This section demonstrates capability of WSStub and WSConsumer (4.0) to send/receive secured SOAP messages using UsernameToken Web Service Security action.
Scenario
Expose a simple Web Service using WSStub. Using UsernameToken WS-Security mechanism, configure the WSStub component to ascertain the identity of sender (WebserviceConsumer 4.0) of SOAP requests. Similarly, using UsernameToken mechanism, configure the WebserviceConsumer component to check the identity of sender (WSStub) of SOAP responses.
Components used
Setting up the Example
Using Password Callback Class
Password Callback Class is required for the UsernameToken security function to specify password for username as well as for private keys in keystore. Private keys will be used to sign and/or decrypt a message. To specify password, an implementation of javax.security.auth.callback.CallbackHandler
is needed. A fully qualified class name of this implementation should be provided in CPS.
Refer Creating Password Callback Class handler to create a Password Callback Class.
Configuring WSStub component
When WSStub receives a message secured by UsernameToken, it will verify the username and password. To verify, UsernameToken action must be enabled in WSStub Configuration Property Sheet (CPS). To configure WSStub component, perform the following action in eStudio:
- Add a new Event Process with name 'WSSecurity_Example'.
- Drag the WSStub component from the WebService category in the Micro Service Palette to the Fiorano Orchestrator.
Figure 1: Adding WSStub component to Fiorano Orchestrator
- Double-click the WSStub component in the orchestrator to open Configuration Property Sheet (CPS).
- In the Configuration screen, click WSDL Configuration button
Figure 2: WSDL Configuration
- In the WSDL Configuration dialog box, select Auto_created_Operataion present in the left pane to enable input (request) and output (response).
Figure 3: Selecting Auto_created_Operation
- Under Input tab, perform the below actions:
- Click Add button to add Name 'PartName1'.
- Click the Ellipsis button to open Select Type/Element dialog box. Select string option to configure the WSStub component to send a string message and then click OK.
Figure 4: Adding Input attributes under Auto_created_Opretaion
Perform the same actions (as performed under Input tab) under Output tab to add a part 'PartName1' and 'string' under Name and Type/Element respectively and click OK in the WSDL Configuration dialog box.
Click Next to navigate to Security Configuration screen. Under WS-Security Configuration section, click WS-Security button to configure WS-Security settings.
Figure 5: Security Configuration
- In the Request WS-Security tab, perform the following actions:
- Under Security Actions section, select Username Token check box.
In Password Callback Class under Username Token section, provide the class name (PWCallback; refer the Creating Password Callback Class handler).
Figure 6: Security settings in Request WS-Security
In Response WS-Security tab, select Username Token check box under Security Actions section to enable Username Token security action and then provide the following values:
- User: Username that has to be used in Username token security function.
- Password Callback Class: Provide the class name (PWCallback; refer the Creating Password Callback Class handler section).
Password Type: Provide 'PasswordText' for a plain text password to be sent in the message (as a Password Callback class is provided). If a password is not required, provide 'PasswordNone'.
Figure 7: Security settings in Response WS-Security
Click OK to save WS-Security settings and click Finish to save WSStub component configuration.
- In the three ports that get generated after WSStub configuration, connect the output port 'REQUEST' to the input port 'RESPONSE'.
Figure 8: Connecting WSStub output port to input port
Configuring Route Transformation
To configure transformation between input and output port, perform the following actions in the Fiorano Orchestrator:
- Right-click route1, point to Configure Transformation and select Mapper Project to open Fiorano Mapper editor.
Figure 9: Opening Mapper Project editor
- In the Output Structures panel in Mapper Project, click PartName1 element as it appears in Funclet View.
Figure 10: Adding PartName1 to Funclet View
- In the Funclet View panel, drag the function element Constant to the Funclet easel and double-click it to change the name to 'Secure_ACK' to give a logical meaning to the scenario (acknowledgement message of secured message received).
Figure 11: Adding Constant and renaming it
- Connect the Source node of the constant 'Secure_ACK' to the destination node of PartName1.
Figure 12: Connecting the Constant with PartName1
- Click Save icon (or File >Save) to save the transformation configuration and close the Mapper Project editor.
Launching Web Service
To launch the webservice, perform the following actions:
- Click Check Resource and Connectivity icon (or press ALT+SHIFT+C) to check resource and connectivity.
- Click Run Event Process icon (ALT+SHIFT+R).
- Right-click WSStub component and click Copy WSDL URL to copy the URL to clipboard, which is used in the next section.
Figure 13: Copying WSDL URL to clipboard
Configuring WebSeriveConsumer component
Setting up the Security Configurations in WebServiceConsumer component, corresponding to the WSStub security configurations, is essential to access the webservice. To configure the component, perform the following actions:
- Drag the WebserviceConsumer component from the WebService category in the Micro Service Palette to the Fiorano Orchestrator.
Figure 14: Adding WebServiceConsumer to Orchestrator
- Double-click the WebserviceConsumer component in the orchestrator to open Configuration Property Sheet (CPS).
- In the Managed Connection Factory, click WSDL Ellipsis button. In Wsdl dialog box, paste the copied WSDL URL in the URL text field and click OK.
Figure 15: Pasting the copied WSDL URL
- Click Next. In the Interaction Configurations page, click WebService Operation Ellipsis button and select the operation with prefix 'Auto_created_Operation' from OperationName dialog box. Click OK to configure Web Service Security settings.
Figure 16: Selecting Auto created operation
- To verify username and password, UsernameToken action must be enabled in WSConsumer too (as configured in WSStud). So, scroll down the screen and provide the following values under Security – Request section:
- UsernameToken WS-Security (Request): Select this check box to enable adding of the respective action to security header.
User, Password Callback class (Request) and Password type: Same values as used in Response WS-Security section mentioned in the WSStub Configuration section, that is, fiorano, PWCallback and PasswordText respectively.
Figure 17: Security Request settings
- Scroll further down the screen and provide the following values under Security – Response section:
- Select UsernameToken WS-Security (Response) check box.
- Password Callback Class (Response): Same value as used in Password Callback class (Request) section above, that is, PWCallback .
- Select Is Password Required checkbox.
Figure 18: Security Response settings
- Click Finish in the Interaction Configurations panel to save WebServiceConsumer component configuration.
Composing the Event Process and Configuring Feeder component
Drag a Feeder component and Display component from Util category in the Micro Service Palette to the WSSecurity_Example Fiorano Orchestrator.
- Connect the components in the below manner:
- Feeder output port to WebServiceConsumer input port.
- WebServiceConsumer output port to Display input port.
Figure 19: Connecting Feeder and Display to WebServiceConsumer component
- Double-click Feeder component and perform the following actions to configure it:
- In the Message Type Configuration page, retain Output Message Format option as 'XML' and click the Connected Port Schemas button.
In the Connected ports dialog box, select IN_PORT to enable connection between output port of Feeder and input port of WebServiceConsumer component. Click OK and then click Next.
Figure 20: Enabling connection between input and output ports
- In the Message Details Configuration page, click the Generate Sample button to load sample input.
- Under No.of Repeatable elements to be generated section in the XSD Sample Generation Dialog window, replace max value '3' with '1' so that only one output is generated, and click OK.
Figure 21: Reducing maximum number of output to '1'
- Click Finish to save Feeder configuration.
Figure 22: Loading Sample Input
Running the Example
To run the example, perform the following actions in the WSSecurity_Example event process:
- Click Synchronize Event Process icon to apply the modifications made to the event process that is already running. Two windows get opened for Feeder and Display components.
- In the Feeder, click the Send button to send the message "Input".
Figure 23: Sending message from Feeder
- In the Display window, click the second tab () at the lower-left part of the window.
UsernameToken header indicates that Username Token security action is enabled on response in WSStub with the username and password configured and that WebserviceConsumer authenticates using values provided under Security-Response. PartName1 'SecureACK' can also be found.
Figure 24: Message received in Display with the UsernameToken header and PartName1
Reference
Please note that the component options used in this example are specific to WS-Security. To explore other options present in WSStub and WebServiceConsumer components, refer the sections WSStub and WebServiceConsumer4.0 respectively.