Oracle® Retail Service Backbone Oracle Retail Service Backbone Security Guide Release 16.0.21 E87014-01 |
|
Previous |
Next |
package com.test; import weblogic.security.SSL.TrustManager; import java.io.File; import java.io.FileInputStream; import java.io.IOException; import java.io.InputStream; import java.net.URL; import java.security.KeyStore; import java.security.cert.X509Certificate; import java.util.ArrayList; import java.util.List; import java.util.Map; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.xml.namespace.QName; import javax.xml.ws.BindingProvider; import weblogic.jws.jaxws.ClientPolicyFeature; import weblogic.jws.jaxws.policy.InputStreamPolicySource; import weblogic.xml.crypto.wss.WSSecurityContext; import weblogic.xml.crypto.wss.provider.CredentialProvider; import weblogic.wsee.security.bst.ClientBSTCredentialProvider; import weblogic.wsee.security.unt.ClientUNTCredentialProvider; import com.oracle.retail.cm.integration.services.customerservice.v1.CustomerPortType; import com.oracle.retail.cm.integration.services.customerservice.v1.CustomerService; import com.oracle.retail.integration.base.bo.customerref.v1.CustomerRef; import com.oracle.retail.integration.base.bo.invocationsuccess.v1.InvocationSuccess; public class CustomerServlet extends HttpServlet { private static final long serialVersionUID = 5798562566372551297L; protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { doPost(request, response); } protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.getWriter().write("<html><body> Policy B testing with WebLogic policy </body></html>"); try { // Key store information String hostName = getHostName(); String clientKeyStore = "config/" + hostName + "-keystore.jks"; String clientKeyStorePass = "123456"; // From wallet in production String clientKeyAlias = hostName + "-public-private-key-alias"; String clientKeyPass = "123456"; // From wallet in production // Hostname for remote host alias can be found from the URL of the OSB service String remoteHostAlias = "rsbhost-remote-host-public-key-alias"; // Get remote server certificate from key store FileInputStream fis = new FileInputStream(new File(clientKeyStore)); KeyStore keystore = KeyStore.getInstance("JKS"); keystore.load(fis, clientKeyStorePass.toCharArray()); final X509Certificate serverCert = (X509Certificate) keystore.getCertificate(remoteHostAlias); serverCert.checkValidity(); // Set security policies InputStream encryptBodyPolicy = this.getClass().getClassLoader().getResourceAsStream("weblogic/wsee/policy/runtime/Wssp1.2-2007-EncryptBody.xml"); InputStream signBodyPolicy = this.getClass().getClassLoader().getResourceAsStream("weblogic/wsee/policy/runtime/Wssp1.2-2007-SignBody.xml"); InputStream usernameTokenPolicy = this.getClass().getClassLoader() .getResourceAsStream("weblogic/wsee/policy/runtime/Wssp1.2-2007-Wss1.1-UsernameToken-Plain-EncryptedKey-Basic128.xml"); ClientPolicyFeature clientPolicyFeature = new ClientPolicyFeature(); clientPolicyFeature.setEffectivePolicy(new InputStreamPolicySource(encryptBodyPolicy, signBodyPolicy, usernameTokenPolicy)); // Prepare credential providers List<CredentialProvider> credProviders = new ArrayList<CredentialProvider>(); CredentialProvider messageProtectionProvider = new ClientBSTCredentialProvider(clientKeyStore, clientKeyStorePass, clientKeyAlias, clientKeyPass, "JKS", serverCert); credProviders.add(messageProtectionProvider); ClientUNTCredentialProvider userNameTokenProvider = new ClientUNTCredentialProvider("rsbuser".getBytes(), "rsbuser1".getBytes()); credProviders.add(userNameTokenProvider); // Prepare service context String wsdlUrl = "http://rsbhost:9004/cm-Customer-AppServiceDecorator/ProxyService/CustomerAppServiceProxy?wsdl"; CustomerService service = new CustomerService( new URL(wsdlUrl), new QName( "http://www.oracle.com/retail/cm/integration/services/CustomerService/v1", "CustomerService")); CustomerPortType servicePort = service.getCustomerPort(clientPolicyFeature); Map<String, Object> reqContext = ((BindingProvider) servicePort).getRequestContext(); reqContext.put(WSSecurityContext.CREDENTIAL_PROVIDER_LIST, credProviders); reqContext.put(WSSecurityContext.TRUST_MANAGER, new TrustManager() { public boolean certificateCallback(X509Certificate[] chain, int validateErr) { // Check that the server cert matches boolean result = chain[0].equals(serverCert); return result; } }); // Invoke the service CustomerRef customerRef = new CustomerRef(); customerRef.setCustomerId("1"); InvocationSuccess invSuccess = servicePort.deleteCustomer(customerRef); response.getWriter().write("<html><body>Got Response : " + invSuccess.getSuccessMessage() + "</body></html>"); } catch (Exception e) { e.printStackTrace(); } response.getWriter().flush(); response.getWriter().close(); } // This method returns the hostname of the server where application is running private String getHostName(){ String wlsHostName = null; try { String hostName = java.net.InetAddress.getLocalHost().getHostName(); wlsHostName = hostName.split("\\.")[0]; } catch (UnknownHostException e) { throw new RuntimeException(e); } return wlsHostName; } }