How to use Security Policies in WebLogic SCA Web Service Binding

Weblogic SCA provides the ability to take an existing Java class that you have, and expose its interface as a web service. This allows you to take POJOs from an existing library or application and allow other applications to access its interface over a network.

This article shows a simple example of how to use the web services binding functionality of Weblogic SCA to expose a POJO as a web service and protect that web service with a security policy.

For an overview discussion of Weblogic SCA, please see http://blogs.oracle.com/WebLogicServer/2009/12/getting_started_with_weblogic.html

The POJO:
Consider the following Java class that has one simple method that takes a Person object as parameter and returns a String greeting that Person:


package com.oracle.test;
public class PersonHelloImpl {
  public String helloPerson(Person p) {
      return "Happy " + p.getAge() + "th" + " Birthday, " + 
         p.getFirst() + " " + p.getLast() + "!";
  }
}
The class Person is shown below:

package com.oracle.test;
public class Person implements Serializable {
  private String first;
  private String last;
  private int age;
  public String getFirst() {
        return first;
  }
  //....public getters and setters for remaining attributes here....
}

Configuring Web Service Binding With Security Policy:
The spring-context.xml required to expose the class PersonHelloImpl as a web service binding is shown below. The binding.ws element includes a PolicyReference element that adds a security policy to the published web service.

<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   xmlns:sca="http://xmlns.oracle.com/weblogic/weblogic-sca"
       xmlns:wlsb="http://xmlns.oracle.com/weblogic/weblogic-sca-binding"
       xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
       xsi:schemaLocation="http://www.springframework.org/schema/beans
          http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
          http://xmlns.oracle.com/weblogic/weblogic-sca
          http://xmlns.oracle.com/weblogic/weblogic-sca/1.0/weblogic-sca.xsd
          http://xmlns.oracle.com/weblogic/weblogic-sca-binding
          http://xmlns.oracle.com/weblogic/weblogic-sca-binding/1.0/weblogic-sca-binding.xsd">

    <sca:service name="SCAHelloService"
        type="com.oracle.test.PersonHelloImpl"
        target="complexHello">
       <binding.ws xmlns="http://xmlns.oracle.com/weblogic/weblogic-sca-binding"
           name="mysvc" port="myport"
           uri="/ myprotectedsvcuri">
          <PolicyReference xmlns="http://schemas.xmlsoap.org/ws/2004/09/policy"
             URI="policy:Wssp1.2-Https-UsernameToken-Plain.xml" />
       </binding.ws>
    </sca:service>
    <bean id="complexHello" class="com.oracle.test.PersonHelloImpl"/>
</beans>

The effect of the PolicyReference element on a binding.ws is the same as a class level @weblogic.jws.Policy annotation on a JAX-WS web service. Operation level policies are not currently supported in Weblogic SCA.

(Note: For details on packaging the application, please see the overview discussion and the Weblogic SCA documentation)

Viewing Published Web Service:
When the above application is packaged and deployed to a Weblogic server, the PersonHelloImpl class will be exposed as a web service with a security policy requiring https connection and username token.

A WSDL will be generated for the published service, which shows the policy information. The relevant snippet of the WSDL is shown below:

sca_svc_policy_wsdl_snippet.JPG

Invoking the Web Service:
This web service can be invoked like any JAX-WS web service that requires username token authentication. A sample request SOAP message to invoke this service with the required security headers is shown below:

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:test="http://test.oracle.com">
   <soapenv:Header>
     <wsse:Security
      xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
      <wsse:UsernameToken
        <wsse:Username>myusername</wsse:Username>
        <wsse:Password>mypasswd</wsse:Password>
      </wsse:UsernameToken>
     </wsse:Security>
   </soapenv:Header>
   <soapenv:Body>
      <test:helloPerson>
         <arg0>
            <age>80</age>
            <first>Mickey</first>
            <last>Mouse</last>
         </arg0>
      </test:helloPerson>
   </soapenv:Body>
</soapenv:Envelope>

A future article will show how to use Weblogic SCA references to access external services that have a security policy enabled.

Comments:

Excellent article! Can you also show how to configure the userName and password on weblogic side? since these are SCA components, after you deploy, there are no such web service yet?

Posted by Bli on December 02, 2010 at 03:56 AM PST #

Never thought blogging could be soo fun and interesting. Man you know how to do it brother.

Posted by SEO Services on March 01, 2011 at 09:11 AM PST #

Hi webmaster and commenters ! The article was absolutely formidable! Lots of great facts and inspiration, both of which are welcome! Keep 'em coming. you all do such a great job at such Concepts. can't tell you how much I appreciate all you do!

Posted by Roger Migraine on March 14, 2011 at 03:14 PM PDT #

Post a Comment:
  • HTML Syntax: NOT allowed
About

The official blog for Oracle WebLogic Server fans and followers!

Stay Connected

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
5
6
7
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today