You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-dev@axis.apache.org by di...@apache.org on 2003/10/14 14:05:46 UTC
cvs commit: ws-axis/contrib/wss4j/samples/wssec/security readme Client.java Service.java clientsecuritydeploy.wsdd clientsecurityundeploy.wsdd securitydeploy.wsdd securityundeploy.wsdd serversecuritydeploy.wsdd serversecurityundeploy.wsdd
dims 2003/10/14 05:05:46
Added: contrib/wss4j/samples/wssec/security readme Client.java
Service.java clientsecuritydeploy.wsdd
clientsecurityundeploy.wsdd securitydeploy.wsdd
securityundeploy.wsdd serversecuritydeploy.wsdd
serversecurityundeploy.wsdd
Log:
******* WORK IN PROGRESS *******
Initial check-in of my sandbox for ws-security related code.
Revision Changes Path
1.1 ws-axis/contrib/wss4j/samples/wssec/security/readme
Index: readme
===================================================================
The security sample demonstrates how to use the Axis architecture to
add digital signatures to your application.
To run the sample,
1. Set up your CLASSPATH.
2. Start an Axis server.
3. Install the server side handler.
4. Run the client application.
1. Set up your CLASSPATH.
The CLASSPATH must contain: an XML parser (ie., Xerces), JUnit
(www.junit.org), xmlsec.jar (xml.apache.org/security/index.html),
xalan.jar (comes with xmlsec.jar, or xml.apache.org/xalan-j), log4j.jar
(comes with xmlsec.jar, or jakarta.apache.org/log4j), xml-apis.jar (comes
with xmlsec.jar), jce-jdk13-113.jar (www.bouncycastle.org), all the jars
in the lib directory, and the directory containing the samples
subdirectory.
1.5. NOTE: If the build you have wasn't built with security turned on, you
will have to build this sample by hand. From the samples/security
directory, simply run:
javac *.java
2. Start an Axis server.
To run the sample, you will first need to run a server. To run a very
simple server you could run, in a separate window:
java org.apache.axis.transport.http.SimpleAxisServer -p 8080
3. Install the server side handler.
You need to install the server's digital signature handler. To do this:
java org.apache.axis.client.AdminClient samples/org.apache.ws.security.wssec/security/securitydeploy.wsdd
4. Run the client application.
Finally, to run the client, run:
java org.apache.ws.security.wssec.security.Client -x
This sample also allows you to setup an Axis server to allow transparent
digital signature of all SOAP messages being processed by the server. To
enable this, in addition to step 3 above, do the following:
3.3. Install the client side handler.
On the client side, ClientSigningHandler is installed in the global
request chain. You must run the following command two directories above
the security sample directory:
java org.apache.axis.utils.Admin client samples/org.apache.ws.security.wssec/security/clientsecuritydeploy.wsdd
3.5. Install the server side handler: On the server side, LogHandler is
installed in the global request chain. You must run the following
command two directories above the security sample directory:
java org.apache.axis.client.AdminClient samples/org.apache.ws.security.wssec/security/serversecuritydeploy.wsdd
1.1 ws-axis/contrib/wss4j/samples/wssec/security/Client.java
Index: Client.java
===================================================================
/*
* The Apache Software License, Version 1.1
*
*
* Copyright (c) 2001-2003 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The end-user documentation included with the redistribution,
* if any, must include the following acknowledgment:
* "This product includes software developed by the
* Apache Software Foundation (http://www.apache.org/)."
* Alternately, this acknowledgment may appear in the software itself,
* if and wherever such third-party acknowledgments normally appear.
*
* 4. The names "Axis" and "Apache Software Foundation" must
* not be used to endorse or promote products derived from this
* software without prior written permission. For written
* permission, please contact apache@apache.org.
*
* 5. Products derived from this software may not be called "Apache",
* nor may "Apache" appear in their name, without prior written
* permission of the Apache Software Foundation.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*/
package wssec.security;
import org.apache.axis.MessageContext;
import org.apache.axis.client.Call;
import org.apache.axis.client.Service;
import org.apache.axis.message.SOAPBodyElement;
import org.apache.axis.message.SOAPEnvelope;
import org.apache.axis.utils.Options;
import org.apache.axis.utils.XMLUtils;
import org.apache.ws.security.WSSecurityEngine;
import org.apache.ws.security.message.WSEnvelopeBuilder;
/**
* Sample Client
* <p>
* @author Davanum Srinivas (dims@yahoo.com)
*/
public class Client {
/** Instance of the Security Engine */
static final WSSecurityEngine secEngine = new WSSecurityEngine();
/**
* Create a Call object by hand and sign the SOAP Message as well
* <p>
* @param args command line parameters
* @throws Exception Thrown when there are any problems
*/
public static void main(String[] args) throws Exception {
Options opts = new Options(args);
Service service = new Service();
Call call = (Call) service.createCall();
call.setTargetEndpointAddress(new java.net.URL(opts.getURL()));
SOAPEnvelope env = new SOAPEnvelope();
SOAPBodyElement sbe = new SOAPBodyElement(XMLUtils.StringToElement("http://localhost:8080/LogTestService", "testMethod", ""));
env.addBodyElement(sbe);
if (opts.isFlagSet('x') > 0) {
WSEnvelopeBuilder builder = new WSEnvelopeBuilder();
env = (SOAPEnvelope) builder.build(env);
}
System.out.println("\n============= Request ==============");
XMLUtils.PrettyElementToStream(env.getAsDOM(), System.out);
call.invoke(env);
MessageContext mc = call.getMessageContext();
System.out.println("\n============= Response ==============");
XMLUtils.PrettyElementToStream(mc.getResponseMessage().getSOAPEnvelope().getAsDOM(), System.out);
}
}
1.1 ws-axis/contrib/wss4j/samples/wssec/security/Service.java
Index: Service.java
===================================================================
/*
* The Apache Software License, Version 1.1
*
*
* Copyright (c) 2001-2003 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The end-user documentation included with the redistribution,
* if any, must include the following acknowledgment:
* "This product includes software developed by the
* Apache Software Foundation (http://www.apache.org/)."
* Alternately, this acknowledgment may appear in the software itself,
* if and wherever such third-party acknowledgments normally appear.
*
* 4. The names "Axis" and "Apache Software Foundation" must
* not be used to endorse or promote products derived from this
* software without prior written permission. For written
* permission, please contact apache@apache.org.
*
* 5. Products derived from this software may not be called "Apache",
* nor may "Apache" appear in their name, without prior written
* permission of the Apache Software Foundation.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*/
package wssec.security;
/**
* Sample Service
* <p>
* @author Davanum Srinivas (dims@yahoo.com)
*/
public class Service {
/**
* Test method that returns a hard-coded string
* <p>
* @return string
*/
public String testMethod() {
return "Hi, you've reached the testMethod.";
}
/**
* Add 2 integers and return the result.
* @param x
* @param y
* @return
* @throws Exception
*/
public int addInt(int x, int y) throws Exception {
return x + y;
}
}
1.1 ws-axis/contrib/wss4j/samples/wssec/security/clientsecuritydeploy.wsdd
Index: clientsecuritydeploy.wsdd
===================================================================
<deployment xmlns="http://xml.apache.org/axis/wsdd/"
xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
<globalConfiguration>
<requestFlow>
<!-- define the client Signing handler configuration -->
<handler type="java:org.apache.ws.security.WSSecuritySigningHandler">
</handler>
</requestFlow>
</globalConfiguration>
</deployment>
1.1 ws-axis/contrib/wss4j/samples/wssec/security/clientsecurityundeploy.wsdd
Index: clientsecurityundeploy.wsdd
===================================================================
<undeployment xmlns="http://xml.apache.org/axis/wsdd/"
xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
<globalConfiguration>
<requestFlow>
<!-- define the client Signing handler configuration -->
<handler type="java:org.apache.ws.security.WSSecuritySigningHandler">
</handler>
</requestFlow>
</globalConfiguration>
</undeployment>
1.1 ws-axis/contrib/wss4j/samples/wssec/security/securitydeploy.wsdd
Index: securitydeploy.wsdd
===================================================================
<deployment xmlns="http://xml.apache.org/axis/wsdd/"
xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
<!-- define the logging handler configuration -->
<handler name="track" type="java:org.apache.ws.security.WSSecurityVerifyHandler">
</handler>
<!-- define the service, using the log handler we just defined -->
<service name="http://localhost:8080/LogTestService" provider="java:RPC">
<requestFlow>
<handler type="track"/>
</requestFlow>
<parameter name="className" value="org.apache.ws.security.wssec.security.Service"/>
<parameter name="allowedMethods" value="*"/>
</service>
</deployment>
1.1 ws-axis/contrib/wss4j/samples/wssec/security/securityundeploy.wsdd
Index: securityundeploy.wsdd
===================================================================
<undeployment xmlns="http://xml.apache.org/axis/wsdd/"
xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
<!-- define the logging handler configuration -->
<handler name="track" type="java:org.apache.ws.security.WSSecurityVerifyHandler">
</handler>
<!-- define the service, using the log handler we just defined -->
<service name="http://localhost:8080/LogTestService" provider="java:RPC">
</service>
</undeployment>
1.1 ws-axis/contrib/wss4j/samples/wssec/security/serversecuritydeploy.wsdd
Index: serversecuritydeploy.wsdd
===================================================================
<deployment xmlns="http://xml.apache.org/axis/wsdd/"
xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
<globalConfiguration>
<requestFlow>
<!-- define the Server Signature Verification handler configuration -->
<handler name="track" type="java:org.apache.ws.security.WSSecurityVerifyHandler">
</handler>
</requestFlow>
</globalConfiguration>
</deployment>
1.1 ws-axis/contrib/wss4j/samples/wssec/security/serversecurityundeploy.wsdd
Index: serversecurityundeploy.wsdd
===================================================================
<undeployment xmlns="http://xml.apache.org/axis/wsdd/"
xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
<globalConfiguration>
<requestFlow>
<!-- define the Server Signature Verification handler configuration -->
<handler name="track" type="java:org.apache.ws.security.WSSecurityVerifyHandler">
</handler>
</requestFlow>
</globalConfiguration>
</undeployment>