Oracle® Fusion Middleware Federated Portals Guide for Oracle WebLogic Portal 10g Release 3 (10.3.6) E14235-07 |
|
|
View PDF |
To connect to servers configured for the two-way SSL communication, clients like Oracle Enterprise Pack for Eclipse and WSRP consumers must supply a certificate and a private key to the producers residing on these servers. These clients can provide certificates and private keys through SSL interceptors. This chapter describes how to configure SSL interceptors using Oracle Enterprise Pack for Eclipse. WSRP consumers can also use the interceptors discussed in this chapter.
For information about configuring two-way SSL, see http://download.oracle.com/docs/cd/E15523_01/apirefs.1111/e13952/taskhelp/security/ConfigureTwowaySSL.html
.
This chapter contains the following sections:
Section 19.2, "Configuring Producers to Use SSL for All Ports"
Section 19.3, "Configuring WebLogic Portal to Use Interceptors"
Section 19.4, "Configuring Oracle Enterprise Pack for Eclipse to use Interceptors"
This section describes how to create WSDL and SOAP SSL interceptors to enable clients like Oracle Enterprise Pack for Eclipse to connect to the servers that host producers and are configured for two-way SSL communication:
IWSDLInterceptor: Fetches the WSDL as well as imported WSDLs and XSDs from the producer.
ISOAPInterceptor: Used on all SOAP calls to the producer including non-markup, such as Service Description. .
To create these interceptors using Oracle Enterprise Pack for Eclipse (the IDE), perform the steps described in the following sections:
To create a Java project that you will use for WSDL and SOAP interceptors:
Start Oracle Enterprise Pack for Eclipse. You can run the executable file <MW_HOME>
/oepe_11gR1PS3/eclipse/eclipse.exe
. On Windows, you can also start the IDE from the Start menu by selecting Start > My Programs > Oracle WebLogic > Eclipse for WebLogic 10.3.6.
From the File menu, select New, then Java Project.
In the Create a Java Project dialog, enter a meaningful name for your project, for example Interceptors
, then click Next.
In the Libraries tab, click Add External JARs.
In the JAR Selection dialog, select the following JARs:
<MW_HOME>
/wlserver_10.3/server/lib/weblogic.jar
<MW_HOME>
/patch_wlp1032/patch_jars/wsrp-client.jar
Click Finish.
To create a Java package in which you will create a Java class for WSDL and SOAP interceptors:
In the Package Explorer, ensure that the appropriate project is active. In this example, the project is called Interceptors
.
From the File menu, select New, then Package.
In the New Java Package dialog box, in the Name field, enter com.bea.wsrp.qa.sampl
, and click Finish.
To create a Java class that implements the IWSDLInterceptor
and ISOAPInterceptor
methods:
In the Package Explorer, ensure that the package com.bea.wsrp.qa.sampl is selected.
From the File menu, select New, then Class.
In the Java Class dialog box, in the Name field, enter EchoWsdlSoapInterceptor
, and click Finish.
In the Package Explorer, under the Interceptor project, double-click EchoWsdlSoapInterceptor.java to open it, if it is not already open.
In the Javadoc tab for EchoWsdlSoapInterceptor.java
, add the sample code provided in Example 19-1.
Example 19-1 EchoWsdlSoapInterceptor
import java.io.File; import java.io.FileInputStream; import java.io.FileNotFoundException; import java.io.IOException; import java.io.InputStream; import java.net.HttpURLConnection; import java.net.Proxy; import java.net.URL; import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; import java.security.UnrecoverableEntryException; import javax.xml.namespace.QName; import weblogic.wsee.connection.transport.TransportInfo; import weblogic.wsee.connection.transport.https.HttpsTransportInfo; import weblogic.wsee.connection.transport.https.SSLAdapter; import weblogic.wsee.wsdl.WsdlException; import weblogic.net.http.HttpsURLConnection; //import com.bea.net.http.HttpsURLConnection; import com.bea.wsrp.consumer.soap.ISOAPInterceptor; import com.bea.wsrp.consumer.wsdl.IWSDLInterceptor; import com.bea.wsrp.consumer.wsdl.IWSDLRequestContext; import com.bea.wsrp.consumer.wsdl.IWSDLResponseContext; public class EchoWsdlSoapInterceptor implements IWSDLInterceptor, ISOAPInterceptor { private static final File CERT_FILE = new File("/home/nlipke/wl/src1034GA_wlp_16014jr/bea/user_projects/domains/cs2_domain/certfile.cer.pem"); private static final File KEY_FILE = new File("/home/nlipke/wl/src1034GA_wlp_16014jr/bea/user_projects/domains/cs2_domain/keyfile.key.pem"); private static final char[] PASSWORD = "password".toCharArray(); private static final QName WSDL_QNAME = new QName("http://schemas.xmlsoap.org/wsdl/", "definitions"); @Override public void postInvoke(IWSDLRequestContext requestCtx, IWSDLResponseContext responseCtx) throws IOException { System.out.println("postInvoke: " + requestCtx.getWsdlUrl()); printResponse(responseCtx, "postInvoke"); responseCtx.setV1MarkupPortUrl(null); responseCtx.setV1ServiceDescriptionPortUrl(null); responseCtx.setV1RegistrationPortUrl(null); responseCtx.setV1PortletManagementPortUrl(null); responseCtx.setV1WlpEntensionMarkupPortUrl(null); } private void printResponse(IWSDLResponseContext responseCtx, String method) { System.err.println(method + ": " + responseCtx.getV1MarkupPortUrl()); System.err.println(method + ": " + responseCtx.getV1ServiceDescriptionPortUrl()); System.err.println(method + ": " + responseCtx.getV1PortletManagementPortUrl()); System.err.println(method + ": " + responseCtx.getV1RegistrationPortUrl()); System.err.println(method + ": " + responseCtx.getV1WlpEntensionMarkupPortUrl()); System.err.println(method + ": " + responseCtx.getV2MarkupPortUrl()); System.err.println(method + ": " + responseCtx.getV2ServiceDescriptionPortUrl()); System.err.println(method + ": " + responseCtx.getV2PortletManagementPortUrl()); System.err.println(method + ": " + responseCtx.getV2RegistrationPortUrl()); System.err.println(method + ": " + responseCtx.getV2WlpEntensionMarkupPortUrl()); } @Override public PreInvoke preInvoke(IWSDLRequestContext requestCtx) throws IOException { String wsdlUrl = requestCtx.getWsdlUrl(); System.err.println("preInvoke: " + wsdlUrl); if (wsdlUrl.startsWith("http://")) { System.err.println("got one! " + wsdlUrl); wsdlUrl = wsdlUrl.replaceFirst("http://", "https://"); } wsdlUrl = wsdlUrl.replaceFirst("7001", "7002"); requestCtx.setWsdlUrl(wsdlUrl); System.err.println("preInvoke: " + wsdlUrl); requestCtx.setTransportInfo(getTransportInfo(wsdlUrl, WSDL_QNAME)); return PreInvoke.FETCH_WSDL; } @Override public OnWSDLException onWSDLException(IWSDLRequestContext requestCtx, IWSDLResponseContext responseCtx, WsdlException e) throws IOException { System.err.println("onWSDLException: " + requestCtx.getWsdlUrl()); e.printStackTrace(); printResponse(responseCtx, "onWSDLException"); // TODO Auto-generated method stub return OnWSDLException.ABORT_WITH_FAILURE; } @Override public TransportInfo getTransportInfo(String url, QName methodName) { System.err.println("getTransportInfo: " + url + ", " + methodName); final HttpsTransportInfo httpsTransportInfo = new HttpsTransportInfo(); httpsTransportInfo.setSSLAdapter(new Adapter()); return httpsTransportInfo; } private static class Adapter implements SSLAdapter { @Override public HttpURLConnection openConnection(URL url, Proxy proxy, TransportInfo info) throws IOException { System.err.println("openConnection: " + url + ", " + proxy + ", " + info); return EchoWsdlSoapInterceptor.openConnection(url); } @Override public void setClientCert(String arg0, char[] arg1) throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableEntryException { System.err.println("setClientCert"); } @Override public void setKeystore(String arg0, char[] arg1, String arg2) { System.err.println("setKeystore"); } } private static HttpURLConnection openConnection(URL url) throws FileNotFoundException { final HttpsURLConnection connection = new HttpsURLConnection(url); connection.loadLocalIdentity(new FileInputStream(CERT_FILE), new FileInputStream(KEY_FILE), PASSWORD); return connection; } public static void main(String[] args) throws Exception { final HttpURLConnection connection = openConnection(new URL("https://localhost:7002/www/producer?WSDL")); printStream(connection); } private static void printStream(final HttpURLConnection connection) throws IOException { InputStream inputStream = connection.getInputStream(); int c; while ((c = inputStream.read()) != -1) { System.out.print((char) c); } } }
Save your project. The Package Explorer should look like Figure 19-1.
Figure 19-1 EchoWsdlSoapInterceptor Java Class in the Package Explorer
You need to create a JAR file from the Interceptors project that includes the EchoWsdlSoapInterceptor
class. You will need this JAR file later to import the Interceptors project into a fragment project.
To create a JAR file:
In the Package Explorer, ensure that the appropriate project is active. In this example, the project is called Interceptors
.
From the File menu, select Export.
In the Export dialog box, under Select, expand Java, then select JAR file, and click Next.
In JAR File Specification, ensure that the appropriate project and directories are selected.
Under Select the export destination, in the JAR file field, specify the directory in which you want to create the JAR file.
Click Finish.
By configuring security on WSRP producers, you enable them to accept certificates and primary keys from WSDL and SOAP interceptors. As a result, clients like Oracle Enterprise Pack for Eclipse and WSRP consumers can successfully communicate with the producers.
To configure your producers to use SSL for all ports:
In the Package Explorer, ensure that the appropriate project is active and select the Merged Project tab.
Copy the wsrp-producer-config.xml
file located in the WEB-INF
directory under the Merged Projects tab, to your web application.
Expand the WEB-INF
directory and select the wsrp-producer-config.xml
file.
Right-click and select Copy to Project.
Open the WEB-INF/wsrp-producer-config.xml
file.
For each port , set the secure property to true
by selecting true from the dropdown list, as shown in Figure 19-2.
Figure 19-2 The secure Property in wsrp-producer-config.xml
Save the file.
Once you have created the SSL (SOAP and WSDL) interceptors, you must configure Oracle Enterprise Pack for Eclipse to use these interceptors to communicate with producers that are enabled with two-way SSL.
This section includes the following subsections:
Section 19.4.2, "Importing the JAR file into the Fragment Project"
Section 19.4.4, "Importing the WLS Demo Certificates into the JVM's cacerts File"
Section 19.4.5, "Adding System Properties to the eclipse.ini File"
To configure Oracle Enterprise Pack for Eclipse to use the EchoWsdlSoapInterceptor
Java class:
In the Package Explorer, ensure that the appropriate project is active. In this example, the project is called Interceptors
.
From the File menu, select New, then Others.
In the New dialog box, under Wizards, expand Plug-in Development, then select Fragment Project, and click Next.
In the New Fragment Project dialog box, in the Project name field, enter a name for your project, for example WSDLSOAPInterceptor
, and click Next.
Under Host Plug-in, in the Plug-in ID field, enter com.bea.wlp.eclipse.wsrp
, and click Finish.
To import the Interceptors.jar
file that you created in Section 19.1.4, "Creating a JAR File":
In the Package Explorer, ensure that the appropriate project is active. In this example, the project is called WSDLSOAPInterceptors
.
From the File menu, select Import.
In the Import dialog box, under Select an import source, expand General and select File System, then click Next.
Next to the From directory field, click Browse.
In the Import from directory dialog box, select the interceptors JAR file. Select the checkbox against the interceptors JAR option in the column on the right side, as shown in Figure 19-4.
Click Finish. The Package Explorer should look like Figure 19-5.
Figure 19-5 Interceptors JAR in the Package Explorer
Select the Runtime tab of the fragment project.
In the Classpath section, click Add.
In the JAR Selection dialog, select the interceptors JAR file (Figure 19-6) and click OK.
Figure 19-6 Interceptors JAR in the Classpath
Save your project.
To export the fragment project as a plug-in: :
In the Package Explorer, ensure that the appropriate project is active. In this example, the project is called WSDLSOAPInterceptors
.
From the File menu, select Export.
In the Export dialog box, under Select an export destination, expand Plug-in Development and select Deployable Plug-ins and fragments, then click Next.
In the Destination tab, select the <MW_HOME>
/oepe_11gR1PS1/eclipse/plugins
directory, then click Finish.
The Export Plug-ins dialog shows the progress.
If you are using a demo certificate on your producer (WLS Default), import the WLS demo certificates into your JVM's cacerts file.
To import demo certificates:
Go to .
<domain home>
/bin/setDomainEnv.sh
and open the command prompt.
Enter cd $JAVA_HOME
/jre/lib/security/
.
Import the certificate by entering keytool -importkeystore -v -destkeystore cacerts -srckeystore
<domain home>
/DemoTrust.jks
.
Enter the destination keystore password. The default cacerts password is changeit
. Press the [Enter] key for the source password.
Adding the system properties for ISOAPInterceptor
and IWSDLInterceptor
to the eclipse.ini
file will complete the configuration of these interceptors. So, every time Oracle Enterprise Pack for Eclipse will try to connect to a two-way SSL-enabled producer, these interceptors will supply the required certificate and private key.
To add the system properties:
Go to <BEA_HOME>
/oepe_11gR1PS1/eclipse/
, and open the eclipse.ini
file.
Add the following system properties to the end of the file:
-Dcom.bea.wsrp.consumer.soap.ISOAPInterceptor=com.example.sample.EchoWsdlSoapInterceptor
-Dcom.bea.wsrp.consumer.wsdl.IWSDLInterceptor=com.example.sample.EchoWsdlSoapInterceptor
Save the file.