Showing posts with label Web Service. Show all posts
Showing posts with label Web Service. Show all posts

Wednesday, December 26, 2012

Securing Web services at the message level



We are going to configure Web service message-level security of Java API for XML Web Services 2.1 (JAX-WS) running on WebSphere Application Server 7 using the Rational Application Developer 7.5/8.0 integrated development environment (IDE). To achieve that objective, we will perform the following tasks:
  • How to create a JAX-WS service provider
  • How to create a standalone JAX-WS client.
  • How to monitor the SOAP messages using the TCP/IP Monitor.
  • How to customize a WS-Security policy set in the WebSphere Application Server Administration Console.
  • How to customize a policy set binding in the Administration Console.
  • How to export policy sets and bindings from the Administration Console.
  • How to generate X509 asymmetric keys and use them with your customized policy set bindings.
  • How to import policy sets and bindings into the Rational Application Developer IDE.
  • How to attach policy sets to Web service provider and servers using the Rational Application Developer IDE.
  • How to create TestClient code using Web Services Security APIs
  • How to use the UsernameToken (UNT) profile to add credentials to the SOAP header.
  • How to use the UNT to authenticate against the WebSphere Application Server user repository.
 
Read more »
No comments:
Labels: , ,

Tuesday, August 16, 2011

JAX-WS send custom SOAP headers and Set endpoint

String endPointURL=”<ws_service_endpoint_url>”;
String userName=”uname”; //custom header for ws security
String password=”password”; //custom header for ws security
String systemId=”system_id”; //custom header to call WS
String correlationId=”corr_id”; //custom header to call ws
                 
//adding handler to add custom soap header
RetailAccountService serviceLocator=new RetailAccountService();
HeaderHandlerResolver handlerResolver = new HeaderHandlerResolver(userName,password,systemId,correlationId);
serviceLocator.setHandlerResolver(handlerResolver);
                 
//setting webservice endpoint
PncEnterpriseOffersV1RetailInterfacesPortType oppService=serviceLocator.getPncEnterpriseOffersV1RetailInterfacesPort();
BindingProvider bp = (BindingProvider)oppService;          bp.getRequestContext().put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, endPointURL);
GetOpportunitiesByUserType oppUser=new GetOpportunitiesByUserType();
oppUser.setUser(userId);
GetOpportunitiesByUserResponseType oppRes=oppService.getOpportunitiesByUser(oppUser);






import java.util.ArrayList;
import java.util.List;

import javax.xml.ws.handler.Handler;
import javax.xml.ws.handler.HandlerResolver;
import javax.xml.ws.handler.PortInfo;

public class HeaderHandlerResolver implements HandlerResolver {
      private String userName;
      private String password;
      private String systemId;
      private String correlationId;

      public HeaderHandlerResolver(String userName, String password,
                  String systemId, String correlationId) {
            super();
            this.userName = userName;
            this.password = password;
            this.systemId = systemId;
            this.correlationId = correlationId;
      }

      public List<Handler> getHandlerChain(PortInfo portInfo) {
            List<Handler> handlerChain = new ArrayList<Handler>();
            HeaderHandler hh = new HeaderHandler(userName, password, systemId,
                        correlationId);
            handlerChain.add(hh);
            return handlerChain;
      }
}



import java.io.ByteArrayOutputStream;
import java.util.Set;

import javax.xml.soap.SOAPElement;
import javax.xml.soap.SOAPEnvelope;
import javax.xml.soap.SOAPHeader;
import javax.xml.soap.SOAPMessage;
import javax.xml.ws.handler.MessageContext;
import javax.xml.ws.handler.soap.SOAPHandler;
import javax.xml.ws.handler.soap.SOAPMessageContext;

import org.apache.log4j.Logger;

public class HeaderHandler implements SOAPHandler<SOAPMessageContext> {
      private static Logger log = Logger.getLogger(HeaderHandler.class);
      private String userName;
      private String password;
      private String systemId;
      private String correlationId;

      public HeaderHandler(String userName, String password, String systemId, String correlationId) {
            super();
            this.userName = userName;
            this.password = password;
            this.systemId = systemId;
            this.correlationId = correlationId;
      }

      public boolean handleMessage(SOAPMessageContext smc) {
            // constructing custom soap header
            Boolean outboundProperty = (Boolean) smc.get(MessageContext.MESSAGE_OUTBOUND_PROPERTY);

            if (outboundProperty.booleanValue()) {
                  SOAPMessage message = smc.getMessage();
                  try {
                        SOAPEnvelope envelope = smc.getMessage().getSOAPPart().getEnvelope();
                        SOAPHeader header = envelope.addHeader();

                        SOAPElement securityEle = header.addChildElement("Security", "wsse", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
                        SOAPElement usernameTokenEle = securityEle.addChildElement("UsernameToken", "wsse");
                        SOAPElement usernameEle = usernameTokenEle.addChildElement("Username", "wsse");
                        usernameEle.addTextNode(userName);
                        SOAPElement passwordEle = usernameTokenEle.addChildElement("Password", "wsse");
                        passwordEle.setAttribute("Type", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText");
                        passwordEle.addTextNode(password);

                        SOAPElement systemContextEle = header.addChildElement("systemContext", "urn", "urn:pnc.common.utils.v1.context");
                        SOAPElement systemIdEle = systemContextEle.addChildElement("systemId");
                        systemIdEle.addTextNode(systemId);
                        SOAPElement correlationIdEle = systemContextEle.addChildElement("correlationId");
                        correlationIdEle.addTextNode(correlationId);

                        // Print out the outbound SOAP message to log
                        ByteArrayOutputStream soapReq = new ByteArrayOutputStream();
                        message.writeTo(soapReq);
                        log.debug("SOAP Request for Operation getOpportunitiesByUser " + new String(soapReq.toByteArray()));
                        soapReq.close();
                  } catch (Exception e) {
                        log.error(e.getMessage(), e);
                  }
            } else {
                  try {
                        // This handler does nothing with the response from the Web
                        // Service so we just log the SOAP message.
                        SOAPMessage message = smc.getMessage();
                        ByteArrayOutputStream soapRes = new ByteArrayOutputStream();
                        message.writeTo(soapRes);
                        log.debug("SOAP Response for Operation getOpportunitiesByUser " + new String(soapRes.toByteArray()));
                        soapRes.close();
                  } catch (Exception e) {
                        log.error(e.getMessage(), e);
                  }
            }

            return outboundProperty;
      }

      public Set getHeaders() {
            // throw new UnsupportedOperationException("Not supported yet.");
            return null;
      }

      public boolean handleFault(SOAPMessageContext context) {
            // throw new UnsupportedOperationException("Not supported yet.");
            return true;
      }

      public void close(MessageContext context) {
            // throw new UnsupportedOperationException("Not supported yet.");
      }
}

2 comments:
Labels:
Subscribe to: Posts (Atom)