Friday Jan 29, 2010

GlassFish ESB v2.x - Reading and Writing arbitrary SOAP Headers in BPEL 2.0 using NMProperties

As I develop bigger prices of work, which have writeups associated with them, I inevitably have to solve small problems that crop up. The problems I solve I typically get written about in the corresponding writeup but may be missed by these who might need these kinds of solutions but who don’t have an interest in the major piece. For example, when writing about the HL7 HA solution, “GlassFish ESB v2.2 Field Notes - Exercising Load Balanced, Highly Available, Horizontally Scalable HL7 v2 Processing Solutions” I had to work what host the instance of the business process was using and how to make the process instance wait for a random amount of time. I did separate writeups on these as “GlassFish ESB v2.1 - Using JavaScript Codelets to Extend BPEL 2.0 Functionality” and “GlassFish ESB v2.1 Field Notes - JavaScript Codelets to Make BPEL Process Wait for a Random Duration Up to a Maximum number of Milliseconds”.

Here I call reader’s attention to the problem of reading values of SOAP Headers in a BPEL 2.0 process. I discussed one method in “Java CAPS 5 / 6, OpenESB, GlassFish ESB - Handling SOAP Headers in BPEL”. In the major writeup, now called “CH05_WSSecurityExploration_r0.4.2.pdf” I am discussing, in passing, in Section 5.14.2, “Interacting with WS-Addressing Headers in BPEL”, a method that uses Normalized Message Properties (NMProperties) in BPEL 2.0, to access SOAP headers. While this piece discusses how to access WS-Addressing SOAP headers it is equally applicable to other SOAP headers. Similarly, in section 5.14.3, “Using WS-Addressing for Explicit Routing”, I discuss how arbitrary SOAP headers can be added and populated using NMProperties in BPEL 2.0. So if you need to manipulate SOAP header in BPEL 2.0, have a look a these sections.

The original article is available as GlassFish ESB v2.x – Reading and Writing arbitrary SOAP Headers in BPEL 2.0 using NMProperties, at http://blogs.czapski.id.au/2010/01/glassfish-esb-v2-x-reading-and-writing-arbitrary-soap-headers-in-bpel-2-0-using-nmproperties

Monday Jan 25, 2010

GlassFish ESB, v2.x - BPEL SSL Mutual Auth Mk.II and using JBI WS-Addressing for explicit routing - Exploring Effects of Security Policies, Rev.0.4.1

In this document I explore the effects of selected web services security policies on SOAP message exchange in the GlassFish ESB v2.x.

This is a work-in-progress document, now at rev 0.4.1.

To provide early access I intend to release revisions of this document as significant new sections become available.

Rev 0.1: Content
•    Assumptions and Notes
•    Person Service XML Schema and WSDL Interface
•    Common XML Project
•    PersonSvc BPEL Module
•    PersonCli BPEL Module
•    JBI-based Person Service – Plain End-to-End
•    JBI-based Person Service – SSL with Server-side Authentication

Rev 0.2: Additional Content
•    JBI-based Person Service – SSL with Mutual Authentication (broken)
•    EJB-based Person Service – No security
•    EJB-based Person Service – SSL with Server-side Authentication

Rev 0.3: Additional Content
•    EJB-based Person Service – SSL with Mutual Authentication
•    JBI-based Person Service - Exploring WS-Addressing

Rev 0.4: Additional and Changed Content
•    Modified sections 5.8 and 5.9 (SSL Server side and mutual authentication)
•    Using WS-Addressing for Explicit Dynamic Routing
•    Pre-requisite Cryptographic Objects [TBC]
•    Upgrading Metro to version 1.5 [TBC]
•    Username Token Profile 1.0 (2004) Policy [TBC]

The original article is avilabe as GlassFish ESB, v2.x – BPEL SSL Mutual Auth Mk.II and using JBI WS-Addressing for explicit routing – Exploring Effects of Security Policies, Rev.0.4.1 at http://blogs.czapski.id.au/2010/01/glassfish-esb-v2-x-bpel-ssl-mutual-auth-mk-ii-and-using-jbi-ws-addressing-for-explicit-routing-exploring-effects-of-security-policies-rev-0-4-1

Sunday Oct 11, 2009

GlassFish ESB, v2.1 - EJB SSL Mutual Auth and JBI WS-Addressing - Exploring Effects of Security Policies, Rev.0.3

In this document I explore the effects of selected web services security policies on SOAP message exchange in the GlassFish ESB v2.1.

This is a work-in-progress document, now at rev 0.3.

To provide early access I intend to release revisions of this document as significant new sections become available.

Rev 0.1: Content
•    Assumptions and Notes
•    Person Service XML Schema and WSDL Interface
•    Common XML Project
•    PersonSvc BPEL Module
•    PersonCli BPEL Module
•    JBI-based Person Service – Plain End-to-End
•    JBI-based Person Service – SSL with Server-side Authentication

Rev 0.2: Additional Content
•    JBI-based Person Service – SSL with Mutual Authentication (broken)
•    EJB-based Person Service – No security
•    EJB-based Person Service – SSL with Server-side Authentication

Rev 0.3: Additional Content
•    EJB-based Person Service – SSL with Mutual Authentication
•    JBI-based Person Service - Exploring WS-Addressing


More in CH05_WSSecurityExploration_r0.3.pdf at http://mediacast.sun.com/users/Michael.Czapski-Sun/media/CH05_WSSecurityExploration_r0.3.2.pdf/details

The original blog entry is located at http://blogs.sun.com/javacapsfieldtech/entry/glassfish_esb_v2_1_ejb
I make this material available to help others work with the software, not to help others make money by syndicating my blog. This material can only be reproduced on Sun Microsystems sites. Other sites that reproduce this blog entry do so without permission and contrary to my intent.

Saturday Sep 19, 2009

GlassFish ESB, v2.1 - Exploring Effects of Security Policies, Rev.0.2, More SSL and EJB-based projects

In this document I explore the effects of selected web services security policies on SOAP message exchange in the GlassFish ESB v2.1.

This is a work-in-progress document, now at rev 0.2.

To provide early access I intend to release revisions of this document as significant new sections become available.

Revision 0.1: Content
    \* Assumptions and Notes
    \* Person Service XML Schema and WSDL Interface
    \* Common XML Project
    \* PersonSvc BPEL Module
    \* PersonCli BPEL Modules
    \* Person Service – Plain End-to-End
    \* Person Service – SSL with Server-side Authentication

Revision 0.2:Added Content
    •    JBI-based Person Service – SSL with Mutual Authentication (broken)
    •    EJB-based Person Service – No security
    •    EJB-based Person Service – SSL with Server-side Authentication


More in CH05_WSSecurityExploration_r0.2.3.pdf at http://mediacast.sun.com/users/Michael.Czapski-Sun/media/CH05_WSSecurityExploration_r0.2.3.pdf/details

Monday Sep 07, 2009

GlassFish ESB, v2.1 - Exploring Effects of Security Policies, Rev.0.1, SSL with Server-side Authentication

In this document I explore the effects of selected web services security policies on SOAP message exchange in the GlassFish ESB v2.1.

This is a work-in-progress document.

To provide early access I intend to release revisions of this document as significant new sections become available.

Revision 0.1: Content

  • Assumptions and Notes
  • Person Service XML Schema and WSDL Interface
  • Common XML Project
  • PersonSvc BPEL Module
  • PersonCli BPEL Modules
  • Person Service – Plain End-to-End
  • Person Service – SSL with Server-side Authentication

More in CH05_WSSecurityExploration_r0.1.pdf

Thursday Aug 06, 2009

GlassFish ESB v2.1, OpenESB - Configuring HTTP BC for Plain WS-Security 1.0 Username Token Support

This document discusses how the SOAP/HTTP Binding Component can be configured, in a service provider and in a service consumer, to use WS-Security 1.0 (2004) Username Token Profile support. WS-Security 1.0 (2004) provided support for the Username Token, which could be sent over the wire in the clear. This was insecure but Sun JAX-RPC libraries allowed this, since the standard allowed this. Through Project Metro release 1.4 it was impossibly to formulate a WS-Security policy that decorated a SOAP message with the Username Token headers, without requiring to also encrypt parts of the message. This prevented solutions built on top Metro 1.4, or earlier, from supporting cleartext Username Token. Metro 1.5 relaxed this requirement. The WS-Security policy configured using the GlassFish ESB NetBeans WS-Security wizard will be modified to require and provide a Plain text Username Token.

The document is here: 02_Configuring_HTTP_BC_for_WS-Security_UsernameToken.pdf

The companion archive containing all projects is here: WSSecPolicies_PersonUsernamePlain.zip

Friday Jul 24, 2009

Java CAPS 6 Update 1 Repository, Re-Implementing WS-Security 1.0 (2004) with JAX-RPC and JWSDP 2.0 (Java CAPS 6 Update)

This document discusses how to implement support for WS-Security 1.0 (2004) in Java CAPS 6 Repository projects without resorting to SOAP Message Handlers. This is an update to my 3 year old Java CAPS 5.1 document on this topic, "Java CAPS 5.1, Implementing WS-Security 1.0 (2004) with JAX-RPC". In this "release" Access Manager support for Username Token Profile has been removed. Feel free to add it if you need such support.

Java CAPS 6 Update 1 supports a mechanism for hooking SOAP envelope handlers into the Java CAPS Web Services framework so what I did and described in this document can now be done differently – perhaps better. I had a look at how to implement SOAP Message Handlers and it looked like work so I did not go there.

This material is provided on “all care but no responsibility” basis. Sun Java CAPS Support will not support this and neither will I. JAX-RPC from JWSDP 2.0, which is at the heart of the implementation, is deprecated and has long since been replaced by WSIT/JAX-WS/Tango.

Here is the document: Implementing_WS-Security_1.3_for_JavaCAPS6U1Repository.pdf
Here is the companion archive with all the required material: WSSecSampleProject_1.3_JCAPS6U1.zip

The WSSecurity.jar contains both the binary classes and the Java sources.

Monday Feb 23, 2009

Java CAPS 6 - Providing Policy-driven Web Services Security support using a XML Security Gateway

Securing web services, to be invoked over the Internet, is both essential and difficult. Using appropriate tools and technologies makes it easier to accomplish the task. Developer-dependent solution, where security is embedded directly into consumers and providers, is inflexible and labour-intensive. Gateway-based solutions are more flexible, more dynamic and easier to manage. In this note Java CAPS 6-based web service consumer and provider pair are developed. The solutions are exercised first without, then with the web services security gateway. This enables demonstration of how web services can be secured, how policies can be developed and propagated and how WS-Security-mandated XML markup can be dealt with outside the development shop. The Layer 7 SecureSpan XML Gateway, and its oft forgotten companion, the SecureSpan VPN Client, are used to explore the topic. The reader should be able to acquire enough knowledge to obtain and deploy the SecureSpan XML Gateway, and to use its basic functionality to implement gateway-mediated secure web services solutions.

The full text of this Note is available from: http://mediacast.sun.com/users/Michael.Czapski-Sun/media/WS-Security_for_Java_CAPS_the_Gateway_Way_1.0.pdf/details

Thursday May 15, 2008

Java CAPS 5.1, Implementing WS-Security 1.0 (2004) with JAX-RPC

A couple of years ago I worked out how to supplement WS-Security infrastructure in Java CAPS 5.1.1 with additional services that WS-Security 1.0 (2004) supports, namely SOAP Message Security, X.509 Certificate Token Profile and Timestamp Token Profile. Together these provide Java CAPS solutions with XML Digital Signatures, XML Encryption, Sun Access Manager-mediated Username-based authentication and Timestamp support.


The attached document is 1 and a half years old. It makes statements about Username Token support in Java CAPS 5.1.1 being broken. Java CAPS 5.1.3 supports Username Token just fine so these statements are no longer true. Java CAPS 5.1.3 U2 adds a mechanism for hooking SOAP envelope handlers into the Java CAPS Web Services framework so what I did and described in the document can now be done differently – perhaps better and more transparently. I have not tried.


This material is provided on request on “all care but no responsibility” basis. Sun Java CAPS Support will not support this and neither will I. JAC-RPC from WSDP 2.0, which is at the heart of the implementation, is deprecated and has long since been replaced by WSIT/JAC-WS/Tango. Still, here it is if anyone is interested.


JCAPS with JWSDP 2.0, Implementing WS-Security_1.1_JCAPS5.1.1.pdf” – discussion paper


Supporting materials are over 40Mb so I can’t post them to the blog. If anyone is interested says so.


Well, someone said so. The archive, WSSecSampleProject_1.2_JCAPS5.1.1.zip, is posted. Please understand that this is "all care and no responsibility" material. I don't have the time to spend working through issues with individual people. It all worked at the time I put it together and on occasions since. It ought to work for you as well :-)



Thursday Oct 18, 2007

Java CAPS 5.1.3 - WS-Security 1.0 (2004) Username Token Profile

As at release 5.1 Java CAPS supports WS-Security 1.0 (2004) Username Token Profile. Java CAPS eInsight- and Java Collaboration-exposed web services can be configured to require and validate Username/Password credentials before performing their programmed function. Java CAPS eInsight-based and Java Colaboration-based web service consumers can be configured to supply WS-Security 1.0 (2004) Username Token SOAP Header.

Java CAPS 5.1.3_Notes_Using_WS-Security_1.0_Username_Token_Profile.pdf discusses configuration of the Username Token, creation of users, configuration of access to service and testing secured services. It illustrates the discussion with a step-by-step example of implementing, securing and exercising a web service consumer and a web service implementation which use the Username Token infrastructure.

WSDLWSUserAuth.wsdl is the WSDL interface specification document for a service developed in the example.

XSDWSUserAuthString.xsd is the XML Schema Document defining the data structure used as input and output of the example service.

FieldNotes_WSUsernameTokenProjectExports.zip is the Java CAPS 5.1.3 project export of the projects discussed in the document.


About

In this Blog I post abstracts of articles / writeups / notes on various aspects of Java CAPS and SOA Suite including solutions, discussions and screencasts. The links to the referenced material are included in the bodies of the abstracts.

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today