This article provides sample Webservice and Webservice Client for two way SSL. It also demonstrates the use of WLSSSLAdapter class to send certificates to the server.
1. Create a JWS with the following policy : Wssp1.2-2007-Https-ClientCertReq.xml
package examples.webservices.security_jws; import weblogic.jws.WLHttpTransport; import weblogic.jws.Policies; import weblogic.jws.Policy; import javax.jws.WebService; import javax.jws.WebMethod; import javax.jws.soap.SOAPBinding; @WebService(name="SecureHelloWorldPortType", serviceName="SecureHelloWorldService", targetNamespace="http://www.bea.com") @SOAPBinding(style=SOAPBinding.Style.DOCUMENT, use=SOAPBinding.Use.LITERAL, parameterStyle=SOAPBinding.ParameterStyle.WRAPPED) @WLHttpTransport(contextPath="SecureHelloWorldService", serviceUri="SecureHelloWorldService", portName="SecureHelloWorldServicePort") @Policy(uri = "policy:Wssp1.2-2007-Https-ClientCertReq.xml") public class SecureHelloWorldImpl { @WebMethod() public String sayHello(String s) { return "Hello " + s; } }
2. Build and Deploy the service on WebLogic Server
3. Deploy a war file with the following jsp in another server.
<html> <head> <title>WS Client App</title> </head> <body bgcolor="#cccccc"> <blockquote> <h2>Protected Page</h2> </blockquote> <%@ page import="examples.webservices.security_jws.client.SecureHelloWorldService"%> <%@ page import="examples.webservices.security_jws.client.SecureHelloWorldService_Impl"%> <%@ page import="examples.webservices.security_jws.client.SecureHelloWorldPortType"%> <%@ page import="javax.xml.rpc.Stub"%> <%@ page import="weblogic.wsee.connection.transport.https.WlsSSLAdapter"%> <%@ page import="weblogic.security.SSL.TrustManager"%> <%@ page import="java.security.cert.X509Certificate"%> <% try { String wsdl = "https://localhost:7002/SecureHelloWorldService/SecureHelloWorldService?WSDL"; //SecureHelloWorldService service = new SecureHelloWorldService_Impl(wsdl); SecureHelloWorldService service = new SecureHelloWorldService_Impl(); SecureHelloWorldPortType port = service.getSecureHelloWorldServicePort(); WlsSSLAdapter adapter = new WlsSSLAdapter(); adapter.setKeystore("C://WSSecurity//LABS//twoway_jws//identity.jks","mystorepass".toCharArray(), "JKS" ); adapter.setClientCert("mykey","mykeypass".toCharArray()); adapter.setTrustManager( new TrustManager(){ public boolean certificateCallback(X509Certificate[] chain, int validateErr){ return true; } }); weblogic.wsee.connection.transport.https.HttpsTransportInfo info = new weblogic.wsee.connection.transport.https.HttpsTransportInfo(adapter); Stub stub = (Stub)port; stub._setProperty(Stub.ENDPOINT_ADDRESS_PROPERTY,"https://localhost:7002/SecureHelloWorldService/SecureHelloWorldService?WSDL"); stub._setProperty("weblogic.wsee.client.ssladapter", adapter); out.println(port.sayHello("World")); } catch (Exception e) { out.println("File input error"+e); } %> </body> </html>
4. Configure SSL on the server on which client app is deployed.
5. On the server on which the service is deployed , do the 2 way SSL configuration.
a) Go to Home >Summary of Servers > YourServer > SSL > Advanced >
Two Way Client Cert Behavior: Client Certs Requested and Enforced
Hostname Verification: None
b) Go to Home >Summary of Security Realms >myrealm >Providers >DefaultIdentityAsserter
Under Common
Chosen Select X509
Under Provider Specific
Trusted Client Principals: <CN of the client’s certificate>
Default User Name Mapper Attribute Type: CN
Use Default User Name Mapper: Checked
c) Create a user in the security realm with the CN value of the certificate.
6) Import the client’s public certificate in the trust store of the server.