This article shows a simple example of how to use the web services binding functionality of Weblogic SCA to expose a POJO as a web service and protect that web service with a security policy.
For an overview discussion of Weblogic SCA, please see http://blogs.oracle.com/WebLogicServer/2009/12/getting_started_with_weblogic.html
The POJO:
Consider the following Java class that has one simple method that takes a Person object as parameter and returns a String greeting that Person:
package com.oracle.test;public class PersonHelloImpl { public String helloPerson(Person p) { return "Happy " + p.getAge() + "th" + " Birthday, " + p.getFirst() + " " + p.getLast() + "!"; }}
The class Person is shown below: package com.oracle.test;public class Person implements Serializable { private String first; private String last; private int age; public String getFirst() { return first; } //....public getters and setters for remaining attributes here....}
Configuring Web Service Binding With Security Policy:
The spring-context.xml required to expose the class PersonHelloImpl as a web service binding is shown below. The binding.ws element includes a PolicyReference element that adds a security policy to the published web service.
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:sca="http://xmlns.oracle.com/weblogic/weblogic-sca"
xmlns:wlsb="http://xmlns.oracle.com/weblogic/weblogic-sca-binding"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://xmlns.oracle.com/weblogic/weblogic-sca
http://xmlns.oracle.com/weblogic/weblogic-sca/1.0/weblogic-sca.xsd
http://xmlns.oracle.com/weblogic/weblogic-sca-binding
http://xmlns.oracle.com/weblogic/weblogic-sca-binding/1.0/weblogic-sca-binding.xsd">
<sca:service name="SCAHelloService"
type="com.oracle.test.PersonHelloImpl"
target="complexHello">
<binding.ws xmlns="http://xmlns.oracle.com/weblogic/weblogic-sca-binding"
name="mysvc" port="myport"
uri="/ myprotectedsvcuri">
<PolicyReference xmlns="http://schemas.xmlsoap.org/ws/2004/09/policy"
URI="policy:Wssp1.2-Https-UsernameToken-Plain.xml" />
</binding.ws>
</sca:service>
<bean id="complexHello" class="com.oracle.test.PersonHelloImpl"/>
</beans>
The effect of the PolicyReference element on a binding.ws is the same as a class level @weblogic.jws.Policy annotation on a JAX-WS web service. Operation level policies are not currently supported in Weblogic SCA.
(Note: For details on packaging the application, please see the overview discussion and the Weblogic SCA documentation)
Viewing Published Web Service:
When the above application is packaged and deployed to a Weblogic server, the PersonHelloImpl class will be exposed as a web service with a security policy requiring https connection and username token.
A WSDL will be generated for the published service, which shows the policy information. The relevant snippet of the WSDL is shown below:
Invoking the Web Service:
This web service can be invoked like any JAX-WS web service that requires username token authentication. A sample request SOAP message to invoke this service with the required security headers is shown below:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:test="http://test.oracle.com">
<soapenv:Header>
<wsse:Security
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken
<wsse:Username>myusername</wsse:Username>
<wsse:Password>mypasswd</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
<soapenv:Body>
<test:helloPerson>
<arg0>
<age>80</age>
<first>Mickey</first>
<last>Mouse</last>
</arg0>
</test:helloPerson>
</soapenv:Body>
</soapenv:Envelope>
A future article will show how to use Weblogic SCA references to access external services that have a security policy enabled.