| Oracle® Retail Service Backbone Security Guide 14.0 E49442-01 |
|
 Previous |
 Next |
package com.test;
import weblogic.security.SSL.TrustManager;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
import java.security.KeyStore;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.xml.namespace.QName;
import javax.xml.ws.BindingProvider;
import weblogic.jws.jaxws.ClientPolicyFeature;
import weblogic.jws.jaxws.policy.InputStreamPolicySource;
import weblogic.xml.crypto.wss.WSSecurityContext;
import weblogic.xml.crypto.wss.provider.CredentialProvider;
import weblogic.wsee.security.bst.ClientBSTCredentialProvider;
import weblogic.wsee.security.unt.ClientUNTCredentialProvider;
import com.oracle.retail.cm.integration.services.customerservice.v1.CustomerPortType;
import com.oracle.retail.cm.integration.services.customerservice.v1.CustomerService;
import com.oracle.retail.integration.base.bo.customerref.v1.CustomerRef;
import com.oracle.retail.integration.base.bo.invocationsuccess.v1.InvocationSuccess;
public class CustomerServlet extends HttpServlet {
private static final long serialVersionUID = 5798562566372551297L;
protected void doGet(HttpServletRequest request,
HttpServletResponse response)
throws ServletException, IOException {
doPost(request, response);
}
protected void doPost(HttpServletRequest request,
HttpServletResponse response)
throws ServletException, IOException {
response.getWriter().write("<html><body> Policy B testing with WebLogic policy </body></html>");
try {
// Key store information
String hostName = getHostName();
String clientKeyStore = "config/" + hostName + "-keystore.jks";
String clientKeyStorePass = "123456"; // From wallet in production
String clientKeyAlias = hostName + "-public-private-key-alias";
String clientKeyPass = "123456"; // From wallet in production
// Hostname for remote host alias can be found from the URL of the OSB service
String remoteHostAlias = "rsbhost-remote-host-public-key-alias";
// Get remote server certificate from key store
FileInputStream fis = new FileInputStream(new File(clientKeyStore));
KeyStore keystore = KeyStore.getInstance("JKS");
keystore.load(fis, clientKeyStorePass.toCharArray());
final X509Certificate serverCert =
(X509Certificate) keystore.getCertificate(remoteHostAlias);
serverCert.checkValidity();
// Set security policies
InputStream encryptBodyPolicy = this.getClass().getClassLoader().getResourceAsStream("weblogic/wsee/policy/runtime/Wssp1.2-2007-EncryptBody.xml");
InputStream signBodyPolicy = this.getClass().getClassLoader().getResourceAsStream("weblogic/wsee/policy/runtime/Wssp1.2-2007-SignBody.xml");
InputStream usernameTokenPolicy = this.getClass().getClassLoader()
.getResourceAsStream("weblogic/wsee/policy/runtime/Wssp1.2-2007-Wss1.1-UsernameToken-Plain-EncryptedKey-Basic128.xml");
ClientPolicyFeature clientPolicyFeature = new ClientPolicyFeature();
clientPolicyFeature.setEffectivePolicy(new
InputStreamPolicySource(encryptBodyPolicy, signBodyPolicy,
usernameTokenPolicy));
// Prepare credential providers
List<CredentialProvider> credProviders = new
ArrayList<CredentialProvider>();
CredentialProvider messageProtectionProvider = new
ClientBSTCredentialProvider(clientKeyStore, clientKeyStorePass,
clientKeyAlias, clientKeyPass, "JKS", serverCert);
credProviders.add(messageProtectionProvider);
ClientUNTCredentialProvider userNameTokenProvider = new
ClientUNTCredentialProvider("rsbuser".getBytes(),
"rsbuser1".getBytes());
credProviders.add(userNameTokenProvider);
// Prepare service context
String wsdlUrl = "http://rsbhost:9004/cm-Customer-AppServiceDecorator/ProxyService/CustomerAppServiceProxy?wsdl";
CustomerService service = new CustomerService(
new URL(wsdlUrl),
new QName(
"http://www.oracle.com/retail/cm/integration/services/CustomerService/v1", "CustomerService"));
CustomerPortType servicePort =
service.getCustomerPort(clientPolicyFeature);
Map<String, Object> reqContext =
((BindingProvider) servicePort).getRequestContext();
reqContext.put(WSSecurityContext.CREDENTIAL_PROVIDER_LIST, credProviders);
reqContext.put(WSSecurityContext.TRUST_MANAGER, new TrustManager() {
public boolean certificateCallback(X509Certificate[] chain,
int validateErr) {
// Check that the server cert matches
boolean result = chain[0].equals(serverCert);
return result;
}
});
// Invoke the service
CustomerRef customerRef = new CustomerRef();
customerRef.setCustomerId("1");
InvocationSuccess invSuccess = servicePort.deleteCustomer(customerRef);
response.getWriter().write("<html><body>Got Response : "
+ invSuccess.getSuccessMessage() + "</body></html>");
} catch (Exception e) {
e.printStackTrace();
}
response.getWriter().flush();
response.getWriter().close();
}
// This method returns the hostname of the server where application is running
private String getHostName(){
String wlsHostName = null;
try {
String hostName = java.net.InetAddress.getLocalHost().getHostName();
wlsHostName = hostName.split("\\.")[0];
} catch (UnknownHostException e) {
throw new RuntimeException(e);
}
return wlsHostName;
}
}
|
 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Legal Notices |
|