...

WS-SecureConversation interoperability between WebSphere Application Server V8 and Windows Communication

by user

on
Category: Documents
89

views

Report

Comments

Transcript

WS-SecureConversation interoperability between WebSphere Application Server V8 and Windows Communication
WS-SecureConversation interoperability between WebSphere
Application Server V8 and Windows Communication
Foundation using dynamic policy configuration, Part 2:
Configure and test the WebSphere web services client
Thomas Link
Advisory Software Engineer
Web Services Interoperability Development
IBM, Research Triangle Park, NC
Hyen-Vui (Henry) Chung
Senior Software Engineer
Web Services Architect
Amazon
Charles Le Vay
Senior Software Engineer
WebSphere Technical Evangelist - Emerging Technology
IBM, Research Triangle Park, NC
Salim Zeitouni
Advisory Software Engineer
WebSphere Commerce Development Software Developer
IBM, Research Triangle Park, NC
November, 2011
© Copyright International Business Machines Corporation 2011. All rights reserved.
This series of articles describes how to use the IBM WebSphere Application Server Version
8 Endpoint Interface samples to demonstrate interoperability with Microsoft™ Windows™
Communication Foundation. It provides step-by-step configurations to show you what you need
to do for SOAP message security interoperability using WS-SecureConversation.
The article is intended for web services developers and architects who plan to develop web
services across these platforms. You should have a basic understanding of Java™ programming,
web services development, WSDL and SOAP.
Introduction........................................................................................................................................
Before you begin................................................................................................................................
Enable policy sharing using dynamic policy.....................................................................................
Enable the service consumer for dynamic policy......................................................................
Test WebSphere Application Server to WebSphere Application Server conversation using
dynamic policy...................................................................................................................................
Obtain the WSDL..........................................................................................................................
Test the EchoService client and service........................................................................................
Summary............................................................................................................................................
Resources...........................................................................................................................................
Specifications.............................................................................................................................
WebSphere Application Server Information Center..................................................................
Feature Pack for Web Services & developerWorks..................................................................
Windows Communication Foundation......................................................................................
About the authors...........................................................................................................................
Introduction
WebSphere Application Server Version 8 includes a set of Java API for XML-Based Web
Services (JAX-WS) samples that demonstrate simple message exchange patterns (MEPs) using
both a synchronous and asynchronous programming model. The samples support SOAP 1.1 and
SOAP 1.2. Using these MEP samples composed with Web services standards such as WSAddressing (WS-A), WS-Security, WS-Reliable Messaging (WS-RM), and WSSecureConversation (WS-SC), you can perform a broad range of interoperability tests. These
samples demonstrate the use of JavaBean artifacts, static service endpoints and proxy-based
clients.
The purpose of this series of articles is to highlight protocol-level interoperability between
WebSphere Application Server V8 and Windows Communication Foundation 4.0 (WCF) using
dynamic policy to configure WS-SecureConversation. Dynamic policy configuration is a new
feature in WebSphere Application Server V8.
In this series of articles, you’ll learn how to:
1. Statically configure a custom WebSphere WS-SC policy set and binding.
2. Dynamically configure a WebSphere Application Server web services client using the WSSecurity policy assertions emitted from WebSphere and test it with a WebSphere
Application Server service provider.
3. Dynamically configure a WCF client using the WS-Security policy assertions emitted from
WebSphere and test it with a WebSphere Application Server service provider.
This article focuses on dynamically configuring a WebSphere Application Server web services
client using the WS-Security policy assertions emitted from WebSphere and testing it with a the
WebSphere Application Server service provider.
Before you begin
You must successfully complete and test the WS-SecureConversation policy set and bindings
described in Part 1 before beginning the steps in this article.
Enable policy sharing using dynamic policy
In this section, you will enable the service provider to emit policy assertions in the WSDL.
Start the Integrated Solution Console by doing one of the following:
1. Start the Integrated Solution Console by doing one of the following
• From the Start menu, select Start => Programs => IBM WebSphere => Application
Server V8.0 => Profiles => AppSvr01 => Administrative Console.
• In a browser, go to http://<hostname>:9060/ibm/console. Depending on your installation
of the AppSrvxx profile, the console port may be different.
2. Enter your application server administrative user ID and, if required, your password, and
click Log in, as shown in Figure 1.
Figure 1. Log in to the administrative console
3. Select Services => Service providers in the left navigation bar to list all the JAX-WS web
service providers installed, as shown in Figure 2:
Figure 2. List web service providers
4. Click EchoService in the collection table to navigate to the detail page.
5. Click Disabled under Policy Sharing for EchoService, as shown in Figure 3.
Figure 3. Click on Disabled
6. Check Exported WSDL, as shown in Figure 4.
Figure 4. Check Exported WSDL
7. Click OK.
8. Save the changes.
Enable the service consumer for dynamic policy
In this section, you will learn how to configure the client to consume the dynamic policy
assertions emitted from the service provider.
1. Select Services => Service clients in the left navigation area to list all the JAX-WS web
service clients (consumers) installed, as shown in Figure 2 above.
2. Click EchoService in the collection table to navigate to the detail page, as shown in Figure 5.
Figure 5. EchoService detail page
3. Check the check box of the EchoService row.
4. Click Detach Client Policy Set.
5. Click None under Policies Applied, as shown in Figure 6.
6. Select Provider policy only from the list of policies to apply, as shown in Figure 7.
7. Select HTTP Get request, and Use the default request target.
8. Click OK.
9. Check the check box of the EchoService row.
10. In the Assign Binding menu, select MyConsumerGeneralBindings.
The Policy Set Attachments collection table should look like Figure 8.
9. Save the change.
10. Stop and restart the application server.
Test WebSphere Application Server to WebSphere
Application Server conversation using dynamic policy
Now that you have finished configuring the WebSphere Application server client and service to
use dynamic policy, you can test to ensure that WebSphere-to-WebSphere SecureConversation
flows are operational. You’ll use the SEI samples demo to test the WebSphere EchoService
client to WebSphere EchoService service to validate our security configuration.
Obtain the WSDL
The publishing of WS-SecurityPolicy assertions in the WSDL is currently enabled. You can
verify the WSDL from the service provider by issuing an HTTP GET request through the
browser using the URL: http://localhost:9080/WSSampleSei/EchoService?wsdl. You should now
see WS-SecurityPolicy assertions in the WSDL. Listing 1 shows the WSDL.
Listing 1. WSDL
<?xml version="1.0" encoding="UTF-8"?>
<wsdl:definitions name="EchoService"
targetNamespace="http://com/ibm/was/wssample/sei/echo/" xmlns:wsp="http://www.w3.org/ns/ws-policy"
xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:tns="http://com/ibm/was/wssample/sei/echo/"
xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/">
<wsdl:types>
<XSD:SCHEMA TARGETNAMESPACE="HTTP://COM/IBM/WAS/WSSAMPLE/SEI/ECHO/"
xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<xsd:element name="echoStringResponse">
<xsd:complexType>
<XSD:SEQUENCE>
<XSD:ELEMENT NAME="ECHORESPONSE" TYPE="XSD:STRING" />
</xsd:sequence>
</XSD:COMPLEXTYPE>
</XSD:ELEMENT>
<XSD:ELEMENT NAME="ECHOSTRINGINPUT">
<xsd:complexType>
<XSD:SEQUENCE>
<XSD:ELEMENT NAME="ECHOINPUT" TYPE="XSD:STRING" />
</xsd:sequence>
</XSD:COMPLEXTYPE>
</XSD:ELEMENT>
</XSD:SCHEMA>
</WSDL:TYPES>
<WSDL:MESSAGE NAME="ECHOOPERATIONREQUEST">
<wsdl:part name="parameter" element="tns:echoStringInput">
</wsdl:part>
</WSDL:MESSAGE>
<WSDL:MESSAGE NAME="ECHOOPERATIONRESPONSE">
<wsdl:part name="parameter" element="tns:echoStringResponse">
</wsdl:part>
</WSDL:MESSAGE>
<WSDL:PORTTYPE NAME="ECHOSERVICEPORTTYPE">
<wsdl:operation name="echoOperation">
<wsdl:input message="tns:echoOperationRequest">
</wsdl:input>
<WSDL:OUTPUT MESSAGE="TNS:ECHOOPERATIONRESPONSE">
</wsdl:output>
</WSDL:OPERATION>
</WSDL:PORTTYPE>
<WSDL:BINDING NAME="ECHOSOAP" TYPE="TNS:ECHOSERVICEPORTTYPE">
<soap:binding style="document"
transport="http://schemas.xmlsoap.org/soap/http" />
<wsp:PolicyReference URI="#33cbf62d-fcdd-4c96-8d30-0b3af1a180e1" />
<wsdl:operation name="echoOperation">
<soap:operation soapAction="echoOperation" style="document" />
<wsdl:input>
<SOAP:BODY USE="LITERAL" />
<wsp:PolicyReference URI="#921b09e1-9ac6-42d3-80ff-ee0519cd1988" />
</wsdl:input>
<WSDL:OUTPUT>
<SOAP:BODY USE="LITERAL" />
<wsp:PolicyReference URI="#ff5139d6-72c8-4a53-9ef9-8ca9533524a7" />
</wsdl:output>
</WSDL:OPERATION>
</WSDL:BINDING>
<WSDL:SERVICE NAME="ECHOSERVICE">
<wsdl:port name="EchoServicePort" binding="tns:EchoSOAP">
<soap:address
LOCATION="HTTP://LOCALHOST:9080/WSSAMPLESEI/ECHOSERVICE" />
</wsdl:port>
</WSDL:SERVICE>
<WSP:POLICY WSU:ID="33CBF62D-FCDD-4C96-8D30-0B3AF1A180E1">
<wsp:ExactlyOne>
<WSP:ALL>
<ADDRESSING:ADDRESSING
XMLNS:ADDRESSING="HTTP://WWW.W3.ORG/2007/05/ADDRESSING/METADATA">
<wsp:Policy>
<WSP:EXACTLYONE>
<WSP:ALL />
</WSP:EXACTLYONE>
</WSP:POLICY>
</ADDRESSING:ADDRESSING>
</WSP:ALL>
<WSP:ALL>
<ADDRESSING:ADDRESSING
XMLNS:ADDRESSING="HTTP://WWW.W3.ORG/2007/05/ADDRESSING/METADATA">
<wsp:Policy>
<WSP:EXACTLYONE>
<WSP:ALL>
<ADDRESSING:ANONYMOUSRESPONSES />
</WSP:ALL>
</WSP:EXACTLYONE>
</WSP:POLICY>
</ADDRESSING:ADDRESSING>
</WSP:ALL>
<WSP:ALL>
<ADDRESSING:ADDRESSING
XMLNS:ADDRESSING="HTTP://WWW.W3.ORG/2007/05/ADDRESSING/METADATA">
<wsp:Policy>
<WSP:EXACTLYONE>
<WSP:ALL>
<ADDRESSING:NONANONYMOUSRESPONSES />
</WSP:ALL>
</WSP:EXACTLYONE>
</WSP:POLICY>
</ADDRESSING:ADDRESSING>
</WSP:ALL>
<WSP:ALL />
</WSP:EXACTLYONE>
<NS2:SYMMETRICBINDING
XMLNS:NS2="HTTP://DOCS.OASIS-OPEN.ORG/WS-SX/WS-SECURITYPOLICY/200702">
<wsp:Policy>
<NS2:INCLUDETIMESTAMP />
<NS2:PROTECTIONTOKEN>
<WSP:POLICY>
<NS2:SECURECONVERSATIONTOKEN
NS2:INCLUDETOKEN="HTTP://DOCS.OASIS-OPEN.ORG/WS-SX/WS-SECURITYPOLICY/200702/INCLUDETOKEN/ALWAYSTORECIPIENT">
<wsp:Policy>
<NS2:REQUIREDERIVEDKEYS />
<NS2:REQUIREEXTERNALURIREFERENCE />
<NS2:BOOTSTRAPPOLICY>
<WSP:POLICY>
<NS2:ASYMMETRICBINDING>
<WSP:POLICY>
<NS2:INITIATORTOKEN>
<WSP:POLICY>
<NS2:X509TOKEN
NS2:INCLUDETOKEN="HTTP://DOCS.OASIS-OPEN.ORG/WS-SX/WSSECURITYPOLICY/200702/INCLUDETOKEN/ALWAYSTORECIPIENT">
<wsp:Policy>
<NS2:WSSX509V3TOKEN10 />
</WSP:POLICY>
</NS2:X509TOKEN>
</WSP:POLICY>
</NS2:INITIATORTOKEN>
<NS2:ALGORITHMSUITE>
<WSP:POLICY>
<NS2:BASIC128RSA15 />
</WSP:POLICY>
</NS2:ALGORITHMSUITE>
<NS2:LAYOUT>
<WSP:POLICY>
<NS2:STRICT />
</WSP:POLICY>
</NS2:LAYOUT>
<NS2:RECIPIENTTOKEN>
<WSP:POLICY>
<NS2:X509TOKEN
NS2:INCLUDETOKEN="HTTP://DOCS.OASIS-OPEN.ORG/WS-SX/WSSECURITYPOLICY/200702/INCLUDETOKEN/ALWAYSTOINITIATOR">
<wsp:Policy>
<NS2:WSSX509V3TOKEN10 />
</WSP:POLICY>
</NS2:X509TOKEN>
</WSP:POLICY>
</NS2:RECIPIENTTOKEN>
<NS2:INCLUDETIMESTAMP />
<NS2:ENCRYPTSIGNATURE />
</WSP:POLICY>
</NS2:ASYMMETRICBINDING>
<NS2:WSS11>
<WSP:POLICY>
<NS2:REQUIRESIGNATURECONFIRMATION />
<NS2:MUSTSUPPORTREFKEYIDENTIFIER />
</WSP:POLICY>
</NS2:WSS11>
<NS2:SIGNEDPARTS>
<NS2:BODY />
<NS2:HEADER NAME="FROM"
Namespace="http://www.w3.org/2005/08/addressing"
xmlns="" xmlns:ns10="http://www.w3.org/2005/08/addressing" />
<ns2:Header Name="MessageID"
Namespace="http://www.w3.org/2005/08/addressing"
xmlns="" xmlns:ns10="http://www.w3.org/2005/08/addressing" />
<ns2:Header Name="To"
Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"
xmlns="" xmlns:ns10="http://www.w3.org/2005/08/addressing" />
<ns2:Header Name="RelatesTo"
Namespace="http://www.w3.org/2005/08/addressing"
xmlns="" xmlns:ns10="http://www.w3.org/2005/08/addressing" />
<ns2:Header Name="Action"
Namespace="http://www.w3.org/2005/08/addressing"
xmlns="" xmlns:ns10="http://www.w3.org/2005/08/addressing" />
<ns2:Header Name="From"
Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"
xmlns="" xmlns:ns10="http://www.w3.org/2005/08/addressing" />
<ns2:Header Name="ReplyTo"
Namespace="http://www.w3.org/2005/08/addressing"
xmlns="" xmlns:ns10="http://www.w3.org/2005/08/addressing" />
<ns2:Header Name="Action"
Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"
xmlns="" xmlns:ns10="http://www.w3.org/2005/08/addressing" />
<ns2:Header Name="FaultTo"
Namespace="http://www.w3.org/2005/08/addressing"
xmlns="" xmlns:ns10="http://www.w3.org/2005/08/addressing" />
<ns2:Header Name="MessageID"
Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"
xmlns="" xmlns:ns10="http://www.w3.org/2005/08/addressing" />
<ns2:Header Name="RelatesTo"
Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"
xmlns="" xmlns:ns10="http://www.w3.org/2005/08/addressing" />
<ns2:Header Name="ReplyTo"
Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"
xmlns="" xmlns:ns10="http://www.w3.org/2005/08/addressing" />
<ns2:Header Name="To"
Namespace="http://www.w3.org/2005/08/addressing"
xmlns="" xmlns:ns10="http://www.w3.org/2005/08/addressing" />
<ns2:Header Name="FaultTo"
Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"
xmlns="" xmlns:ns10="http://www.w3.org/2005/08/addressing" />
</ns2:SignedParts>
<NS2:ENCRYPTEDPARTS>
<NS2:BODY />
</NS2:ENCRYPTEDPARTS>
</WSP:POLICY>
</NS2:BOOTSTRAPPOLICY>
<NS2:MUSTNOTSENDAMEND />
</WSP:POLICY>
</NS2:SECURECONVERSATIONTOKEN>
</WSP:POLICY>
</NS2:PROTECTIONTOKEN>
<NS2:ALGORITHMSUITE>
<WSP:POLICY>
<NS2:BASIC128RSA15 />
</WSP:POLICY>
</NS2:ALGORITHMSUITE>
<NS2:LAYOUT>
<WSP:POLICY>
<NS2:STRICT />
</WSP:POLICY>
</NS2:LAYOUT>
<NS2:ENCRYPTSIGNATURE />
</WSP:POLICY>
</NS2:SYMMETRICBINDING>
<NS2:WSS11
XMLNS:NS2="HTTP://DOCS.OASIS-OPEN.ORG/WS-SX/WS-SECURITYPOLICY/200702">
<wsp:Policy>
<NS2:REQUIRESIGNATURECONFIRMATION />
<NS2:MUSTSUPPORTREFEXTERNALURI />
</WSP:POLICY>
</NS2:WSS11>
<NS2:TRUST13
XMLNS:NS2="HTTP://DOCS.OASIS-OPEN.ORG/WS-SX/WS-SECURITYPOLICY/200702">
<wsp:Policy>
<NS2:MUSTSUPPORTISSUEDTOKENS />
<NS2:REQUIRECLIENTENTROPY />
<NS2:REQUIRESERVERENTROPY />
</WSP:POLICY>
</NS2:TRUST13>
</WSP:POLICY>
<WSP:POLICY WSU:ID="921B09E1-9AC6-42D3-80FF-EE0519CD1988">
<ns2:SignedParts
XMLNS:NS2="HTTP://DOCS.OASIS-OPEN.ORG/WS-SX/WS-SECURITYPOLICY/200702">
<ns2:Body />
<NS2:HEADER NAME="RELATESTO"
Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"
xmlns="" xmlns:ns10="http://www.w3.org/2005/08/addressing" />
<ns2:Header Name="From"
Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"
xmlns="" xmlns:ns10="http://www.w3.org/2005/08/addressing" />
<ns2:Header Name="RelatesTo" Namespace="http://www.w3.org/2005/08/addressing"
xmlns="" xmlns:ns10="http://www.w3.org/2005/08/addressing" />
<ns2:Header Name="FaultTo"
Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"
xmlns="" xmlns:ns10="http://www.w3.org/2005/08/addressing" />
<ns2:Header Name="FaultTo" Namespace="http://www.w3.org/2005/08/addressing"
xmlns="" xmlns:ns10="http://www.w3.org/2005/08/addressing" />
<ns2:Header Name="Action"
Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"
xmlns="" xmlns:ns10="http://www.w3.org/2005/08/addressing" />
<ns2:Header Name="MessageID" Namespace="http://www.w3.org/2005/08/addressing"
xmlns="" xmlns:ns10="http://www.w3.org/2005/08/addressing" />
<ns2:Header Name="ReplyTo"
Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"
xmlns="" xmlns:ns10="http://www.w3.org/2005/08/addressing" />
<ns2:Header Name="From" Namespace="http://www.w3.org/2005/08/addressing"
xmlns="" xmlns:ns10="http://www.w3.org/2005/08/addressing" />
<ns2:Header Name="To"
Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"
xmlns="" xmlns:ns10="http://www.w3.org/2005/08/addressing" />
<ns2:Header Name="MessageID"
Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"
xmlns="" xmlns:ns10="http://www.w3.org/2005/08/addressing" />
<ns2:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"
xmlns="" xmlns:ns10="http://www.w3.org/2005/08/addressing" />
<ns2:Header Name="Action" Namespace="http://www.w3.org/2005/08/addressing"
xmlns="" xmlns:ns10="http://www.w3.org/2005/08/addressing" />
<ns2:Header Name="ReplyTo" Namespace="http://www.w3.org/2005/08/addressing"
xmlns="" xmlns:ns10="http://www.w3.org/2005/08/addressing" />
</ns2:SignedParts>
<NS2:ENCRYPTEDPARTS
XMLNS:NS2="HTTP://DOCS.OASIS-OPEN.ORG/WS-SX/WS-SECURITYPOLICY/200702">
<ns2:Body />
</NS2:ENCRYPTEDPARTS>
</WSP:POLICY>
<WSP:POLICY WSU:ID="FF5139D6-72C8-4A53-9EF9-8CA9533524A7">
<ns2:SignedParts
XMLNS:NS2="HTTP://DOCS.OASIS-OPEN.ORG/WS-SX/WS-SECURITYPOLICY/200702">
<ns2:Body />
<NS2:HEADER NAME="FROM" NAMESPACE="HTTP://WWW.W3.ORG/2005/08/ADDRESSING"
xmlns="" xmlns:ns10="http://www.w3.org/2005/08/addressing" />
<ns2:Header Name="MessageID" Namespace="http://www.w3.org/2005/08/addressing"
xmlns="" xmlns:ns10="http://www.w3.org/2005/08/addressing" />
<ns2:Header Name="FaultTo" Namespace="http://www.w3.org/2005/08/addressing"
xmlns="" xmlns:ns10="http://www.w3.org/2005/08/addressing" />
<ns2:Header Name="RelatesTo" Namespace="http://www.w3.org/2005/08/addressing"
xmlns="" xmlns:ns10="http://www.w3.org/2005/08/addressing" />
<ns2:Header Name="MessageID"
Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"
xmlns="" xmlns:ns10="http://www.w3.org/2005/08/addressing" />
<ns2:Header Name="To"
Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"
xmlns="" xmlns:ns10="http://www.w3.org/2005/08/addressing" />
<ns2:Header Name="ReplyTo" Namespace="http://www.w3.org/2005/08/addressing"
xmlns="" xmlns:ns10="http://www.w3.org/2005/08/addressing" />
<ns2:Header Name="Action" Namespace="http://www.w3.org/2005/08/addressing"
xmlns="" xmlns:ns10="http://www.w3.org/2005/08/addressing" />
<ns2:Header Name="RelatesTo"
Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"
xmlns="" xmlns:ns10="http://www.w3.org/2005/08/addressing" />
<ns2:Header Name="ReplyTo"
Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"
xmlns="" xmlns:ns10="http://www.w3.org/2005/08/addressing" />
<ns2:Header Name="FaultTo"
Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"
xmlns="" xmlns:ns10="http://www.w3.org/2005/08/addressing" />
<ns2:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"
xmlns="" xmlns:ns10="http://www.w3.org/2005/08/addressing" />
<ns2:Header Name="From"
Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"
xmlns="" xmlns:ns10="http://www.w3.org/2005/08/addressing" />
<ns2:Header Name="Action"
Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"
xmlns="" xmlns:ns10="http://www.w3.org/2005/08/addressing" />
</ns2:SignedParts>
<NS2:ENCRYPTEDPARTS
XMLNS:NS2="HTTP://DOCS.OASIS-OPEN.ORG/WS-SX/WS-SECURITYPOLICY/200702">
<ns2:Body />
</NS2:ENCRYPTEDPARTS>
</WSP:POLICY>
</WSDL:DEFINITIONS>
Test the EchoService client and service
Start the SEI samples demo user interface by pointing your browser to
http://localhost:9080/wssamplessei/demo. To validate that the EchoService client and
EchoService service are properly configured, select Synchronous Echo for Message Type,
enter some text (such as test) in the Message String field, enter the hostname and port number
of the service endpoint (for example: http://localhost:9080), then click Send Message, as
shown in Figure 9.
Figure 9. Test the EchoService client and service
The response
box shows
the
connection
status, the
Message
Request, and
the Message
Response.
Note that the
Message
Response is
JAXWS==>>test.
The service
prepends
JAX-WS==>>
to the
Message
Request
string test.
If you see an
exception in
the Message
Response
box, check
the
System.out
log and
review the
security custom binding configurations for both the client and the service. You should resolve
these problems before you continue to the WCF configuration in Part 3.
Summary
In this article, we implemented a scenario that leverages WS-SecureConversation to secure
SOAP messages exchanged between the WebSphere Application Server V8 web services client
and service. You learned how to configure the Service provider to emit policy assertions and
how to dynamically configure a WebSphere web services client using these policy assertions.
Resources
Specifications
Web Services Security: SOAP Message Security 1.0 WS-Security (2004)
Web Services Security: SOAP Message Security 1.1
Web Services SecureConversation
WebSphere Application Server Information Center
WebSphere Application Server V8 Information Center: Introduction to web services
Feature Pack for Web Services & developerWorks
WS-SecureConversation interoperability between WebSphere Application Server V8 and
Windows Communication Foundation using dynamic policy configuration, Part 1: Configure and
test WS-Secure Conversation (developerWorks 2009): Part 1 of this series focuses on statically
configuring a custom WebSphere WS-SC policy set and binding.
Achieving Web services interoperability between the WebSphere Web Services Feature Pack
and Windows Communication Foundation, Part 1; (developerWorks 2007: Part 1 of this series
describes how to use the WebSphere Application Server Version 6.1 Feature Pack for Web
Services Service Endpoint Interface samples to demonstrate interoperability with Microsoft
Windows Communication Foundation. It provides step-by-step instructions on how to achieve
basic Web services interoperability for SOAP 1.1, SOAP 1.2, and WS-Addressing.
Achieving Web services interoperability between the WebSphere Web Services Feature Pack
and Windows Communication Foundation, Part 2: Configure and test WS-Security
(developerWorks 2007): Part 2 of this series focuses on how to configure a custom WebSphere
WS-Security policy set and binding, how to configure WS-Security in a WCF customBinding,
and how to testWS-Security interoperability between WebSphere and WCF.
Achieving Web services interoperability between the WebSphere Web Services Feature Pack
and Windows Communication Foundation, Part 3: Configure and test WS-SecureConversation
(developerWorks 2008): Part 3 of this series focuses on how to configure a custom WebSphere
WS-SecureConversation policy set and binding, how to configure WS-SecureConversation in a
WCF customBinding, and how to test WS-SecureConversation interoperability between
WebSphere and WCF.
Windows Communication Foundation
Web Services Protocols Interoperability Guide: This topic provides a list of Web Services
Protocols implemented by WCF.
Web Services Protocols Supported by System-Provided Interoperability Bindings: This topic
lists specifications that are supported by system-provided interoperable bindings.
About the authors
Tom Link works as an advisory software engineer on the IBM WebSphere web services
interoperability team. Tom is an active member of the OASIS community, an open industry
organization chartered to promote Web interoperability. Prior to joining the web services group,
Tom developed the PalmOS user interface for the WebSphere Everyplace product. Since joining
IBM in 1977, Tom has worked on many IBM, WebSphere and Lotus software products.
Henry Chung is currently a software development engineer at Amazon. Prior to that, Henry was
the architect on the WebSphere Web Services development team, the architect and lead
developer of Web services security on the WebSphere platform. Henry has been in middleware
development for over 10 years and has developed many security features for the WebSphere
platform.
Charles Le Vay is a senior software architect and technical evangelist on the WebSphere
Emerging Technologies team. His current focus is on promoting the advantages of elastic data
grid technology within the enterprise. Before becoming a technical evangelist, Charles was the
Web Service interoperability architect for IBM's WebSphere Application Server. He represented
IBM on the Web Service Interoperability Organization (WS-I) Reliable Secure Profile (RSP)
Working Group. As an interoperability architect, Charles focused on ensuring IBM products
meet industry standard interoperability criteria. He was responsible for identifying and detailing
best practices for Web services interoperability. Prior to this position, Charles specialized in
mobile application development, wireless technology, and extending enterprise applications
securely to mobile devices. Before joining IBM, Charles developed advanced submarine sonar
systems for the Navy and specialized in signal processing and underwater acoustics. Charles is a
graduate of Duke University with a degree in physics.
Salim Zeitouni works as an Advisory Software Engineer on the IBM WebSphere Web services
interoperability team. He is an active member of the WS-I community, an open industry
organization chartered to promote Web services interoperability and currently chairs the Sample
Applications Work Group. Prior to joining the Web services team, Salim was a team lead on
several WebSphere products that provide integrated client-server environment and application
development tools to extend business applications and data to mobile users. Since joining IBM in
1996, Salim has worked on several WebSphere, Tivoli, and Lotus software products.
Fly UP