Advanced JAX-WS Security with Wildfly step by step

After severals days off hard searching and trying we succeed to implement WS Security running on Wildfly. The migration from Weblogic 12 to WildFly was not so easy as we thought.  The advantage of this process is that we could use only open source framework to achieve a stable, robuste and secure application.

Requirements

  • Wildfly 8.2.0.Final
  • Maven 3
  • EclipseLink 2.5.1
  • JAX-WS 2.0
  • Oasis-open ws-securitypolicy(WssUsernameToken10)
  • Apache CXF
  • MySQL 5

pom.xml

<?xml version="1.0" encoding="UTF-8" ?>
<project xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xmlns="http://maven.apache.org/POM/4.0.0"
	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">

	<modelVersion>4.0.0</modelVersion>

	<artifactId>BASInscriptionWS</artifactId>
	<description>WebService BAS Ecole</description>
	<packaging>war</packaging>
	<version>1.1-SNAPSHOT</version>

	<properties>
		<majorVersion>1</majorVersion>
		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
	</properties>

	<dependencies>
		<dependency>
			<groupId>org.jboss.spec</groupId>
			<artifactId>jboss-javaee-7.0</artifactId>
			<version>1.0.0.Final</version>
			<type>pom</type>
			<scope>provided</scope>
		</dependency>
		<dependency>
			<groupId>org.jboss.ws.cxf</groupId>
			<artifactId>jbossws-cxf-client</artifactId>
			<version>5.1.1.Final</version>
			<scope>provided</scope>
		</dependency>
	</dependencies>

	<profiles>
		<profile>
		<id>wildfly</id>
		<build>
		<finalName>${project.artifactId}-${majorVersion}</finalName>
		<plugins>
		<plugin>
			<artifactId>maven-compiler-plugin</artifactId>
			<version>2.4</version>
			<configuration>
				<source>1.7</source>
				<target>1.7</target>
				<encoding>UTF-8</encoding>
			</configuration>
		</plugin>
		<!-- The plugin for WildFly deploy / undeploy -->
		<plugin>
			<groupId>org.wildfly.plugins</groupId>
			<artifactId>wildfly-maven-plugin</artifactId>
			<version>1.0.2.Final</version>
			<executions>
				<execution>
					<phase>install</phase>
					<goals>
						<goal>deploy</goal>
					</goals>
				</execution>
			</executions>
		</plugin>
		<plugin>
			<artifactId>maven-war-plugin</artifactId>
			<version>${plugin-war-version}</version>
			<configuration>
				<failOnMissingWebXml>false</failOnMissingWebXml>
				<webResources>
					<resource>
						<directory>src/main/resources</directory>
					</resource>
				</webResources>
				<archive>
					<manifestEntries>
						<Dependencies>org.jboss.ws.cxf.jbossws-cxf-client</Dependencies>
					</manifestEntries>
				</archive>
			</configuration>
		</plugin>
		</plugins>
		</build>
	</profile>
	</profiles>
</project> 
  1. Authentication and authorization

We  user Username Token Profile  to provide client's credentials to our WS-Security enabled target endpoint. Things become more interesting when requiring a given user to be authenticated (and authorized) against a security domain on the target WildFly server.

  • an interceptor for performing authentication and populating a valid SecurityContext; the provided interceptor should extend org.apache.cxf.ws.interceptor.security.AbstractUsernameTokenInInterceptor, in particular JBossWS integration comes with org.jboss.wsf.stack.cxf.security.authentication.SubjectCreatingInterceptor for this;
  • an interceptor for performing authorization; CXF requires that to extend org.apache.cxf.interceptor.security.AbstractAuthorizingInInterceptor, for instance the SimpleAuthorizingInterceptor can be used for simply mapping endpoint operations to allowed roles.

 

  1. Endpoint

A. WS-Security Policy

We start with a wsdl contract

[code]
<?xml version='1.0' encoding='UTF-8'?> <definitions xmlns:wsp="http://www.w3.org/ns/ws-policy" name="BASInscriptionWSService" xmlns:wsp1_2="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://schemas.xmlsoap.org/wsdl/" xmlns:header="http://ecole.fitco.tg/api/domain/object/header/v001" xmlns:inscription="http://ecole.fitco.tg/api/domain/service/basinscription/v001" xmlns:ddl="http://ecole.fitco.tg/api/domain/service/basddl/v001" xmlns:tns="http://ecole.fitco.tg/api/communication/ws/basinscription/v001" targetNamespace="http://ecole.fitco.tg/api/communication/ws/basinscription/v001" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <!-- ************************************************************************************************************** --> <!-- ************************************************ XSD Schema import **************************************** --> <!-- ************************************************************************************************************** --> <types> <xsd:schema> <xsd:import namespace="http://ecole.fitco.tg/api/domain/object/header/v001" schemaLocation="xsd-xjb/header/001.01/header-1.01.xsd" /> <xsd:import namespace="http://ecole.fitco.tg/api/domain/service/basinscription/v001" schemaLocation="webservice/BASInscription/001.01/basinscription-1.01.xsd" /> <xsd:import namespace="http://ecole.fitco.tg/api/domain/service/basddl/v001" schemaLocation="webservice/BASDropDownList/001.01/basddl-1.01.xsd" /> </xsd:schema> </types> <!-- ************************************************************************************************************** --> <!-- ************************************************ WS Security Policy**************************************** --> <!-- ************************************************************************************************************** --> <wsp:Policy wsu:Id="oasisws-securitypolicy"> <wsp:ExactlyOne> <wsp:All> <sp:SupportingTokens xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"> <wsp:Policy> <sp:UsernameToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient"> <wsp:Policy> <sp:WssUsernameToken10/> </wsp:Policy> </sp:UsernameToken> </wsp:Policy> </sp:SupportingTokens> </wsp:All> </wsp:ExactlyOne> </wsp:Policy> <!-- ************************************************************************************************************** --> <!-- ************************************************ MESSAGE *********************************************** --> <!-- ************************************************************************************************************** --> <message name="getEtudiant"> <part name="parameters" element="inscription:getEtudiantRequest" /> </message> <message name="createEtudiant"> <part name="parameters" element="inscription:createEtudiantRequest" /> </message> <message name="createEtudiantResponse"> <part name="result" element="inscription:createEtudiantResponse" /> </message> <!-- ************************************************************************************************************** --> <!-- ************************************************ PORTTYPE *********************************************** --> <!-- ************************************************************************************************************** --> <portType name="IBASinscriptionWS"> <operation name="getEtudiant"> <input wsam:Action="http://ecole.fitco.tg/api/communication/ws/basinscription/v001/IBASinscriptionWS/getEtudiantRequest" message="tns:getEtudiant" /> <output wsam:Action="http://ecole.fitco.tg/api/communication/ws/basinscription/v001/IBASinscriptionWS/getEtudiantResponse" message="tns:getEtudiantResponse" /> </operation> <operation name="createEtudiant"> <input wsam:Action="http://ecole.fitco.tg/api/communication/ws/basinscription/v001/IBASinscriptionWS/createEtudiantRequest" message="tns:createEtudiant" /> <output wsam:Action="http://ecole.fitco.tg/api/communication/ws/basinscription/v001/IBASinscriptionWS/createEtudiantResponse" message="tns:createEtudiantResponse" /> </operation> </portType> <!-- ************************************************************************************************************** --> <!-- ************************************************ BINDING *********************************************** --> <!-- ************************************************************************************************************** --> <binding name="BASInscriptionWSPortBinding" type="tns:IBASinscriptionWS"> <wsp:PolicyReference URI="#oasisws-securitypolicy" /> <soap:binding transport="http://schemas.xmlsoap.org/soap/http" style="document" /> <operation name="getEtudiant"> <soap:operation soapAction="" /> <input> <soap:body use="literal" /> </input> <output> <soap:body use="literal" /> </output> </operation> <operation name="createEtudiant"> <soap:operation soapAction="" /> <input> <soap:body use="literal" /> </input> <output> <soap:body use="literal" /> </output> </operation> </binding> <!-- ************************************************************************************************************** --> <!-- ************************************************ SERVICE *********************************************** --> <!-- ************************************************************************************************************** --> <service name="BASInscriptionWSService"> <port name="BASInscriptionWSPort" binding="tns:BASInscriptionWSPortBinding"> <soap:address location="http://localhost:8080/BASInscriptionWS-1/BASInscriptionWSPort" /> </port> </service> </definitions> [/code]

Support?

  • Do you need any kind of  support?
  • Do you need professional coaching?
  • Do you need samples code to start?
  • Do you have any question about our SOAP & REST Architecture and how to implement it?
  • Do you have any question about our API Infrastructure and how to install it?

    We are based in Germany and speak French, German and English

Then feel free to contact us today support@festado.com  


Thanks. Festado Team

Enregistrez vous aujoud'hui, achetez et vendre en ligne gratuitement Clickez ici