VeriCheck.jws Sample
The VeriCheck web service demonstrates the declarative and the programmatic security models supported by WebLogic Workshop.
Use of SSL (HTTPS protocol) to secure a web service
Use of basic authentication to secure a web service
Calling a secure service through a service control
Calling back a secure service through a callback interface
This sample is located in the security/async folder of the samples WebLogic Workshop project. In the file system the location is:
BEA_HOME\weblogic700\samples\workshop\applications\samples\security\async\VeriCheck.jws
To configure WebLogic Server security for this web service:
Start WebLogic Server in the appropriate domain.
On Microsoft Windows systems, from the Start menu navigate to:
BEA WebLogic Platform 7.0->WebLogic Workshop->WebLogic Workshop Examples->Start Examples Server.
On Linux or Solaris systems, run:
BEA_HOME/weblogic700/samples/workshop/startWebLogic.sh
Open a web browser and visit the WebLogic Server
Administration console page:
http://localhost:7001/console
When prompted for a username and password, enter:
Username: installadministrator
Password: installadministrator
Navigate to Compatibility Security/Users.
Under Create a New User enter:
Name: someMerchant
Password: testpassword
Confirm Password: testpassword
Click Create.
Under Create a New User enter:
Name: VeriCheck
Password: testpassword
Confirm Password: testpassword
Click Create.
Under Create a New User enter:
Name: theBank
Password: testpassword
Confirm Password: testpassword
Click Create.
Navigate to Compatibility Security/Groups. Click Create a New Group...
On the Group tab enter:
Name: VeriCheckUsers
Add Users: someMerchant, theBank
Click Apply.
Navigate to Compatibility Security/Groups. Click Create a New Group...
On the Group tab enter:
Name: BankUsers
Add Users: VeriCheck
Click Apply.
Close the web browser that displays the WebLogic Server Administrative console.
To run this web service:
Launch the service by entering https://localhost:7002/samples/security/async/VeriCheck.jws?.EXPLORE=.TEST in the address bar of a web browser. If WebLogic Server is running in the samples domain on your machine, you may click here to run the sample.
When prompted to accept the digital certificate, click Yes.
When prompted for network authentication information, enter:
username: someMerchant
password: testpassword
Navigate to the Test Form tab of Test View, if necessary.
Enter values for checkingAccountID and amount in the checkForSufficientBalance method. The checkingAccountID parameter can be any string value, the checkForSufficientBalance parameter must be an integer value. Invoke the method by clicking the button labeled checkForSufficientBalance.
You will be prompted again to accept the digital certificate. Click Yes.
You will be prompted again for network authentication information. Enter:
username: someMerchant
password: testpassword
(The reason you are prompted again for authentication
information is because Test View makes two different calls to the restricted
URL space of the VeriCheck web service: once when you open the Test View
and again when you invoke the method checkForSufficientBalance.)
The VeriCheck web service sends the checking account
and amount parameters to the Bank web service.
The Bank web service checks to see if the checking account has sufficient
funds to cover the amount specified. Once the Bank web service has completed
its task, it calls back the VeriCheck web service informing VeriCheck
whether the account has sufficient funds. The VeriCheck web service then
calls back the original client informing the client whether the account
has sufficient funds.
Both the VeriCheck and Bank web services require basic authentication.
When the VeriCheck service invokes the Bank service's doesAccountHaveSufficientBalance
method, it sends authentication information via the method calls setUsername() and setPassword().
Similarly, when the Bank calls back the VeriCheck service, it sends authentication
information via the method calls setCallbackUsername()
and setCallbackPassword().
Click Refresh, until the Message Log displays the callback callback.onCheckDone.
Select log entries in the Message Log to see the message traffic involved in each interaction.