Samples : Working With Security Context Propagation Sample

Working With Security Context Propagation Sample
This section presents the details about working with installed sample.
You must set the forwardUserInfoDoc flag to true on the Management Agent for WebSphere agent to enable Security Context Propagation.
To set the forwardUserInfoDoc flag to true perform the following steps:
1.
2.
3.
4.
Change the <pfx6:forwardUserInfoContextDoc>false</pfx6:forwardUserInfoContextDoc> tag to true.
The following screenshot shows the SecurityContextPropagation-samples/JAX-RPC:
Figure 16 SecurityContextPropagation - Samples Directory
SimpleServer - SimpleServer JAX-RPC Web SOAP/HTTP Service project created using IBM WebSphere Application Server Toolkit version 6.1.0 with latest fix pack.
This service does addition of two numbers.
ReferenceToSimpleServer - ReferenceToSimpleServer JAX-RPC SOAP/HTTP Web Service project created using IBM WebSphere Application Server Toolkit version 6.1.0 with latest fix pack.
This service accepts two numbers and calls the SimpleServer service which returns the total results of this addition back to the ReferenceToSimpleServer service.
 
 
To work with the sample, perform the following steps.
1.
Login to the IBM console and Deploy SimpleServer Web Service.
2.
ReferenceToSimpleServer service calls SimpleServer Web service.
It uses the service name of the referenced web service and appends the suffix “_reference” to it in order to distinguish itself from the referenced web service. You can apply Embedded Client Side Proxy to this service.
Figure 17 Referenced Web Service
 
Using Security Context API
With reference to ReferenceToSimpleServer web service project, the following section describes how to develop a web service that uses the Security Context API.
Web Service Implementation
For the Security Context API setSecurityContextForJaxRPC(Call call, ServletEndpointContext servletEndptContext) to extract the user information document from the MessageContext the Web Service needs to implement the Service Lifecycle Interface.
Refer the JAX-RPC code snippet below for the correct usage of the setSecurityContextForJaxRPC(Call call, ServletEndpointContext servletEndptContext) API.
 
/**
* SimpleHttpPortTypeEndpoint1BindingImpl.java
*/
package com.example.xmlns;
import javax.xml.rpc.ServiceException;
import javax.xml.rpc.Stub;
import javax.xml.rpc.Call;
import javax.xml.rpc.Service;
import javax.xml.rpc.JAXRPCException;
import javax.xml.namespace.QName;
import javax.xml.rpc.ServiceFactory;
import javax.xml.rpc.ParameterMode;
import javax.xml.rpc.server.ServiceLifecycle;
import javax.xml.rpc.server.ServletEndpointContext;
import com.tibco.amma.was.security.SecurityContext;
public class SimpleHttpPortTypeEndpoint1BindingImpl implements com.example.xmlns.SimpleHttpPortType, ServiceLifecycle{
private static String endpointAddress = "http://hostname:9087/SimpleServer/services/SimpleHttpPortTypeEndpoint1";
private ServletEndpointContext servletEndptContext;
private static String qnameService = "SimpleServer";
private static String qnamePort = "SimpleHttpPortType";
private static String ENCODING_STYLE_PROPERTY = "javax.xml.rpc.encodingstyle.namespace.uri";
private static String NS_XSD = "http://www.w3.org/2001/XMLSchema";
private static String URI_ENCODING = "http://schemas.xmlsoap.org/soap/encoding/";
public java.math.BigInteger Add(long number1, long number2) throws java.rmi.RemoteException {
java.math.BigInteger result;
try {
ServiceFactory factory = ServiceFactory.newInstance();
Service service = factory.createService(new QName(qnameService));
QName port = new QName(qnamePort);
Call call = service.createCall(port); call.setTargetEndpointAddress(endpointAddress); call.setProperty(Call.SOAPACTION_USE_PROPERTY, new Boolean(true)); call.setProperty(Call.SOAPACTION_URI_PROPERTY, "");
call.setProperty(ENCODING_STYLE_PROPERTY, URI_ENCODING);
...
SecurityContext.setSecurityContextForJaxRPC(call, servletEndptContext);
System.out.println("ReferenceToSimpleServer invoking SimpleServer with values (" + number1 + ", " + number2 + ")");
result = (java.math.BigInteger)call.invoke(params);
return result
}
catch (Exception ex) {
ex.printStackTrace();
return null;
}
}
// The JAX-RPC runtime passes the ServletEndpointContext in this method .
public void init(Object context) throws ServiceException {
this.servletEndptContext = (ServletEndpointContext) context;
}
public void destroy() {
}
}
Using the SimpleService project, create the SimpleService EAR using IBM WebSphere Application Server Toolkit. Then deploy the SimpleService EAR.
The endpointAddress variable highlighted in the snippet must be replaced with the actual SimpleService service endpoint url in the ReferenceToSimpleServer project code shipped as a sample.
To use this functionality, the users need to modify their web services (that reference other web services) to add a reference binding file amma-was-config.xml.
Snippet of amma-was-config.xml for reference:
?xml version="1.0"?>
<amma-was-config>
<ExternalServicesWsdlUrlList>
<ExternalServiceWsdlUrl>http://hostname:9087/SimpleServer/services/SimpleHttpPortTypeEndpoint1/wsdl/Simple.wsdl</ExternalServiceWsdlUrl>
</ExternalServicesWsdlUrlList>
</amma-was-config>
Create the ReferenceToSimpleService EAR using IBM WebSphere Application Server Toolkit.
The ReferenceToSimpleServer project contains amma-was-config.xml file under the WEB-INF folder. This file needs to be updated with the WSDL URL of the deployed SimpleService web service.
Deploy the ReferenceToSimpleService EAR.
You are now ready to test a ReferenceToSimpleService web service calling SimpleService web service scenario with security context propagation enabled.