...
- If the web service is secured using basic authentication, then the details of the basic authentication should be provided in the Call Properties property during execution time.
- When using WS-Security, the Password Callback class should be the fully qualified name of the class.
- The order in which the WS-Security tokens are specified are is important and should be the order in which they are specified at the web service.
- This component supports only WSDL files which are compliant to with WS-I Basic Profile 1.0.
- To pass HTTP headers to the web service, the input message should contain properties with the header name prefixed with http_. Example http_Content-Type.
- To pass the attachment path to the WSInvoker component while passing attachments, the user need to add attribute "isUrl" manually to the attachment element and set it to true.
- Type can be specified by an attribute "type".
...
This property specifies the WSDL location. WSDL can be specified in the form of URL or File or it can be selected from the UDDI registry.
Figure 3: WSDL input dialog box
...
- General
- Call and Addressing
- JMS Transport Settings
- Security - Request
- Security - Response
- Reliable Messaging
- Soap Compression
The properties present under in each section is explained in the below sections.
...
Figure 5: The Webservice Operation Properties under the General section
WSDL Port
This property specifies the WSDL Port. Once the WSDL Operation is selected, this property will be automatically populated
...
This property specifies the Web service operation. The WSDL operations specified in the WSDL provided in the Managed Connection Factory panel will be shown by clicking the eclipse. Once the operation gets selected, the properties WSDL Service, WSDL Port, Endpoint Address, Input parameter and Output parameter will be populated by the respective values.
...
This property specifies the Endpoint Address for the Web service operation. Once the WSDL Opration opration is selected, this properety will be automatically populated
...
If WSDL has JMS properties at URI specified in the endpoint element's address attribute or properties set on endpoint/service/binding, then Enable JMS Transport is automatically set after Webservice operation is selected and some fields in JNDI Settings, Connection configuration, Destination configuration are loaded based on properties set in WSDL. If pre-loaded settings are manipulated, then modified details will be used for setting up connection. If named configurations are already in use for JNDI or configurations of Destination, Connection and Producer then on selecting webservice the webservice operation settings will not be pre-loaded, in this case, details should be manually entered.
...
- JNDI Configuration
- Connection Configuration
- Destination Configuration
- Producer Configuration
Each one of the above are is explained in the sections below sections.
JNDI Configuration
Click the ellipsis button to configure the properties.
...
Automatically loads value from property jndiInitialContextFactory in wsdl the WSDL on selecting webservice the webservice operation. If this field is modified, then updated InitialContextFactory is used to create JMS Connection
...
Context parameters in WSDL are loaded here. If parameters are specified at endpointURI the endpointURI level, then all properties with 'jndi-' as a prefix in their names are loaded here.
...
Automatically loads value from property jnduURL in wsdl the wsdl on selecting webservice the webservice operation
CF lookup name
Automatically loads value from property jndiInitialContextFactory in wsdl the wsdl on selecting webservice the webservice operation
JMS username
Enter JMS username.
...
Automatically loads value from wsdlWSDL. In case of modification, a request is sent to to the updated destination.Response is The response is listened on a temporary destination which will be deleted after the shutdown of the component.
Destination Type
If jmsVariant is 'jndi', a request is sent irrespective of destination type provided here. If jmsVariant is either 'Topic' or 'Queue', then set destination type used to create JMS Connection.
...
- PERSISTENT
Instructs the JMS provider to take extra care to ensure that a message is not lost in transit in case of a JMS provider failure. A message sent with this delivery mode is logged to stable storage when it is sent. - NON-PERSISTENT
The NON_PERSISTENT delivery mode does not require the JMS provider to store the message or otherwise guarantee that it is not lost if the provider fails.
...
The time to live (in milliseconds) of the message to be sent to the destination. After the timeout, the message will be discarded.
...
Figure 12: Call and addressing properties
SOAPBody Namespace
This property specifies the SOAP Body namespace. Once the WSDL Opration Operation is selected, this properety will be automatically populatedproperty gets filled automatically.
Call Properties
Advanced properties which can be used to optimize and change the behavior SOAP Invocation Call. The description for the axis call properties can be find found at http://ws.apache.org/axis/java/apiDocs/org/apache/axis/client/Call.html
Enable WS-Addressing
If this property is selected, it enables the support for WS-Addressing headers. The input and and output schema contain WS-Addressing headers.
Figure 13: Properties for WS-Addressing
Authentication Type
This Property defines the Authentication Type used while invoking a Webservice. Supports NTLM and Basic.
...
Figure 14: Security - Request Properties
UsernameToken WS-Security (Request)
...
If the web service performs UsernameToken identification for the request, then this property should be enabled. Username and password values are added to the message headers.
Order of UsernameToken (Request)
...
Determines the order of the UsernameToken security function. The order of a security function determines when this function will be applied when multiple security functions are being used.
User
...
This property is used as the username for the UsernameToken security function. It is also used as the alias name in the keystore to get user's certificate or private key to perform signing for the Signature security function in case of "Signature User" is null and "Signature WS-Security (Request)" is set to yes. It is also used as the fallback for the encryption security function in case of "Encryption User" is null and "Encryption WS-Security (Request)" is set to yes.
Password Callback class (Request)
...
This is needed by the security functions to get the password and to verify the username/password pair. The password callback class should implement javax.security.auth.callback.CallbackHandler class. This Password Callback class should be the fully qualified name of the class. The jar which contains the password callback class should be added as a resource to the component. Password callback class is not required if the Password Type is selected as PasswordNone
Password type
...
The Password type specifies how the client sends the password value to the server.
- PasswordText: Password is sent in raw text format
with in - within the security header of the soap request.
- PasswordDigest: Password is sent in digest format
with in - within the security header of the soap request.
- PasswordNone: No password will be
send - sent in the security header. This option is useful when the user wants to specify the username without any password.
Nonce Security element
...
Specifies whether to use nonce element in the security header or not. When UsernameToken security function is used, then nonce security element can be employed to prevent message replay attacks. A nonce is a random value that the client creates to include in each UsernameToken that it sends. Although using a nonce is an effective countermeasure against replay attacks, it requires the server to maintain a cache of used nonces, consuming server resources.
Created Security element
...
Specifies whether to use Created element in the security header or not. This element denotes the time of creation of a nonce. Combining a nonce with a creation timestamp has the advantage of allowing a server to limit the cache of nonces to a "freshness" time period, establishing an upper bound on resource requirements.
Timestamp WS-Security (Request)
...
If this property is set,
...
a timestamp will be added as security header in the soap request. In this case, the message is valid
...
for 5 minutes or 300 seconds after the creation of the message.
Precision in Milliseconds (Request)
...
If this is set, timestamps will have precision in milliseconds. Otherwise, it will be seconds.
Timestamp format (Request)
...
Timestamp format in WS-Security request header for Timestamp.
Time To Live
...
The time difference between creation and expiry time in the WSS Timestamp. This should be specified in seconds.
Order of Timestamp (Request)
...
Specifies the order of the Timestamp security function. The order of a security function determines when this function will be applied when multiple security functions are being used.
Encryption WS-Security (Request)
...
This property can be set to perform encryption on the entire soap message or some parts of the soap message.
Order of Encrypt (Request)
...
Specifies the order of the Encrypt security function. The order of a security function determines when this function will be applied when multiple security functions are being used.
Encryption User
...
Username for the encryption function. The encryption function uses the public key of this user's certificate. If this parameter is not set, then the encryption function falls back to the "User" parameter to get the certificate. The encrypt function will not authenticate the user. So there is no need to set any password call back class for encrypt.
Encryption Properties filename (Request)
...
The name of the crypto property file to use for SOAP Encryption. If this parameter is not specified and if both "Signature Properties filename (Request)" and "Signature WS-Security (Request)" are set, then the encryption function uses a signature property file. Otherwise, the handler throws an AxisFault.
...
| Code Block | ||
|---|---|---|
| ||
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto. |
...
Merlin org.apache.ws.security.crypto.merlin.file=C: |
...
\\ |
...
Desktop\\ |
...
fiorano. |
...
jks org.apache.ws.security.crypto.merlin.keystore.type= |
...
jks org.apache.ws.security.crypto.merlin.keystore.password= |
...
fiorano org.apache.ws.security.crypto.merlin.keystore. |
...
private.password=fiorano org.apache.ws.security.crypto.merlin.keystore.alias |
...
=fiorano |
Description for each property in the sample above:
- org.apache.ws.security.crypto.provider: implementation class for security providerImplementation class for the security provider. Fiorano internally uses bouncycastleuses bouncycastle, to use the same this property must be set to "org.apache.ws.security.components.crypto.Merlin". To use other providers, the provider jar has to be added as a resource for this component and fully qualified name of appropriate provider must be placed in '%FIORANO_HOME%\esb\server\jetty\fps\webapps\bcwsgateway\WEB-INF\lib' and the fully qualified name of the appropriate provider class has to be set for this property.
- org.apache.ws.security.crypto.merlin.file: The path to the keystore filethe keystore file.
- org.apache.ws.security.crypto.merlin.keystore.type: The keystore type, for example JKS for The keystore type, for example, JKS for the Java key store. Other keystore type Other keystore types, such as pkcs12 are also pkcs12 are also possible but depend on the actual Crypto implementation.
- org.apache.ws.security.crypto.merlin.keystore.password: The password to read the keystorethe keystore. If this property is not set, then the pwcallbackproperty must the pwcallbackproperty must be defined.
- org.apache.ws.security.crypto.merlin.keystore.alias: The alias name under which the private key/certificate stored in keystore in keystore
- org.apache.ws.security.crypto.merlin.alias.password: Password for private key/certificate inside keystore stored inside keystore stored under given alias (not used for encryption)
Encryption Parts
...
The parameter specifies which parts of the request shall be encrypted. The value of this parameter is a list of semi-colon separated element names that identify the elements to encrypt. An encryption mode specifier and a namespace identification, each inside a pair of curly brackets, may preceed each element name. The encryption mode specifier is either {Content} or {Element}. 'Element' encryption mode will encrypt the entire element including start and end tags. 'Content' encrypt mode will encrypt only the content of the
...
specified element. The default encryption mode is 'Content'. For example, if we set "{Element}{http://example.org/paymentv2\}CreditCard;{}{}UserName" list to this property, then the first entry of the list identifies the element CreditCard in the namespace http://example.org/paymentv2, and will encrypt the entire element. In the second entry, the encryption modifier and the namespace identifier are omitted. In this case, the encryption mode defaults to Content and the namespace is set to the SOAP namespace. The element name, the namespace identifier, and the encryption modifier are case sensitive. To specify an element without a namespace use the string Null as the namespace name (this is a case-sensitive string) If no list is specified, the handler encrypts the SOAP Body in Content mode by default.
Encryption Key Identifier
...
Select the key identifier type to use.
- DirectReference: The security function takes the signing certificate, converts it to a BinarySecurityToken, puts it in the security header. Thus the whole signing certificate is transferred.
- X509KeyIdentifier: The encryption method uses the public key associated with this certificate to encrypt the symmetric key used to encrypt data. The certificate is converted into a KeyIdentfier token and sent to the server. Thus the complete certificate data is transferred.
- SKIKeyIdentifier: The security function uses SKIKeyIdentifier.
- IssuerSerial: The encryption method uses the public key associated with this certificate to encrypt the symmetric key used to encrypt data. The issuer name and the serial number of the signing certificate are sent to the server.
Signature WS-Security (Request)
...
If this security function is selected the digest of the message is created and encrypted before sending. The property "User" must be specified to get the private key/certificate of the respective user from the keystore for signing.
Order of Signature (Request)
...
Specifies the order of the Signature security function. The order of a security function determines when this function will be applied when multiple security functions are being used.
Signature User
...
This name is used as the alias name in the keystore to get user's certificate and private key to perform signing. If this parameter is not set, then the signature function falls back to the "User" parameter to get the certificate. Password for the user to get certificates from the keystore should be provided in the Password Callback class.
Signature Properties filename (Request)
...
The name of the crypto property file to use for SOAP Signature. Please see the description of "Encryption Properties filename" for the details of the properties file.
Signature Parts
...
The parameter specifies which parts of the request shall be signed. Please see the description of "Encryption Parts" for the syntax.
Signature
...
Algorithm (Request)
...
The parameter specifies signature
...
algorithm to be used. If an algorithm is not specified then the algorithm "http://www.w3.org/2000/09/xmldsig#rsa-sha1" will be used by default.
Canonicalization Method
...
The parameter specifies the canonicalization method to be used in the process of
...
signing the request. If no method is specified then the method "http://www.w3.org/2001/10/xml-exc-c14n#" will be used by default.
Signature Key Identifier
...
Select the key identifier type to use. Please see the description of "Encryption Key Identifier" for the descriptions of key identifiers.
SAML WS-Security (Request)
...
Select this property to perform SAML Token Identification.
Order of SAML (Request)
...
Specifies the order of the SAML security function. The order of a security function determines when this function will be applied when multiple security functions are being used.
Signed SAML (Request)
...
Specifies whether to use signed SAML or unsigned SAML. If Signed SAML is used, then the client performs two actions inserting a SAML Token (unsigned) and an associated Signature. So define both the actions SAML Unsigned and Signature at the server to resolve these security headers. If Signed SAML is used, the signature properties should be specified
...
without selecting the property "Signature WS-Security (Request)".
SAML Properties filename (Request)
...
The name of the SAML properties file. This file should be added as a resource to the component.The example properties file content:
| Code Block | ||
|---|---|---|
| ||
org.apache.ws.security.saml.issuerClass=org.apache.ws.security.saml. |
...
SAMLIssuerImpl org.apache.ws.security.saml.issuer.cryptoProp.file=crypto_wsc. |
...
properties org.apache.ws.security.saml.issuer.key.name= |
...
fiorano org.apache.ws.security.saml.issuer.key.password=fioranopassorg.apache.ws.security.saml.issuer= |
...
fiorano org.apache.ws.security.saml.subjectNameId.name=uid=mule,ou=people,ou= |
...
samldemo,o=example. |
...
com org.apache.ws.security.saml.subjectNameId.qualifier=www.example. |
...
com org.apache.ws.security.saml.authenticationMethod= |
...
password# org.apache.ws.security.saml.confirmationMethod= |
...
senderVouches org.apache.ws.security.saml.confirmationMethod=keyHolder |
Security - Response
Figure 15: Security - Response Properties
Ignore Order
If this is set, Order of Security actions will be ignored for the
...
incoming response.
UsernameToken WS-Security (response)
...
Determines whether the response from the server contains Username token headers or not.
Order of UsernameToken (response)
...
Determines the order of the Username Token security function. The order of a security function determines when this function will be applied when multiple security functions are being used.
Password Callback class (response)
...
This is needed by the security functions to get the password and to verify the username/password pair. The password callback class should implement javax.security.auth.callback.CallbackHandler class. This Password Callback class should be the fully qualified name of the class. The jar which contains the password callback class must be added as a resource to the component.
Is Password Required
...
This property should set to false if the Username security token is used without a password. No need to provide Password callback class if this property is set to no.
Timestamp WS-Security (response)
...
Specifies whether the soap response contains timestamp headers or not.
Precision in Milliseconds (response)
...
If this is set, timestamps will have precision in milliseconds. Otherwise, it will be seconds.
Timestamp Format (Response)
...
Timestamp format in WS-Security response header for Timestamp
Order of Timestamp (response)
...
Specifies the order of the Timestamp security function. The order of a security function determines when this function will be applied when multiple security functions are being used.
Encryption WS-Security (response)
...
Specifies whether the soap response or some parts of the soap response are encrypted or not. If this property is set then the client validates the user, so password callback class should be specified.
Order of Encrypt (response)
...
Specifies the order of the
...
encrypted security function. The order of a security function determines when this function will be applied when multiple security functions are being used.
Encryption Properties filename (response)
...
The name of the crypto property file to use for decryption of the soap response. If this parameter is not specified and if both the "Signature Properties filename (response)" and "Signature WS-Security (response)"
...
is set to yes, then the decryption function uses a signature property file. Otherwise, the handler throws an AxisFault. Please see the description of "Encryption Properties filename (Request)" for the details of the crypto properties file.
Signature WS-Security (response)
...
Specifies whether the soap response or some parts of the soap response are signed or not.
Order of Signature (response)
...
Specifies the order of the Signature security function. The order of a security function determines when this function will be applied when multiple security functions are being used.
Signature Properties filename (response)
...
The name of the crypto property file to use for SOAP Signature. Please see the description of "Encryption Properties filename (Request)" for the details of the properties file.
SAML WS-Security (response)
...
Specifies whether the soap response uses SAML Token Identification or not.
Order of SAML (response)
...
Specifies the order of the SAML security function. The order of a security function determines when this function will be applied when multiple security functions are being used.
Reliable Messaging
Figure 16: Reliable Messaging properties
Client port of WS-ReliableMessaging
...
Enables sending requests in the compressed form
Compression Soap Response
...
Transport Configurations panel is used to configure messaging properties when the component is configured in Scheduling mode, that is, when you select the Enable Scheduling check box checkbox in the Scheduler Configuration panel,.
...
| Anchor | ||||
|---|---|---|---|---|
|
The input schema is auto-generated based on the configuration provided. For the configuration shown above, the schema would be
When the property "Use Operation Details From Input" is set to true, we should provide the WSDL service, operation details in the input. If JMS Transport is enabled, properties pertaining to JMS Transport MUST be filled. If JMS Transport is enabled, then endpoint address can be left empty, as component takes details from filled properties, but if URL is specified, they should follow guidelines laid by Apache Axis If this property set to true, the input schema would be as below:
...
The output schema is auto-generated based on the configuration provided. For the configuration shown above, the schema would be as below.
Figure 22: Output schemaSchema
| Anchor | ||||
|---|---|---|---|---|
|
...
- Provide WSDL URL as http://www.webservicex.net/CurrencyConvertor.asmx?WSDL (sample wsdl WSDL used is present at this URL).
Figure 23: Providing WSDl WSDL URL
- To access sharepoint SharePoint webservices, provide authentication details of the Share Point Webserver as follows. In the MCF Panel, enable HTTP Authentication and provide Username and Password.
- Sample Username: demouser
- Sample Password: Templates
Figure 24: web service connection configuration to access share point web services
- In the Interaction Configurations panel, click the ellipsis button against "WebService Operation" property to select the WebService operation as shown below.
Figure 25: Selecting WedService Operation - After selecting the operation, click on ellipsis button against the Call Properties property to launch the Advanced Properties dialog box to add the username and password properties.
- To add username property, click Add button, select "javax.xml.rpc.security.auth.username" and provide value as demouser
- To add password, click Add button, select "javax.xml.rpc.security.auth.password" and provide value as Templates. The properties provided here will be set on the SOAP Invocation Call.
Figure 26: Providing WebService credentials
- To test the configuration, click Test button and then click the Execute button in the editor dialog box.
...
Invoking a web service operation using a WSDL from the following URL
http://www.webservicex.net/CurrencyConvertor.asmx?WSDL
Configure the Web Service Consumer component as described in Chapter 2 and use feeder the Feeder and display the Display component to send sample input and check the response respectively.
...
Figure 31: Sample WS-Security - Response configuration
Figure 32: Output in the Display window for the configuration in Figure 31
| Anchor | ||||
|---|---|---|---|---|
|
In a Salesforce Integreation Integration scenario, Salesforce updates are performed based on the details in the database.
The event process demonstrating this scenario is bundled with the installer.
Documentation of the scenario and instructions to run the flow can be found in the Help tab of flow when open in Studio.
...
- If the web service is secured using basic authentication, then the details of the basic authentication should be provided in the Call Properties property during execution time.
- When using WS-Security, the Password Callback class should be the fully qualified name of the class.
- The orders in which the WS-Security tokens are specified are important and should be the order in which they are specified at the web service.
- This component supports only WSDL files which are compliant to with WS-I Basic Profile 1.0.
- To pass http HTTP headers to the web service, the input message should contain properties with the header name prefixed with http_. Example http_Content-Type.
- To pass the attchment attachment path to the WSInvoker component while passing attachments, the user need to add attribute "isUrl" manually to the attachment element and set it to true. Type can be specified by an attribute "type".
...