="${ear-dir}"
user="${wls.username}" password="${wls.password}" verbose="true"
adminurl="t3://${wls.hostname}:${wls.port}" targets="${wls.server.name}" />
</target>

<target name="undeploy">
<wldeploy action="undeploy" name="${ear.deployed.name}" failonerror="false" user="${wls.username}" password="${wls.password}" verbose="true" adminurl="t3://${wls.hostname}:${wls.port}" targets="${wls.server.name}" />
</target>

<target name="client" depends="deploy">
<clientgen  wsdl="http://${wls.hostname}:${wls.port}/Bank_BankSOAPImpl/Bank?WSDL" destDir="${clientclass-dir}"
type="JAXWS" packageName="client"/>
<javac  srcdir="src" destdir="${clientclass-dir}" includes="BankSecureClient.java"/>
</target>

<target name="run" depends="client">
<java classname="client.BankSecureClient" fork="true" failonerror="true" >
<classpath refid="client.class.path"/>
<arg  line="http://${wls.hostname}:${wls.port}/HelloWorldImpl/HelloWorldImpl" />
<jvmarg value="-Djavax.net.ssl.trustStore=C:bea103wlserver_10.3serverlibDemoTrust.jks"/>
<jvmarg value="-Dweblogic.wsee.verbose=*"/>
</java>
</target>
</project>
NOTE: In the above ant script Please specify the correct path of “DemoTrust.jks” according the your WLS Installation Location….Other wise you will get Exception…
——————————————-
Step8). Open a command Window and then run “. ./setWLSEnv.sh”.

Note: There are two Dots in the above command separated ba a Single Space (. ./setWLSEnv.sh)
——————————————-

Step9). Now nevigate to the current Directory… “C:Basic_UserName_WS” and then run the ant…It will create the Certificates as well as it will register these Certificates to the WebLogic Domain…At Domain Level Security…

Example:
C:Basic_UserName_WS> ant
OUTPUT:
C:Basic_UserName_WS>ant
Buildfile: build.xml
undeploy:
[wldeploy] weblogic.Deployer -verbose -noexit -name helloWorldEar -targets AdminServer -adminurl t3://localhost:7001 -user weblogic -passwo
rd ******** -undeploy
[wldeploy] weblogic.Deployer invoked with options:  -verbose -noexit -name helloWorldEar -targets AdminServer -adminurl t3://localhost:7001
-user weblogic -undeploy
[wldeploy] <Jan 19, 2010 11:14:08 PM IST> <Info> <J2EE Deployment SPI> <BEA-260121> <Initiating undeploy operation for application, helloWo
rldEar [archive: null], to AdminServer .>
[wldeploy] Task 2 initiated: [Deployer:149026]remove application helloWorldEar on AdminServer.
[wldeploy] Task 2 completed: [Deployer:149026]remove application helloWorldEar on AdminServer.
[wldeploy] Target state: undeploy completed on Server AdminServer
[wldeploy]
clean:
[delete] Deleting directory C:Basic_UserName_WSoutput
CreateCertificates:

Generating a certificate with common name Jack and key strength 1024

issued by CA with certificate from C:bea103WLSERV~1.3serverlibCertGenCA.der file and key from C:bea103WLSERV~1.3serverl

ibCertGenCAKey.der file

Generating a certificate with common name Jack and key strength 1024

issued by CA with certificate from C:bea103WLSERV~1.3serverlibCertGenCA.der file and key from C:bea103WLSERV~1.3serverl

ibCertGenCAKey.der file

Imported private key ././clientclasses/certificates/ClientKey.der and certificate ././clientclasses/certificates/ClientCert.der

into keystore ././clientclasses/certificates/ClientIdentity.jks of type jks under alias identity

Imported private key ././clientclasses/certificates/ServerKey.der and certificate ././clientclasses/certificates/ServerCert.der

into keystore ././clientclasses/certificates/ServerIdentity.jks of type jks under alias identity

Initializing WebLogic Scripting Tool (WLST) …

Welcome to WebLogic Server Administration Scripting Shell

Type help() for help on available commands

Connect to the running adminSever

Connecting to t3://localhost:7001 with userid weblogic …

Successfully connected to Admin Server ‘AdminServer’ that belongs to domain ‘WS_Security_Domain’.

Warning: An insecure protocol was used to connect to the

server. To ensure on-the-wire security, the SSL port or

Admin port should be used instead.

Location changed to edit tree. This is a writable tree with

DomainMBean as the root. To make changes you will need to start

an edit session via startEdit().

For more help, use help(edit)

Starting an edit session …

Started edit session, please be sure to save and activate your

changes once you are done.

assert x509 is aleady enabled

found exsiting bean for: default_wss

found exsiting bean for: DK default_dk_cp

found exsiting bean for: x.509 default_x509_cp

Saving all your changes …

Saved all your changes successfully.

Activating all your changes, this may take a while …

The edit lock associated with this edit session is released

once the activation is completed.

Activation completed

Disconnected from weblogic server: AdminServer

Exiting WebLogic Scripting Tool.

message:
[echo] ********************************************************
[echo] Now You Need to Restart Your Server ….Because WebService Security Configurations are done in the Server
[echo] ********************************************************
[echo] Please copy ././clientclasses/certificates/ServerIdentity.jks  file in Domain Root Directory..
[echo] EXAMPLE: C:/bea103/ser_projects/domains/WS_Security_Domain/ServerIdentity.jks
[echo] ———– After Restart Of Your Server You Can run Ant Run ———–
all:
BUILD SUCCESSFUL
Total time: 11 seconds
C:Basic_UserName_WS>
——————————————-
Step10). Now you need paste the generated “ServerIdentity.jks” file from “C:Basic_UserName_WSclientclassescertificates” to WebLogic Domain Root Directory….

Example: C:bea103user_projectsdomainsWS_Security_DomainServerIdentity.jks
———————————–
Step 11). Restart your Server….Sothat it will pick up the “ServerIdentity.jks”

———————————–
Step12). Now run the ANT build again with the Argument “run” this time…

Example:
C:Basic_UserName_WS>ant run
.
.

Thanks
Jay SenSharma

If you enjoyed this post, please consider leaving a comment or subscribing to the RSS feed to have future articles delivered to your feed reader.