This post explains step by step how to protect a web service using HTTP basic authentication and how to consume it from a java client.
- Create a dummy web service
package com.ws;
import javax.jws.WebService;
import javax.jws.WebMethod;
import javax.jws.WebParam;
/**
*
* @author Camiloh
*/
@WebService(serviceName = "DummyService")
public class DummyService {
/**
* This is a sample web service operation
*/
@WebMethod(operationName = "hello")
public String hello(@WebParam(name = "name") String txt) {
return "Hello " + txt + " !";
}
}
- Configure HTTP basic authentication in the web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
version="3.0">
<security-constraint>
<display-name>Constraint-0</display-name>
<web-resource-collection>
<web-resource-name>Constraint-0</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>test</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
<security-role>
<role-name>test</role-name>
</security-role>
<session-config>
<session-timeout>
30
</session-timeout>
</session-config>
</web-app>
- Deploy the service in Websphere
 |
- Verify that the service is protected; try to see the wsdl URL.
The wsdl is path is protected
- Now, we need to create a valid user with role test (see web.xml)
- Map the user with the service and the role that is required to consume the service.
- Restart websphere then verify the user; try to see the wsdl URL.
- Create the web service client with AXIS
Create an empty project, add axis dependencies to the project classpath and let axis work for us.
You need these jars:
use axis to generate the client
- Verify the classes
- Now create a client and a test case for the secure web service.
Client.java
package com.client;
/**
* This is a Singleton class that consumes a web service with HTTP basic authentication
*
* @author CamiloH
*/
public class Client {
private DummyServicePortBindingStub port;
private DummyService_ServiceLocator service;
private Client() {
}
/**
* This is an example of service operation
*/
public String sayHello(String wsdlURL, String username, String password) {
try {
service = getService();
service.setDummyServicePortEndpointAddress(wsdlURL);
port = (DummyServicePortBindingStub) service.getDummyServicePort();
setBasicAuth(username, password);
String response = port.hello("Camilo");
return response;
} catch (Exception ex) {
ex.printStackTrace();
throw new RuntimeException();
}
}
/**
* This method is in charge of set user name and password for HTTP basic authentication
*/
private void setBasicAuth(String username, String password) {
((javax.xml.rpc.Stub) port)._setProperty(
javax.xml.rpc.Stub.USERNAME_PROPERTY, username);
((javax.xml.rpc.Stub) port)._setProperty(
javax.xml.rpc.Stub.PASSWORD_PROPERTY, password);
}
public static Client getInstance() {
return ClientHolder.INSTANCE;
}
private DummyService_ServiceLocator getService() {
return service == null ? service = new DummyService_ServiceLocator() : service;
}
private static class ClientHolder {
private static final Client INSTANCE = new Client();
}
}
TestClient.java
import com.client.Client;
import org.junit.Before;
import org.junit.Test;
import static org.junit.Assert.*;
/**
*
* @author CamiloH
*/
public class TestClient {
public TestClient() {
}
@Before
public void setUp() {
}
@Test
public void testHelloClient() {
try {
String response = Client.getInstance().sayHello("http://localhost:9081/HelloWorldWS/DummyService?wsdl", "test", "12345");
System.out.println(response);
} catch (Exception e) {
fail();
}
}
}
- Finally, test your client
You are welcome to post your comments regarding this subject.
Regards.
No hay comentarios:
Publicar un comentario