This week's book giveaway is in the Cloud/Virtualization forum.
We're giving away four copies of Learning OpenStack Networking: Build a solid foundation in virtual networking technologies for OpenStack-based clouds and have James Denton on-line!
See this thread for details.
Win a copy of Learning OpenStack Networking: Build a solid foundation in virtual networking technologies for OpenStack-based clouds this week in the Cloud/Virtualization forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Liutauras Vilda
  • Campbell Ritchie
  • Tim Cooke
  • Bear Bibeault
  • Devaka Cooray
Sheriffs:
  • Jeanne Boyarsky
  • Knute Snortum
  • Junilu Lacar
Saloon Keepers:
  • Tim Moores
  • Ganesh Patekar
  • Stephan van Hulst
  • Pete Letkeman
  • Carey Brown
Bartenders:
  • Tim Holloway
  • Ron McLeod
  • Vijitha Kumara

Accessing Web Service from a Java Client  RSS feed

 
Ranch Hand
Posts: 116
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Good morning to all.......

I have a requirement to test the WS-Security of a web service running on WebLogic with a UserNameToken. The goal is assertaining if the service is setup properly and prevents any request without the correct UserNameToken. The secenario I see is something like a cactus scenario where I lookup the web service within the JNDI and pass a SOAP Message to the service. This would require me to develop a correct SOAP message. Some of the tools I am using are: Weblogic 8.1 with sp4 and WSAD 5.1.1. I am not allowed to change the configuration of the server by adding AXIS.

Can someone guide me in the right direction? I've spent most of a day surfing and looking at the available literature. However, most literature does not discuss security of web services as it is such a new topic with so many standards. My understanding is one of the best comprehesive book on web services "J2EE Web Services" by Richard Monson-Haefel does not even address security.

Thank you for any suggestions and comments.

Russ
 
Rancher
Posts: 42975
76
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Russell,
even though you may not be able to use Axis on the server, you can use its wsdl2java tool to create a client for test purposes (if you have a WSDL description of it, of course). Once you have a client, you can use tcpmon (a little GUI app that comes with Axis) to monitor what the client sends, and what the server responds with. It's a very handy tool, and I have used it for exactly that - testing what WS-Security does to the SOAP messages.
To set up security on the client side you can use the WSS4J package (see the Web Services FAQ linked in my signature for a few relevant links). It's not rocket science to set it up. Or maybe WebLogic or WebSphere have their own libraries that you can use.
 
Russell Ray
Ranch Hand
Posts: 116
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Ulf:

Thank you very much for your comments and suggestions. Excuse me if my question elementary, but I am so new to web services. You gave me some light at the end of the learning tunnel that I question my own ubderstanding. I know WSAD 5.1.1. is using AXIS for it's creation of a test client. Using WSAD, what you get are jsp's, a proxy server, and some more java code for running the service. Is this what you are referring to or does the AXIS implementation (using the wsdl) give you strickly a java client without jsps? Again, all I want to do is pass in a SOAP Message I've created and let the system handle the SOAP Message from there.

Thank you for the links and information again. I will definately finish reading them tonight preparing myself for the task at hand.

Russ
 
Ulf Dittmer
Rancher
Posts: 42975
76
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The wsdl2java creates only Java classes, including all the stubs and service locators needed to access a web service remotely. After that, one can slap a client around it with 10 lines of code or so.
I don't think the simplest possible SOAP-over-Java client will work with WSS4J, because WSS4J is based on JAX-RPC handlers. But JAX-RPC is just what wsdl2java generates, so if you get that to run you're good to go.
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!