Skip to content

WS-Security Basic Policy Definition And Client Testing In Java With JAX-WS

November 17, 2012

If you’ve defined a wsdl and need to introduce the most basic security policy, generate the client side code and then run some integration tests then this post may help you.

The focus here is on getting it all working, not the most efficient solution, and neither the most secure. We choose a UsernameToken with plain text password and work that into the wsdl, then generate code with the Maven cxf-codegen-plugin, then find a way to add the missing security headers and finally write an integration test.

In terms of context, the steps below where followed in a project where a web service was implemented, and already thoroughly tested using the help of jetty and the maven-soapui-plugin with the latter executing tests during the integration-test phase.

Step 1: Modify The WSDL

The pretinent parts of the this wsdl are shown below. Note the wsp:PolicyReference below the wsdl:service element.

<?xml version="1.0" encoding="UTF-8"?>
<wsdl:definitions
xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"
xmlns:sch="http://vouchertool.com/vouchserv/schemas"
xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
xmlns:tns="http://vouchertool.com/vouchserv/definitions"
targetNamespace="http://vouchertool.com/vouchserv/definitions"
xmlns:wsp="http://www.w3.org/ns/ws-policy"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<wsdl:types xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">
...
<wsdl:service name="VoucherServiceService" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">
  <wsp:PolicyReference xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" URI="#VouchUsernameToken"/>
  <wsdl:port binding="tns:VoucherServiceSoap11" name="VoucherServiceSoap11" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">
    <soap:address location="http://vouchertool.com:80/vouchserv/" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"/>
  </wsdl:port>
</wsdl:service>

<wsp:Policy wsu:Id="VouchUsernameToken">
  <sp:SupportingTokens>
    <wsp:Policy>
      <sp:UsernameToken
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
        <wsp:Policy/>
      </sp:UsernameToken>
    </wsp:Policy>
  </sp:SupportingTokens>
</wsp:Policy>
 

Step2: Code Generation In Our Maven Pom Using cxf-codegen-plugin

<plugin>
  <groupId>org.apache.cxf</groupId>
  <artifactId>cxf-codegen-plugin</artifactId>
  <version>${cxf.version}</version>
  <executions>
    <execution>
      <id>generate-sources</id>
      <phase>generate-sources</phase>
      <configuration>
        <sourceRoot>${basedir}/src/main/java/</sourceRoot>
        <wsdlOptions>
          <wsdlOption>
            <wsdl>${basedir}/src/main/webapp/WEB-INF/wsdl/vouchserv.wsdl</wsdl>
            <extraargs>
              <extraarg>-verbose</extraarg>
            </extraargs>
          </wsdlOption>
        </wsdlOptions>
      </configuration>
      <goals>
        <goal>wsdl2java</goal>
      </goals>
    </execution>
  </executions>
</plugin>

Step 3: Add A HeaderHandler and HeaderHandlerResolver

This post shows how to add the security headers. It works, try it. You’ll need some solution since the code generated by cxf will not provide any means of adding the headers, which is naturally suboptimal.

Step 4: Test It All Using An Integration Test

public class VoucherServiceIT {

@Test
public void test() {
  URL url = null;
  try {
    url = new URL("http://localhost:8080/vouchserv/vouchserv.wsdl");
  } catch (MalformedURLException e) {
   throw new RuntimeException(e);
  }

  VoucherServiceService voucherServiceService = new VoucherServiceService(url);
  HeaderHandlerResolver handlerResolver = new HeaderHandlerResolver();
  voucherServiceService.setHandlerResolver(handlerResolver);
  VoucherService voucherService = voucherServiceService.getVoucherServiceSoap11();
  RegisterRequest registerRequest = new RegisterRequest();
  RegisterResponse registerResponse = voucherService.register(registerRequest);
}

}
About these ads
No comments yet

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.