How to use Security Policies in WebLogic SCA Web Service Binding
2010-12-25 13:15
393 查看
Weblogic SCA provides the ability to take an existing Java class that you have, and expose its interface as a web service. This allows you to take POJOs from an existing library or application and allow other applications to access its interface over a network.
This article shows a simple example of how to use the web services binding functionality of Weblogic SCA to expose a POJO as a web service and protect that web service with a security policy.
For an overview discussion of Weblogic SCA, please see http://blogs.oracle.com/WebLogicServer/2009/12/getting_started_with_weblogic.html
The POJO:
Consider the following Java class that has one simple method that takes a Person object as parameter and returns a String greeting that Person:
The class Person is shown below:
Configuring Web Service Binding With Security Policy:
The spring-context.xml required to expose the class PersonHelloImpl as a web service binding is shown below. The binding.ws element includes a PolicyReference element that adds a security policy to the published web service.
The effect of the PolicyReference element on a binding.ws is the same as a class level @weblogic.jws.Policy annotation on a JAX-WS web service. Operation level policies are not currently supported in Weblogic SCA.
(Note: For details on packaging the application, please see the overview discussion and the Weblogic SCA documentation)
Viewing Published Web Service:
When the above application is packaged and deployed to a Weblogic server, the PersonHelloImpl class will be exposed as a web service with a security policy requiring https connection and username token.
A WSDL will be generated for the published service, which shows the policy information. The relevant snippet of the WSDL is shown below:
Invoking the Web Service:
This web service can be invoked like any JAX-WS web service that requires username token authentication. A sample request SOAP message to invoke this service with the required security headers is shown below:
A future article will show how to use Weblogic SCA references to access external services that have a security policy enabled.
This article shows a simple example of how to use the web services binding functionality of Weblogic SCA to expose a POJO as a web service and protect that web service with a security policy.
For an overview discussion of Weblogic SCA, please see http://blogs.oracle.com/WebLogicServer/2009/12/getting_started_with_weblogic.html
The POJO:
Consider the following Java class that has one simple method that takes a Person object as parameter and returns a String greeting that Person:
package com.oracle.test;public class PersonHelloImpl { public String helloPerson(Person p) { return "Happy " + p.getAge() + "th" + " Birthday, " + p.getFirst() + " " + p.getLast() + "!"; }}
The class Person is shown below:
package com.oracle.test;public class Person implements Serializable { private String first; private String last; private int age; public String getFirst() { return first; } //....public getters and setters for remaining attributes here....}
Configuring Web Service Binding With Security Policy:
The spring-context.xml required to expose the class PersonHelloImpl as a web service binding is shown below. The binding.ws element includes a PolicyReference element that adds a security policy to the published web service.
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:sca="http://xmlns.oracle.com/weblogic/weblogic-sca" xmlns:wlsb="http://xmlns.oracle.com/weblogic/weblogic-sca-binding" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd http://xmlns.oracle.com/weblogic/weblogic-sca http://xmlns.oracle.com/weblogic/weblogic-sca/1.0/weblogic-sca.xsd http://xmlns.oracle.com/weblogic/weblogic-sca-binding http://xmlns.oracle.com/weblogic/weblogic-sca-binding/1.0/weblogic-sca-binding.xsd"> <sca:service name="SCAHelloService" type="com.oracle.test.PersonHelloImpl" target="complexHello"> <binding.ws xmlns="http://xmlns.oracle.com/weblogic/weblogic-sca-binding" name="mysvc" port="myport" uri="/ myprotectedsvcuri"> <PolicyReference xmlns="http://schemas.xmlsoap.org/ws/2004/09/policy" URI="policy:Wssp1.2-Https-UsernameToken-Plain.xml" /> </binding.ws> </sca:service> <bean id="complexHello" class="com.oracle.test.PersonHelloImpl"/> </beans>
The effect of the PolicyReference element on a binding.ws is the same as a class level @weblogic.jws.Policy annotation on a JAX-WS web service. Operation level policies are not currently supported in Weblogic SCA.
(Note: For details on packaging the application, please see the overview discussion and the Weblogic SCA documentation)
Viewing Published Web Service:
When the above application is packaged and deployed to a Weblogic server, the PersonHelloImpl class will be exposed as a web service with a security policy requiring https connection and username token.
A WSDL will be generated for the published service, which shows the policy information. The relevant snippet of the WSDL is shown below:
Invoking the Web Service:
This web service can be invoked like any JAX-WS web service that requires username token authentication. A sample request SOAP message to invoke this service with the required security headers is shown below:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:test="http://test.oracle.com"> <soapenv:Header> <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <wsse:UsernameToken <wsse:Username>myusername</wsse:Username> <wsse:Password>mypasswd</wsse:Password> </wsse:UsernameToken> </wsse:Security> </soapenv:Header> <soapenv:Body> <test:helloPerson> <arg0> <age>80</age> <first>Mickey</first> <last>Mouse</last> </arg0> </test:helloPerson> </soapenv:Body> </soapenv:Envelope>
A future article will show how to use Weblogic SCA references to access external services that have a security policy enabled.
相关文章推荐
- How to Reference and Use JSTL in your Web Application
- How to use AspnetUpload™ in your web application
- how to call Web service in Excel 2003 / Excel 2005
- How to create custom methods for use in spring security expression language annotations
- What is XMLHTTP? How to use security zones in Internet Explorer
- How to create simple web service in VS2010, NOT WCF service
- How and Why to use the System.servicemodel.MessageParameterAttribute in WCF
- How to use Atlas in our Web Projects
- How to invoke Java web service in ASP.net using C#
- [Windows Azure] How to use the Windows Azure Blob Storage Service in .NET
- How to test Service Layer in Spring web app
- How to use two-way data binding in Flex
- use webHttpBinding to implement WCF Rest Service
- How to use JQuery to call a WebService (*.asmx) method?
- How to use FtpWebRequest in asp.net
- How-to: disable the web-security-check in Chrome for Mac
- How to use the ZooKeeper driver for ServiceGroup in OpenStack Nova
- QT29 how to use QWebView and open web page in QWebView
- How to use sharepoint webservices in web application
- How to use Metadata as search parameter in Advance Search Web Part