This article provides sample Webservice and Webservice Client for two way SSL. It also demonstrates the use of WLSSSLAdapter class to send certificates to the server.
1. Create a JWS with the following policy : Wssp1.2-2007-Https-ClientCertReq.xml
package examples.webservices.security_jws;
import weblogic.jws.WLHttpTransport;
import weblogic.jws.Policies;
import weblogic.jws.Policy;
import javax.jws.WebService;
import javax.jws.WebMethod;
import javax.jws.soap.SOAPBinding;
@WebService(name="SecureHelloWorldPortType",
serviceName="SecureHelloWorldService",
targetNamespace="http://www.bea.com")
@SOAPBinding(style=SOAPBinding.Style.DOCUMENT,
use=SOAPBinding.Use.LITERAL,
parameterStyle=SOAPBinding.ParameterStyle.WRAPPED)
@WLHttpTransport(contextPath="SecureHelloWorldService",
serviceUri="SecureHelloWorldService",
portName="SecureHelloWorldServicePort")
@Policy(uri = "policy:Wssp1.2-2007-Https-ClientCertReq.xml")
public class SecureHelloWorldImpl {
@WebMethod()
public String sayHello(String s) {
return "Hello " + s;
}
}
2. Build and Deploy the service on WebLogic Server
3. Deploy a war file with the following jsp in another server.
<html>
<head>
<title>WS Client App</title>
</head>
<body bgcolor="#cccccc">
<blockquote>
<h2>Protected Page</h2>
</blockquote>
<%@ page import="examples.webservices.security_jws.client.SecureHelloWorldService"%>
<%@ page import="examples.webservices.security_jws.client.SecureHelloWorldService_Impl"%>
<%@ page import="examples.webservices.security_jws.client.SecureHelloWorldPortType"%>
<%@ page import="javax.xml.rpc.Stub"%>
<%@ page import="weblogic.wsee.connection.transport.https.WlsSSLAdapter"%>
<%@ page import="weblogic.security.SSL.TrustManager"%>
<%@ page import="java.security.cert.X509Certificate"%>
<%
try
{
String wsdl = "https://localhost:7002/SecureHelloWorldService/SecureHelloWorldService?WSDL";
//SecureHelloWorldService service = new SecureHelloWorldService_Impl(wsdl);
SecureHelloWorldService service = new SecureHelloWorldService_Impl();
SecureHelloWorldPortType port = service.getSecureHelloWorldServicePort();
WlsSSLAdapter adapter = new WlsSSLAdapter();
adapter.setKeystore("C://WSSecurity//LABS//twoway_jws//identity.jks","mystorepass".toCharArray(), "JKS" );
adapter.setClientCert("mykey","mykeypass".toCharArray());
adapter.setTrustManager( new TrustManager(){
public boolean certificateCallback(X509Certificate[] chain, int validateErr){
return true;
}
});
weblogic.wsee.connection.transport.https.HttpsTransportInfo info = new weblogic.wsee.connection.transport.https.HttpsTransportInfo(adapter);
Stub stub = (Stub)port;
stub._setProperty(Stub.ENDPOINT_ADDRESS_PROPERTY,"https://localhost:7002/SecureHelloWorldService/SecureHelloWorldService?WSDL");
stub._setProperty("weblogic.wsee.client.ssladapter", adapter);
out.println(port.sayHello("World"));
}
catch (Exception e)
{
out.println("File input error"+e);
}
%>
</body>
</html>
4. Configure SSL on the server on which client app is deployed.
5. On the server on which the service is deployed , do the 2 way SSL configuration.
a) Go to Home >Summary of Servers > YourServer > SSL > Advanced >
Two Way Client Cert Behavior: Client Certs Requested and Enforced
Hostname Verification: None
b) Go to Home >Summary of Security Realms >myrealm >Providers >DefaultIdentityAsserter
Under Common
Chosen Select X509
Under Provider Specific
Trusted Client Principals: <CN of the client’s certificate>
Default User Name Mapper Attribute Type: CN
Use Default User Name Mapper: Checked
c) Create a user in the security realm with the CN value of the certificate.
6) Import the client’s public certificate in the trust store of the server.