Using Controls to Access Transport Secured Resources

This topic explains to use WebLogic Workshop controls to access web resources secured with Transport security.

Specifying the HTTPS Protocol

Web resources secured with one-way and two-way SSL communicate with clients over HTTPS enabled ports. Clients using WebLogic Workshop controls to communicate with these resources must use the same port to exchange data with the resource.

You specify a web service control to use the appropriate HTTPS port in the control's @jc:location annotation. For example the following control communicates with the Credit Card Report web service on the HTTPS enabled port 7002.

/**
 * @jc:location http-url="https://localhost:7002/CreditCardReport/webservice/CreditCardReport.jws"
 */
public interface CreditCardReportControl extends com.bea.control.ControlExtension, com.bea.control.ServiceControl

Specifying Username and Password

When using a control to access a web resource requiring a username and password, set the username and password properties on the web services's control file with the setUsername() and setPassword() methods.

In the following example the VeriCheck web service calls the Bank web service via the Bank's control file.

public class VeriCheck implements com.bea.jws.WebService
{ 
    /**
     * @common:control
     */
    private security.roleBased.BankControl bankControl;


    public void checkForSufficientBalance(String checkingAccountID, int amount)
    {  
        // Use the following username and password when calling the Bank web service. 
        bankControl.setUsername("VeriCheck");
        bankControl.setPassword("aeraeraer");

        // Check the account for sufficient balance.
        bankControl.doesAccountHaveSufficientBalance(checkingAccountID, amount);
    }
}

Providing a Client Digital Certificate

When using a control to access a web resource that requires a digital certificates from clients, you can set properties on the control to provide the certificate.

In the following example, assume that WebServiceB requires a digital certificate from clients. WebServiceA can provide the necessary digital certificate by setting properties in WebServiceB's control file in the following way.

public class WebServiceA implements com.bea.jws.WebService
{
   /** @common:control */ 
    security.transport.clientCert.WebServiceBControl ctrl;

    /**
     * @common:operation
     */
    public void invokeWebServiceB()
    {
        /**
         * Enable client certificates for this web service.
         */

        ctrl.useClientKeySSL( true );

        /**
         * Specify the location and password for the keystore where the client certificates resides
         * 
         * The following method call to setKeystore is, strictly speaking, 
         * unnecessary, since SamplesApp is already configured to use the 
         * default keystore DemoIdentity.jks.
         * It is included to show how you would override the
         * location for another, non-default keystore.
         */
        String sep = File.separator;
        ctrl.setKeystore(Home.getPath() + File.separator + "lib" +
            File.separator + "DemoIdentity.jks", "DemoIdentityPassPhrase" );
        
        /**
         * Specify the alias in the keystore for both the client SSL certificate
         * and the client private key.  (The certificate and the private key must
         * be stored under the same alias in the same key store.)
         * The second parameter specifies the password required to access
         * the keystore.
         */
        ctrl.setClientCert("DemoIdentity", "DemoIdentityPassPhrase");
        
        /**
         * Invoke the requestCallback method on WebServiceB.
         * The client certificate specified above will be sent.
         */
        ctrl.requestCallback("WebServiceA");
    }

}

Setting and Overriding the Default Keystore

Note that you can set a default keystore location using the WebLogic Server console. See Configuring Keystores and SSL in the WebLogic Server 8.1 documentation.

You can override the default keystore location using the setKeystore(path, password) method (see the example above).

To override to a keystore type other than "JKS" (Java KeyStore), use setKeystore(path, password, type).

Related Topics

WebLogic Workshop Documentation

Transport Security

WebLogic Server 8.1 Documentation

Configuring Keystores and SSL