Sun OpenSSO Enterprise 8.0 Developer's Guide

ProcedureTo Invoke the Custom Service

Web service clients can access the custom web service by discovering the web service's end point and using the required credentials. This information is stored by the OpenSSO Enterprise Discovery Service. There are two ways in which a client can authenticate to OpenSSO Enterprise in order to access the Discovery Service:

In the following procedure, we use the Liberty ID-WSF client API to invoke the web service.

Note –

The code in this procedure is used to demonstrate the usage of the Liberty ID-WSF client API. More information can be found in the Sun OpenSSO Enterprise 8.0 Java API Reference.

  1. Write code to authenticate the WSC to the Liberty ID-WSF Authentication Service of OpenSSO Enterprise.

    The sample code below will allow access to the Discovery Service. It is a client-side program to be run inside the WSC application.

    public class StockClient {
        public SASLResponse authenticate(
            String userName,
            String password,
            String authurl) throws Exception {
            SASLRequest saslReq =
                            new SASLRequest(AuthnSvcConstants.MECHANISM_PLAIN);
            SASLResponse saslResp = AuthnSvcClient.sendRequest(saslReq, authurl);
            String statusCode = saslResp.getStatusCode();
            if (!statusCode.equals(SASLResponse.CONTINUE)) {
                    return null;
            String serverMechanism = saslResp.getServerMechanism();
            saslReq  = new SASLRequest(serverMechanism);
            String dataStr = userName + "\0" + userName + "\0" + password;
            saslResp = AuthnSvcClient.sendRequest(saslReq, authurl);
            statusCode = saslResp.getStatusCode();
            if (!statusCode.equals(SASLResponse.OK)) {
                return null;
            return saslResp;
  2. Add code that will extract the Discovery Service information from the Authentication Response.

    The following additional code would be added to what was developed in the previous step.

    ResourceOffering discoro = saslResp.getResourceOffering();
              List credentials = authnResponse.getCredentials();
  3. Add code to query the Discovery Service for the web service's resource offering by using the Discovery Service resource offering and the credentials that are required to access it.

    The following additional code would be added to what was previously developed.

    RequestedService rs = new RequestedService(null,
                  List rss = new ArrayList();
                 Query  discoQuery = new Query(discoro.getResourceID(), rss);
                 DiscoveryClient discoClient = null;
                 discoClient = new DiscoveryClient(secAssertion, serviceURL, null);
                 QueryResponse queryResponse = discoClient.getResourceOffering(discoQuery);
  4. The discovery response contains the service's resource offering and the credentials required to access the service.

    quotes contains the response body (the stock quote). You would use the OpenSSO Enterprise SOAP API to get the body elements.

     List offerings = discoResponse.getResourceOffering();
              ResourceOffering stockro = (ResourceOffering)offerings.get(0);
              List credentials = discoResponse.getCredentials();
              SecurityAssertion secAssertion = null;
              if(credentials != null && !credentials.isEmpty()) {
                 secAssertion = (SecurityAssertion)credentials.get(0);
              String serviceURL = ((Description)stockro.getServiceInstance().
              QuoteRequest req = new QuoteRequest(symbol,
              Element elem =  XMLUtils.toDOMDocument(
                  req.toString(), debug).getDocumentElement();
              List list = new ArrayList();
              Message msg = new Message(null, secAssertion);
              Message response = Client.sendRequest(msg, serviceURL, null, null);
              List quotes = response.getBodies();