Wednesday Mar 17, 2010

Custom Validators in Metro Web Services Security

Although its simple to implement, here are the steps to implement plain text username/password validator for your web services security using Netbeans 6.8  and Glassfishv3 for those who were unable to get this work.
  1.  Create a new Netbeans Web Application project as shown and select the target server and click Finish.


  2. Right click on the project just created and then New --> Web Service, Enter web service name and package information and then click on Finish button.
  3. Click on Design tab of the web service and then in the GUI click on  Advanced  button to view QoS window .
  4. Select check box with name Secure Service and select User name Authentication with Symmetric Key as Security mechanism .Also select Use Development defaults.Click on ok.
  5. Now create your validator using new class wizard which extends PasswordValidationCallback.DerivedKeyPasswordValidator class.
  6. Goto Web pages and then WEB-INF folder and then open your webservice config file.This would be the file with naming pattern - wsit-<packagename>.<webservicename>.xml
  7. Locate the keystore configuration section in the wsit config file and add the below lines and save it.

    <sc:ValidatorConfiguration wspp:visibility="private">
                        <sc:Validator name="usernameValidator" classname="simple.server.SimpleValidator"/>
                    </sc:ValidatorConfiguration>
  8. Now deploy the application.
  9. Now create a client app using new webapplication wizard similar to step 1  
  10. Now create a webservice client --> check the Project radio button -->Click on Browse and select the webservice which we created earlier and click on Finish .
  11. Traverse to Webservice reference section in your client app and then open Webservice reference folder and then right click on the webservice and then select Edit Webservice attributes .
  12. Under security section , select the check box, use development defaults and click ok.
  13. Now goto Source packages in the Client project and then open the client wsit config file.Here PingWebServiceservice.xml and modify the section

     <sc:CallbackHandlerConfiguration wspp:visibility="private">
                        <sc:CallbackHandler default="wsitUser" name="usernameHandler"/>
                        <sc:CallbackHandler default="changeit" name="passwordHandler"/>
                    </sc:CallbackHandlerConfiguration>

    to use your username and password like:


     <sc:CallbackHandlerConfiguration wspp:visibility="private">
                        <sc:CallbackHandler default="sreekanth" name="usernameHandler"/>
                        <sc:CallbackHandler default="sreekanth" name="passwordHandler"/>
                    </sc:CallbackHandlerConfiguration>

  14. Now create a servlet program to test the webservice
  15. Modify the servlet code to call the webservice.(webservice can be called using the keyboard shortcut: alt+insert->Call Webservice operation and then select the web service operation in the popup window as appropraite)
  16. Now deploy your client app and run.In the attached client project , the servlet is called with the url http://localhost:8080/CustomValidatorClient/TestServlet
  17. Check to see if your Validator is called.

References/Resources:

  1. To know about how validators work refer to section "Configuration for Plain-Text Username/Password Validation " in this blog and "Configuring Validators " in this article.
  2. Sample Netbeans server and client application that is created for the demo purpose can be downloaded  from here.





About

This is my personal blog.All the information here reflects my own thoughts and feelings and should not be taken as official information from Oracle.

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today