How to load webservices security policy from classpath

1) Add the following JAVA OPTION to the classpath

-Dweblogic.wsee.policy.LoadFromClassPathEnabled=true

2) Write a simple policy.

Encrypt.xml

 

<?xml version="1.0"?>
<wsp:Policy
  xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
  xmlns:wssp="http://www.bea.com/wls90/security/policy"
  >
  <wssp:Confidentiality>
    <wssp:KeyWrappingAlgorithm URI="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
    <wssp:Target>
      <wssp:EncryptionAlgorithm 
         URI="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
      <wssp:MessageParts 
         Dialect="http://schemas.xmlsoap.org/2002/12/wsse#part">
         wsp:Body()
      </wssp:MessageParts>
    </wssp:Target>
    <wssp:KeyInfo/>
  </wssp:Confidentiality>
</wsp:Policy>

3) Write a JWS that uses this Policy

SecureHelloWorldImpl.java

 

package examples.webservices.security_jws;

import weblogic.jws.WLHttpTransport;
import weblogic.jws.Policies;
import weblogic.jws.Policy;
import javax.jws.WebService;
import javax.jws.WebMethod;
import javax.jws.soap.SOAPBinding;

@WebService(name="SecureHelloWorldPortType", 
            serviceName="SecureHelloWorldService", 
            targetNamespace="http://www.bea.com")

@SOAPBinding(style=SOAPBinding.Style.DOCUMENT, 
             use=SOAPBinding.Use.LITERAL,
             parameterStyle=SOAPBinding.ParameterStyle.WRAPPED)

@WLHttpTransport(contextPath="SecureHelloWorldService", 
                 serviceUri="SecureHelloWorldService",
		 portName="SecureHelloWorldServicePort")

@Policies({
    @Policy(uri="Encrypt.xml",direction=Policy.Direction.inbound)
	})

public class SecureHelloWorldImpl {

  @WebMethod()
  public String sayHello(String s) {
    return "Hello " + s;  
  }
}

4. Build the service.

5. By default policies are placed under the policy folder in WEB-INF

policy-folder

 

6. Create a jar having the policy file

WEB-INF\policies>jar -cvf policy.jar Encrypt.xml

7. Keep policy.jar in the classpath of the server. You can keep it at any location and add the jar to Weblogic Server classpath.
You can also keep it in your domain lib folder.

8. Remove the policies folder from the WEB-INF

9. Deploy the ear.

10. Check the WSDL. The policy should appear there.

wsdl

 

9. Access the application from any client.

10. Your SOAP Request should look like this.

 

<?xml version="1.0" encoding="UTF-8"?>
<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">
   <env:Header>
      <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" env:mustUnderstand="1">
         <ns1:EncryptedKey xmlns:ns1="http://www.w3.org/2001/04/xmlenc#" Id="hVJypuPV1a2vyBqJ">
            <ns1:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
            <ns2:KeyInfo xmlns:ns2="http://www.w3.org/2000/09/xmldsig#">
               <wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="str_B42tel6VDu8at1J1">
                  <ns2:X509Data>
                     <ns2:X509IssuerSerial>
                        <ns2:X509IssuerName>CN=CertGenCAB,OU=FOR TESTING ONLY,O=MyOrganization,L=MyTown,ST=MyState,C=US</ns2:X509IssuerName>
                        <ns2:X509SerialNumber>94119899133620682327187254280110341585</ns2:X509SerialNumber>
                     </ns2:X509IssuerSerial>
                  </ns2:X509Data>
               </wsse:SecurityTokenReference>
            </ns2:KeyInfo>
            <ns1:CipherData>
               <ns1:CipherValue>SIa0pKmZU59OzQGjbYfk/+hbBoVvysjuWrOugwNelkSEW83ohLo/+QZGYqgnNgyo5xbqZp98sS5nPocf5pjuLA==</ns1:CipherValue>
            </ns1:CipherData>
            <ns1:ReferenceList>
               <ns1:DataReference URI="#BrYjknvNmVglOMV2" />
            </ns1:ReferenceList>
         </ns1:EncryptedKey>
      </wsse:Security>
   </env:Header>
   <env:Body>
      <ns1:EncryptedData xmlns:ns1="http://www.w3.org/2001/04/xmlenc#" Id="BrYjknvNmVglOMV2" Type="http://www.w3.org/2001/04/xmlenc#Content" MimeType="text/xml" Encoding="UTF-8">
         <ns1:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
         <ns1:CipherData>
            <ns1:CipherValue>oMNKOEIew22gfa7nx8nUEkYmu0Ksw+lrwxJUJyEfNxjYH0ugkZ8eJv3AAvz0HIv89HKc+ij3Og1o9ncFnFN0DD805ju441DUDBiRleOvy9E=</ns1:CipherValue>
         </ns1:CipherData>
      </ns1:EncryptedData>
   </env:Body>
</env:Envelope>

Leave a Reply