Authentication against the SOAP API, in the Java client relies on the code defined in the OvmWsSoapClient class, which uses the packaged Oracle VM Manager Web Service libraries contained in the wsclient.jar file:
...
public class OvmWsSoapClient implements OvmWsClient
{
...
@Override
public boolean initialize(final String hostname, final String port,
final boolean secure) throws MalformedURLException
{
this.hostname = hostname;
this.port = port;
if (secure)
{
protocol = SECURE_PROTOCOL;
}
else
{
protocol = INSECURE_PROTOCOL;
}
// Get a handle to the OvmApi Service
final OvmApi_Service service =
new OvmApi_Service(new URL(
protocol + "://" + hostname + ":" + port + "/ovm/core/wsapi/soap"));
api = service.getOvmApiPort();
// Configure the client to maintain the session across multiple API
// calls
((BindingProvider) api).getRequestContext().put(
BindingProvider.SESSION_MAINTAIN_PROPERTY, true);
return true;
}
...
@Override
public boolean login(final String username, final String password,
final Locale locale) throws WsException
{
try
{
final SessionProperties props = new SessionProperties();
props.setLocale(locale.toString());
return api.login(username, password, props);
}
catch (final WsException_Exception ex)
{
throw convertException(ex);
}
}
...
}Two methods are described here. The first sets up the handle that is used throughout your code to access the SOAP API and maintains session information across the application's runtime. The second method actually starts the session and uses the methods provided in the Oracle VM Manager Web Services Client library to handle authentication.
Now in the WsDevClient class all we need to do is call this method:
...
public class WsDevClient
{
...
public void run()
{
try
{
...
api = OvmWsClientFactory.getOvmWsClient(wsimpl);
...
// Authenticate with the OvmApi Service
api.login(username, password, Locale.getDefault());
...
}
...
}There are a few things to note about how this has been implemented in the sample client. The first point is that we refer to the OvmWsClientFactory class to determine whether we are using the REST client or the SOAP client, using the string variable 'wsimpl'. This class allows us to use the same demo code to show both APIs. It contains a switch statement that sets up the appropriate client object:
switch (implementation)
{
case SOAP:
return new OvmWsSoapClient();
case REST:
return new OvmWsRestClient();
}
A final thing to note, is that the call to the login method
provides some preset variables. In fact, the
com.oracle.ovm.mgr.ws.sample package also
includes a properties file:
WsDevClient.properties. This file
contains the default values for many of the variables
referenced throughout this guide. For the sample code to work
according to the specifics of your own environment, many of
these variables must be overridden. Instructions for handling
variable overriding are provided in the comments of this
properties file itself.
What about Certificate-based Authentication?
Since the code in the SDK does not assume that you have set up user certificates, there are no examples showing how to authenticate using a signed SSL certificate. However, all that is required for this to happen is for you to use the certificate for all SOAP requests in your session. In Java, the easiest way to do this is to ensure that you have the certificate and its associated key stored in a keystore file. You can then use the keystore to load your key manager and trust manager that can be used to initialize an SSL context that is used for all connections.
The following example code, should help to get you started. It has been stripped of any error handling that may obfuscate what is required. This code expects the following variables to be initialized:
File keystoreFile; // A file representing the location of the KeyStore
char[] keystorePassword; // The KeyStore password
char[] keyPassword; // The key password - if you didn't specify one when creating your
// key, then use the keystorePassword for this as wellThe code required to use this keystore to initialize an SSL context follows:
// Load your keystore
FileInputStream stream = new FileInputStream(keystoreFile);
KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
keystore.load(stream, keystorePassword);
stream.close();
// Initialize the key manager from the keystore
KeyManagerFactory kmFactory =
KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
kmFactory.init(keystore, keyPassword);
KeyManager km[] = kmFactory.getKeyManagers();
// Initialize the trust manager from the keystore
TrustManagerFactory tmFactory =
TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmFactory.init(keystore);
TrustManager tm[] = tmFactory.getTrustManagers();
// Initialize an SSL context and make it the default for all connections
SSLContext ctx = SSLContext.getInstance("TLS");
ctx.init(km, tm, null);
SSLContext.setDefault(ctx);This code could be substituted in the WsDevClient class where the initial SSL context is set:
public void run() {
try {
// Configure the SSLContext with an insecure TrustManager
// This is done to avoid the need to use valid certificates in the
// development environment.
// This should not be done in a real / secure environment.
final SSLContext ctx = SSLContext.getInstance("TLS");
ctx.init(new KeyManager[0], new TrustManager[]{
new InsecureTrustManager()
}, new SecureRandom());
SSLContext.setDefault(ctx);
...
}