Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
LAB-3410: Learn to Build Reliable and Secure Web Services using JAX-WS and WSIT
Carol McDonald
2
Learn how to develop reliable, secure, interoperable Web Services and clients using Metro and Netbeans
3
Sun’s Web Services Stack
Metro: JAX-WS + WSIT
JAXB = Java Architecture for XML Binding | JAX-WS = Java APIs for XML Web Services
NetBeans JAX-WS Tooling
TransactionsReliable-Messaging
Security
MetadataWSDLPolicy
Core Web Services
HTTP TCP SMTP
JAXB, JAXP, StaX
JAX-WS
WSIT
tools
transport
xml
4
How Hands-on Labs Work
• We will give a brief explanation of each lab exercise and a demo
• You will do the lab exercises on your own by reading the lab document > In the browser , or paper
• Feel free to ask questions, proctors are here to help
5
Lab Format
• “Free form” lab• This lab is for 120 mins• Lab setup• 4 Lab exercises:
> Exercise 1: Creating a Web Service > Exercise 2: Creating a Web Service Client> Exercise 3: Configuring WSIT Reliability in a Web Service> Exercise 4: Configuring WSIT Security in a Web Service
6
Exercise 0: Lab Setup
1. Install Java SE 6
2. Install NetBeans 6 w/ GlassFish
3. Copy 3410_metro.zip and unzip! Will create metro directory = <lab_root>! It contains the following:
! lab document index.html (same as paper)! Exercises, solutions directory
4.Create the database tables
5.Install Security Certificates in GlassFish
7
Agenda
• Exercise 1: Creating a Web Service• Exercise 2: Creating a Web Service Client• Exercise 3: Configuring WSIT Reliability in a Web
Service• Exercise 4: Configuring WSIT Security in a Web
Service
8
Developing a Web Service Starting with a Java class
war or ear
@WebServicePOJO Implementation classServlet-based or Stateless Session EJBOptional handler classes
Packaged application (war/ear file)
You develop
Service contractWSDL
Deploymentcreates JAXB and JAX-WS files needed for the service
9
Example: Servlet-Based Endpoint
@WebService
public class Catalog { public List<Item> getItems(int firstItem, int batchSize) { .... return q.getResultList(); }}
• All public methods become web service operations
• WSDL/Schema generated at deploy time automatically
• Default values for WSDL service name, etc.
10
Service Description default mapping Java mapping -> WSDL:
public class Catalog{ public List<Item> getItems(int firstItem,
int batchSize){ ... }}
<portType name="Catalog"> <operation name="getItems"> <input message="tns:getItems"/> <output message="tns:getItemsResponse"/> </operation></portType> PORT TYPE = ABSTRACT INTERFACE
OPERATION = METHOD
MESSAGE = PARAMETERS AND RETURN VALUES
11
Demo Creating a Web Service
12
Agenda
• Exercise 1: Creating a Web Service• Exercise 2: Creating a Web Service Client• Exercise 3: Configuring WSIT Reliability in a Web
Service• Exercise 4: Configuring WSIT Security in a Web
Service
13
Client-Side Programming
wsimport tool
@WebService
Dynamic Proxy
Service contractWSDL
Generates
You develop Client which calls proxy
14
Example: JSF Managed Bean WS Client
No Java Naming and Directory Interface™ API !
public class ItemController {
@WebServiceRef(wsdlLocation = "http://.../CatalogService?wsdl")
private CatalogService service;
public DataModel getNextItems() {
Catalog port = service.getCatalogPort();
List<Item> result = port.getItems(arg0, arg1);
. . .
}
}
Get Proxy Class
Business Interface
Factory Class
15
WSDL Elements/Java Mapping
Service
Port
PortType Binding
1
..n
11
1..n
Types
1..n
Catalog
Method
Parameters
Operation
Message
Factory ClassCatalogService
CatalogPort
Proxy
Business Interface
16
Demo Creating a Web Service Client
17
Agenda
• Exercise 1: Creating a Web Service• Exercise 2: Creating a Web Service Client• Exercise 3: Configuring WSIT Reliability in a Web
Service• Exercise 4: Configuring WSIT Security in a Web
Service
18
WS-ReliableMessaging
Client Endpoint
RMSource RMDestination
JAX-WS/WCF ServerRuntime
JAX-WS/WCF Client Runtime
Application Message
Ack Protocol Message
bufferbuffer
> RMSource handles sending and re-sending> RMDestination handles reconstructing the stream of messages
19
Configuration with NetBeans
20
Demo Configuring WSIT Reliability in a Web Service
21
Agenda
• Exercise 1: Creating a Web Service• Exercise 2: Creating a Web Service Client• Exercise 3: Configuring WSIT Reliability in a Web
Service• Exercise 4: Configuring WSIT Security in a Web
Service
22
Digital Certificate Identity data signed by a Certification Authority. Provides a
Trusted source of identification.
Version #
Serial #
Signature Algorithm
Issuer Name
Validity Period
Subject Name
Subject Public Key
Issuer Unique ID
Subject Unique ID
Extensions
Digital Signature
X.509 Certificate
Digital ID
• Electronic Proof of Identity
• Issued and signed by Certifying Authority
• Public, Private keys
• Makes security protocols work
•SSL
CA Authorized
23
Encryption
Public
Encryption
Original
DocumentEncrypted
DocumentPrivate
Decryption
Original
DocumentSender Receiver
Receiver
PublicKey
ReceiverPrivateKey
• XML Encryption (data confidentiality)• Only the private key can decrypt
Asymmetric keys
24
Digital Signature
Private
Encryption
XML
dataSignature Public
Decryption
XML
data
Receiver
Transform Transform
Sender
Sender's PrivateKey
Sender's PublicKey
• XML Signature (data integrity)• Bind the sender’s identity to an XML document
25
WS-Security: SOAP Message Security
• WS-Security defines:• Encrypting and signing message
parts: • XML Signature and XML
Encryption in SOAP Header
• How to pass security tokens
• (token=security information identifies the msg sender)• UserName/Password token
• X.509 certificates
• SAML
• Kerberos tickets
SOAP Envelope
SOAP Envelope Header
SOAP Envelope Body
WS-Security Header
SecurityToken
Business Payload
26
WS-security example<?xml version="1.0" encoding="utf-8"?>
<SOAP:Envelope xmlns:SOAP="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<SOAP:Header>
<wssec:credentials xmlns:wssec="http://schemas.xmlsoap.org/ws/2001/10/security">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="SigningCertificate">
<ds:X509Data>
<ds:X509Certificate>MIIH1zCCBr+gAwIBA...</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</wssec:credentials>
<wssec:integrity xmlns:wssec="http://schemas.xmlsoap.org/ws/2001/10/security">
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI=""/>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>j6lwx3rvEPO0vKtMup4NbeVu8nk=</DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>aiYECAxNqK2PivQaRweWajXup5zJa...</ds:SignatureValue>
<ds:KeyInfo> <wsse:SecurityTokenReference>
<wsse:Reference URI="#wssecurity_binary_security_token_id_1603"/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wssec:integrity>
</SOAP:Header>
27
web services client
SOAPclient
signed &encrypted
data
web services server
SOAPserver
SOAPservice
request data
response data
security serversignature validation
authentication authorization
authorization
https/ssl(optional)
dataencryption
digitalcertificate
digitalcertificatetoken
requestdata
datadecryption/encryption
validation
Mutual Certificates Security
authentication
28
• WS-Trust framework for:> Issue, Validate, security tokens used by WS-Security
> Establish and broker trust relationships
Trust
29
• How to Establish a Secure SESSION> For multiple message exchanges
> Create shared symmetric session key
> Optimizes processing
WS-SecureConversationOptimized Security
security context token
Use generated symmetric session key
30
Configuration with NetBeans
31
Demo Configuring WSIT Security in a Web Service
32
Summary
• Metro Integrated with GlassFish Application Server> JAX-WS
!easier to use and more powerful than JAX-RPC
!part of the Java EE 5 and Java SE 6 platforms
!Layered design hides the complexity– Extensible at the protocol and transport level
> WSIT!Makes Metro interoperable with other WS-*
stacks
!No new APIs , easy with NetBeans plugin
33
For More Information
! METRO! http://metro.dev.java.net
! JAX-WS! http://jax-ws.dev.java.net! http://www.netbeans.org/kb/60/websvc/jax-ws.html
! WSIT! http://wsit.dev.java.net! https://wsit-docs.dev.java.net/releases/1-0-
FCS/index.html
! Glassfish! http://glassfish.dev.java.net! http://blogs.sun.com/theaquarium/
! Carol McDonald's blog! http://weblogs.java.net/blog/caroljmcdonald/
34
LAB-3410: Learn to Build Reliable and Secure Web Services using JAX-WS and WSIT
Carol McDonald, Fabian Ritzmann, Martin Grebac