Two way SSL Webservice on Weblogic Server

This article provides sample Webservice and Webservice Client for two way SSL. It also demonstrates the use of WLSSSLAdapter class to send certificates to the server. 1. Create a JWS with the following policy  : Wssp1.2-2007-Https-ClientCertReq.xml   package examples.webservices.security_jws; import weblogic.jws.WLHttpTransport; import weblogic.jws.Policies; import weblogic.jws.Policy; import javax.jws.WebService; import javax.jws.WebMethod; import javax.jws.soap.SOAPBinding; @WebService(name="SecureHelloWorldPortType",

Continue reading »

Using RolesAllowed and SecurityRole annotations to secure Webservices on Weblogic

1. Write a JWS that uses the RolesAllowed and SecurityRole annotation package examples.webservices.security_jws; import weblogic.jws.WLHttpTransport; import weblogic.jws.Policies; import weblogic.jws.Policy; import javax.jws.WebService; import javax.jws.WebMethod; import javax.jws.soap.SOAPBinding; import weblogic.jws.security.RolesAllowed; import weblogic.jws.security.SecurityRole; @WebService(name="SecureHelloWorldPortType", serviceName="SecureHelloWorldService", targetNamespace="http://www.bea.com") @SOAPBinding(style=SOAPBinding.Style.DOCUMENT, use=SOAPBinding.Use.LITERAL, parameterStyle=SOAPBinding.ParameterStyle.WRAPPED) @WLHttpTransport(contextPath="SecureHelloWorldService", serviceUri="SecureHelloWorldService", portName="SecureHelloWorldServicePort") @RolesAllowed ( { @SecurityRole (role="testrole") } ) public class SecureHelloWorldImpl { @WebMethod()

Continue reading »

How to load webservices security policy from classpath

1) Add the following JAVA OPTION to the classpath -Dweblogic.wsee.policy.LoadFromClassPathEnabled=true 2) Write a simple policy. Encrypt.xml   <?xml version="1.0"?> <wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wssp="http://www.bea.com/wls90/security/policy" > <wssp:Confidentiality> <wssp:KeyWrappingAlgorithm URI="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/> <wssp:Target> <wssp:EncryptionAlgorithm URI="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/> <wssp:MessageParts Dialect="http://schemas.xmlsoap.org/2002/12/wsse#part"> wsp:Body() </wssp:MessageParts> </wssp:Target> <wssp:KeyInfo/> </wssp:Confidentiality> </wsp:Policy> 3) Write a JWS that uses this Policy SecureHelloWorldImpl.java   package examples.webservices.security_jws; import

Continue reading »

Testing secure webservice on Weblogic using SOAP UI

Create  the certificates for the client using keytool and store it at a location. You can refer our articles on SSL to get more details on how to create keystores. Once the client keystore is created you need to do the following configuration on SOAP UI.        

Continue reading »

Webservice Security – WS-Trust and WS-SecureConversation an overview

Webservices “A Web Service is a system designed to support interoperable communication from machine to machine over a network. It includes an interface described in a machine-processable format (WSDL), and is typically conveyed using HTTP with XML serialization.” Webservices exist in a wide range of architecture, technologies and software design.

Continue reading »

Securing WebServices using Username / Password mechanism

Security is an important aspect of your application design. When the web services are deployed and accessed, you might like to restrict its accesses to particular set of users/ groups or any users of a particular role. Hence we specify the policies for the application  webservice in this case at

Continue reading »

Creating stand alone WebService Client from WSDL

The below post provides an implementation of a Java stand alone client for a sample Java WebService.  All you need to know is the URL to its public contract file, or WSDL. Per-Requisites: A WSDL file, describing the WebService deployed on the Server. You can refer the below link to

Continue reading »

WebService by Bottom Up approach using ant script

The JAX-WS allows you to implement a simple java class as a webservice by exposing its public methods as webservice operations. There are two programming approaches to develop a WebService.   1. Code-First This is a bottom-up, implementation-first strategy where we write the Java class and the data POJOs representing the

Continue reading »

WebServices in WebLogic

Web services are de facto standards in today’s internet world. They use XML-based standards and transport protocols to exchange data with clients. The below post gives a brief understanding of the webservices in WebLogic Service. Before moving on with a sample WebServer demonstration, lets understand the structure of the WebLogic

Continue reading »

JMS Based Webservice on Weblogic Server

By default, client applications use HTTP/S as the connection protocol when invoking a WebLogic Web Service. You can, however, configure a WebLogic Web Service so that client applications can also use JMS as the transport when invoking the Web Service.When a WebLogic Web Service is configured to use JMS as

Continue reading »