Calling a WSSE Enabled Web Service Through a Java Proxy Class

This topic explains how to call a WSSE enabled web service through its Java proxy class. The Java proxy provides an access point to a web service usable by Java code. (You can generate a Java proxy for a web service by selecting the Java Proxy link on that web service's Test View Overview Page.)

The following sections show typical clients for invoking proxies where the target web services are protected with WSSE user tokens, encryption, and signatures. You can use these clients as templates for building your own proxy clients.

Samples are located in the SamplesApp at BEA_HOME/weblogic81/samples/workshop/SamplesApp/ProxyClient/WSSE.

User Tokens

The following client class uses the weblogic.xml.security.UserInfo class to set the username and password token in the outgoing SOAP message sent through the proxy to the target web service.

MyWebServiceClient.java:

import java.util.List;
import java.util.ArrayList;
import javax.xml.namespace.QName;
import javax.xml.rpc.handler.HandlerInfo;
import javax.xml.rpc.handler.HandlerRegistry;
import weblogic.webservice.context.WebServiceSession;
import weblogic.webservice.context.WebServiceContext;
import weblogic.webservice.core.handler.WSSEClientHandler;
import weblogic.webservice.WLMessageContext;
import weblogic.xml.security.wsse.Security;
import weblogic.xml.security.wsse.Token;
import weblogic.xml.security.UserInfo;
import weblogic.xml.security.wsse.UsernameToken;
import weblogic.xml.security.wsse.SecurityElementFactory;
import weblogic.jws.proxies.*;

/*
 * This class shows how to call a web service protected with WSSE user token restrictions
 * through the web services's Java proxy.
 * 
 * This class inserts username token by using UserInfo object
 */

public class MyWebServiceClient {
    
    public static void main(String[] args){
    
        try{
            /*
             * Instantiate the main proxy class. The proxy class has the same name as the
             * web service, with "_Impl" appended.
             */
            MyWebService myservice = new MyWebService_Impl("http://localhost:7001/WebServices/MyWebService.wsdl");

            WebServiceContext context = myservice.context();
            WebServiceSession session = context.getSession();

            /*
             * Registers a handler for the SOAP message traffic.
             */
            HandlerRegistry registry = myservice.getHandlerRegistry();
            List list = new ArrayList();
            list.add(new HandlerInfo(WSSEClientHandler.class, null, null));
            registry.setHandlerChain(new QName("hello"), list);

            /*
             * Set the username and password token for SOAP message sent from the client, through
             * the proxy, to the web service.
             */
            UserInfo ui = new UserInfo("username", "password");
            session.setAttribute(WSSEClientHandler.REQUEST_USERINFO, ui);
    
            /*
             * Adds the username / password token to the SOAP header.
             */
            SecurityElementFactory factory = SecurityElementFactory.getDefaultFactory();
            Security security = factory.createSecurity(null);
            security.addToken(ui);       
            session.setAttribute(WSSEClientHandler.REQUEST_SECURITY, security);

            /*
             * Get the protocol-specific proxy class.
             */
            MyWebServiceSoap msg=myservice.getMyWebServiceSoap();

            /*
             * Invoke the web service method hello(String str)
             */            
            String result=msg.hello("Say Hello");
            
            System.out.println(result);
        }
        catch(Exception e){
            e.printStackTrace();
        }
    }
}

Encryption

The following client class MyWebServiceClient uses the weblogic.xml.security.wsse.Security class to encrypt and decrypt SOAP traffic. The class KeyUtil.java is also provided below.

MyWebServiceClient.java

import java.util.List;
import java.util.ArrayList;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.List;
import javax.xml.rpc.ServiceException;
import javax.xml.namespace.QName;
import javax.xml.rpc.handler.HandlerInfo;
import javax.xml.rpc.handler.HandlerRegistry;
import weblogic.webservice.context.WebServiceSession;
import weblogic.webservice.context.WebServiceContext;
import weblogic.webservice.core.handler.WSSEClientHandler;
import weblogic.webservice.WLMessageContext;
import weblogic.xml.security.wsse.Security;
import weblogic.xml.security.wsse.Token;
import weblogic.xml.security.wsse.BinarySecurityToken;
import weblogic.xml.security.wsse.SecurityElementFactory;
import weblogic.xml.security.specs.EncryptionSpec;
import weblogic.jws.proxies.*;

/*
 * This class encrypts/decrypts SOAP messages by using the Security object
 */
public class MyWebServiceClient {
    
    private static final String CLIENT_KEYSTORE = "C:/mykeystores/wlwwsse.jks";
    private static final String KEYSTORE_PASS = "password";
    private static final String KEY_ALIAS = "companya";
    private static final String SERVER_KEY_ALIAS = "companyb";
    private static final String KEY_PASSWORD = "password";
    
    public static void main(String[] args) {
        
        try{
            /*
             * The KeyUtil class is assumed to exist in the same directory as MyWebServiceClient.
             * (The KeyUtil class is available at the bottom of this help topic.)
             */
            final KeyStore keystore = KeyUtil.loadKeystore(CLIENT_KEYSTORE, KEYSTORE_PASS            
            
            /*
             * Instantiate the main proxy class. The proxy class has the same name as the
             * web service, with "_Impl" appended.
             */            
            MyWebService myservice = new MyWebService_Impl("http://localhost:7001/WebServices/MyWebService.jws?WSDL");

            WebServiceContext context = myservice.context();
            WebServiceSession session = context.getSession();

            /*
             * Registers a handler for the SOAP message traffic.
             */
            HandlerRegistry registry = myservice.getHandlerRegistry();
            List list = new ArrayList();
            list.add(new HandlerInfo(WSSEClientHandler.class, null, null));
            registry.setHandlerChain(new QName("hello"), list);
   
            PrivateKey clientprivate = KeyUtil.getPrivateKey(KEY_ALIAS, KEY_PASSWORD, keystore);
            X509Certificate clientcert = KeyUtil.getCertificate(KEY_ALIAS, keystore);
            X509Certificate servercert = KeyUtil.getCertificate(SERVER_KEY_ALIAS, keystore);

            SecurityElementFactory factory = SecurityElementFactory.getDefaultFactory();
    
            Token client_x509token = factory.createToken(clientcert, clientprivate);

            EncryptionSpec encSpec = EncryptionSpec.getDefaultSpec();

            Token serverToken = factory.createToken(servercert, null);

            Security security = factory.createSecurity(null);

            security.addEncryption(serverToken, encSpec);

            /*
             * Get the protocol-specific proxy class.
             */
            MyWebServiceSoap msg = myservice.getMyWebServiceSoap();

            /*
             * Add the security element to the request.
             */
            context.getSession().setAttribute(WSSEClientHandler.REQUEST_SECURITY, security);
       
            /*
             * Add a private key to decrypt the response
             */
            session.setAttribute(WSSEClientHandler.KEY_ATTRIBUTE, clientprivate);
           
            /*
             * Invoke the web service method hello(String str)
             */
            String result=msg.hello("Say Hello");

            System.out.println(result);

        }
        catch(Exception e){
            e.printStackTrace();
        }
    }
}

Signatures

The following client class signs outgoing SOAP messages and verfies incoming messages using the weblogic.xml.security.wsse.Security object.

import java.util.List;
import java.util.ArrayList;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.security.cert.CertificateException;
import javax.xml.rpc.ServiceException;
import javax.xml.namespace.QName;
import javax.xml.rpc.handler.HandlerInfo;
import javax.xml.rpc.handler.HandlerRegistry;
import weblogic.webservice.context.WebServiceSession;
import weblogic.webservice.context.WebServiceContext;
import weblogic.webservice.core.handler.WSSEClientHandler;
import weblogic.webservice.WLMessageContext;
import weblogic.xml.security.wsse.Security;
import weblogic.xml.security.wsse.Token;
import weblogic.xml.security.wsse.BinarySecurityToken;
import weblogic.xml.security.wsse.SecurityElementFactory;
import weblogic.xml.security.specs.SignatureSpec;
import weblogic.jws.proxies.*;

/*
 * This class signs and verifies SOAP traffic by using the weblogic.xml.security.wsse.Security object
 */
public class MyWebServiceClient {
  
    public static final String USERNAME="username";
    public static final String USER_PASSWORD="user_password";
   
    private static final String CLIENT_KEYSTORE = "C:/mykeystores/wlwwsse.jks";
    private static final String KEYSTORE_PASS = "password";
    private static final String KEY_ALIAS = "CompanyA";
    private static final String KEY_PASSWORD = "password";
  
    public static void main(String[] args) {

        try{

            /*
             * Instantiate the main proxy class. The proxy class has the same name as the
             * web service, with "_Impl" appended.
             */         
            MyWebService myservice = new MyWebService_Impl("http://localhost:7001/WebServices/MyWebService.jws?WSDL");
 
            WebServiceContext context = myservice.context();
            WebServiceSession session = context.getSession();

            /*
             * Registers a handler for the SOAP message traffic.
             */
            HandlerRegistry registry = myservice.getHandlerRegistry();
            List list = new ArrayList();
            list.add(new HandlerInfo(WSSEClientHandler.class, null, null));
            registry.setHandlerChain(new QName("hello"), list);

            /**
             * The KeyUtil class is assumed to exist in the same directory as MyWebServiceClient.
             * (The KeyUtil class is available at the bottom of this help topic.)
             */
            final KeyStore keystore = KeyUtil.loadKeystore(CLIENT_KEYSTORE, KEYSTORE_PASS);

            X509Certificate clientcert = KeyUtil.getCertificate(KEY_ALIAS, keystore);

            PrivateKey clientprivate = KeyUtil.getPrivateKey(KEY_ALIAS, KEY_PASSWORD, keystore);

            SecurityElementFactory factory = SecurityElementFactory.getDefaultFactory();
 
            Token x509token = factory.createToken(clientcert, clientprivate);
   
            SignatureSpec sigSpec = SignatureSpec.getDefaultSpec();

            Security security = factory.createSecurity(null);
 
            security.addSignature(x509token, sigSpec);

            security.addToken(x509token);

            /*
             * Get the protocol-specific proxy class.
             */
            MyWebServiceSoap msg = myservice.getMyWebServiceSoap();
            
            /*
             * Add the security element to the request.
             */            
            context.getSession().setAttribute(WSSEClientHandler.REQUEST_SECURITY, security);
            
            /*
             * Invoke the web service method hello(String str)
             */
            String result = msg.hello("Say Hello");
            
            System.out.println(result);    
        }
        catch(Exception e){
            e.printStackTrace();
        }
    }
}

The KeyUtil class performs common operations with the Java keystore.

KeyUtil.java:

import java.io.IOException;
import java.io.FileInputStream;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;
import java.security.cert.CertificateException;

public class KeyUtil {
    
    public static KeyStore loadKeystore(String filename, String password)
        throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException {
    final KeyStore ks = KeyStore.getInstance("JKS");
    ks.load(new FileInputStream(filename), password.toCharArray());
    return ks;
    }
  
    public static PrivateKey getPrivateKey(String alias, String password, KeyStore keystore)
        throws Exception {
    PrivateKey result =
        (PrivateKey) keystore.getKey(alias, password.toCharArray());

    return result;
    }
  
    public static X509Certificate getCertificate(String alias, KeyStore keystore)
        throws Exception {
    X509Certificate result = (X509Certificate) keystore.getCertificate(alias);
    return result;
    }  

}

 

 

Related Topics

Web Service Security