First we start by making a JAX-WS Web Service and adding a policy.
The Helloworld Web Service with HTTPS and plain username policy which I use in this example.
package nl.whitehorses.ws.saml;
import javax.jws.WebService;
import weblogic.jws.Policy;
@WebService(name = "HelloWorldService", portName = "HelloWorldServiceSoapHttpPort")
@Policy(uri = "policy:Wssp1.2-2007-Https-UsernameToken-Plain.xml")
public class HelloWorld {
public HelloWorld() {
}
public String sayHello() {
return "Hello world";
}
}
Deploy this on a Weblogic server and make sure the HTTPS port is working. See the keystore / ssl tab of the Weblogic server configuration.
Now we can download the latest Netbeans ( I use version 6.5.1 ) and Metro 1.5. Install Netbeans and add the latest Metro jars to your Glassfish 2 server. ( use ant & metro-on-glassfish.xml for this ). The Weblogic 2007/02 policies are using 256 bits encryption, so we need to download the Java Cryptography Extension (JCE) files and install this on every JDK we are using. The last install step is add to the wsit demo keystores to the glassfish server.
Step 1 is to download the WSDL of the Helloworld Service.
Save this xml to the HelloworldService.wsdl file and open this in a editor. We have to remove the policy reference in the porttype and add this to the binding
<portType name="HelloWorldService" wsp:PolicyURIs="#Wssp1.2-2007-Https-UsernameToken-Plain.xml">
<operation name="sayHello">
<input message="tns:sayHello"/>
<output message="tns:sayHelloResponse"/>
</operation>
</portType>
<binding name="HelloWorldServiceSoapHttpPortBinding" type="tns:HelloWorldService">
<soap:binding transport="http://schemas.xmlsoap.org/soap/http" style="document"/>
<operation name="sayHello">
<soap:operation soapAction=""/>
<input>
<soap:body use="literal"/>
</input>
<output>
<soap:body use="literal"/>
</output>
</operation>
</binding>
to
<portType name="HelloWorldService">
<operation name="sayHello">
<input message="tns:sayHello" />
<output message="tns:sayHelloResponse" />
</operation>
</portType>
<binding name="HelloWorldServiceSoapHttpPortBinding" type="tns:HelloWorldService">
<ns2:PolicyReference xmlns:ns2="http://www.w3.org/ns/ws-policy" URI="#Wssp1.2-2007-Https-UsernameToken-Plain.xml"/>
<soap:binding transport="http://schemas.xmlsoap.org/soap/http" style="document" />
<operation name="sayHello">
<soap:operation soapAction="" />
<input>
<soap:body use="literal" />
</input>
<output>
<soap:body use="literal" />
</output>
</operation>
</binding>
Else the Netbeans wizard won't detect the policy.
Create a new Web Application in Netbeans
Select the new project and add a new Web Service Client
Select the HelloworldService wsdl
Select the just created web service reference and select "Edit Web Service Attributes" on this reference
Deselect "Use development defaults" and provide a Username / password of a valid Weblogic account.
Select for the private key which will be used in the encryption.
And the select the public key of the Weblogic server certificate.
When we take a look at the META-INF folder in the source folder, we can see that the wizard has created a web service configuration file which will be used by Metro to setup the security to the Weblogic Web Service
To test this web service client, we will add a servlet to the project
Deselect the comment and use the right button to add a web service client reference
At the project properties we can call the servlet by using the servlet url in the relative url ( Run)
That's all , it should be working now. For more policies examples see this url , there are some nice examples about Secure Token Service STS.
I am happy Oracle has bought Sun, let's integrate everything to one IDE.
Hello Edwin
ReplyDeleteFirst of all, than you for great posts on WLS and webservices.
We've been struggling for a while to get security policy annotations to work on our webswevices with EJB implementation on WLS 10.3
Even if the following simple webservice
_________________________________
package ejbws;
import javax.ejb.Stateless;
import javax.jws.WebService;
import weblogic.jws.Policy;
@Stateless
@WebService
@Policy(uri="policy:Wssp1.2-2007-Https-ClientCertReq.xml")
public class HelloEjb {
public String hello(String msg) {
return "Ejb WS: " + msg;
}
}
_________________________________
can be deployed the WLS 10.3 container doesn't seem to bother with the seleced security policy annotation. Looking at the Configuration_WSLD tab in the console shows that the policy elements are present in the WSDL, but the Configuration_WS-Policy tab is empty. But most importatn of all - the service can be reached without security and our configured Authentication modue are not being triggered
Perhaps some kind of WSDL tweeking would be nessecary like the one above?
Regards
Tamas Szabo
tamas.szabo@skatteverket.se
Hi,
ReplyDeleteI think the policy you use, says something about the transport and not about the soap message. can you use x509 basic 128 or 256 or usernametoken
then it show in the wsdl
thanks
Hello Edwin
ReplyDeleteThanks for the excellent post.
I am trying to make a web service client for the policy : Wssp1.2-2007-SignBody.xml using NetBeans - Metro, How can I do this?
Thank you so much.
Hi Edwin
ReplyDeleteI am following the below (except that i have exported the OWSM policy from Fusion middleware page and removed oracle_ in front), but still not able to get the custom OWSM policy shown in Jdeveloper. Please help
The exported policy file from fusion middleware page is this orace_db_assertion_policy (no extension). I removed oracle_ from front
"Exporting Policies from the MDS Repository for Use in JDeveloper
In JDeveloper, you can add custom policies to the default policy store location at:
C:\Documents and Settings\user-dir\ApplicationData\JDeveloper\system11.1.1.2.x.x.x\DefaultDomain\oracle\store\gmds
Within this directory, Oracle WSM policies files must be included using one of the following directory structures:
Predefined Oracle WSM policies: owsm/policies/oracle/policy_file
Custom user policies: owsm/policies/policy_file
When exporting policy files from the Oracle WSM Metadata Services (MDS) repository for use in JDeveloper, this directory structure is not maintained. You must ensure that when adding the exported policy to the JDeveloper environment that you use the required directory structure noted above. Otherwise, the policies will not be available in the JDeveloper environment."
Is it neccessary to export from MDS?
Hi Edwin
ReplyDeleteI am following the below (except that i have exported the OWSM policy from Fusion middleware page and removed oracle_ in front), but still not able to get the custom OWSM policy shown in Jdeveloper. Please help
The exported policy file from fusion middleware page is this orace_db_assertion_policy (no extension). I removed oracle_ from front
"Exporting Policies from the MDS Repository for Use in JDeveloper
In JDeveloper, you can add custom policies to the default policy store location at:
C:\Documents and Settings\user-dir\ApplicationData\JDeveloper\system11.1.1.2.x.x.x\DefaultDomain\oracle\store\gmds
Within this directory, Oracle WSM policies files must be included using one of the following directory structures:
Predefined Oracle WSM policies: owsm/policies/oracle/policy_file
Custom user policies: owsm/policies/policy_file
When exporting policy files from the Oracle WSM Metadata Services (MDS) repository for use in JDeveloper, this directory structure is not maintained. You must ensure that when adding the exported policy to the JDeveloper environment that you use the required directory structure noted above. Otherwise, the policies will not be available in the JDeveloper environment."
Is it neccessary to export from MDS?
Hi,
ReplyDeleteI don't have any problem I copied a existing policy from DefaultDomain\oracle\store\gmds\owsm\policies\oracle ( be aware you copy the right client or server policy -> ws and client -> proxy client ) to the DefaultDomain\oracle\store\gmds\owsm\policies\policy_file folder
and changed the following attributes of the wsp:Policy element ( top ) to a unique name, so I can see them in jdeveloper
wsu:Id="edwin_service_policy"
orawsp:displayName="edwin_service_policy"
orawsp:description="edwin"
Name="edwin_service_policy"
thanks
hello
ReplyDeleteplaese help me
i want implement ecommerce with metro web services
Following your tutorial I'm getting:
ReplyDeleteCaused by: com.sun.xml.wss.impl.WssSoapFaultException: WSS1721: Validation of Reference with URI #str_8B6DRCVV0yDaKBWt failed
In NetBeans 7.2 I had to delete duplicated .
My used policies are:
"Wssp1.2-2007-Wss1.0-X509-Basic256.xml"),
"Wssp1.2-2007-EncryptBody.xml"),
"Wssp1.2-2007-SignBody.xml").
I set service alias in trust store and client alias in Keystore.
How can I resolve this problem?
I have good version in JDeveloper, but there I had to place a lot of code in client class. I'd like to working version in NetBeans. Could you help me with this problem? I remember I had to place (in JDeveloper project) both certificates in certificate verification (certificateCallback).
Hi,
Deletecan you control or change the order of the policies or just do signing first.
thanks