This chapter describes interoperability of Oracle Web Services Manager (OWSM) with Oracle Glassfish Server Release 3.0.1.
This chapter includes the following sections:
Overview of Interoperability With Oracle GlassFish Security Environments
SAML Token (Sender Vouches) with Message Protection (WS-Security 1.1)
Oracle GlassFish Server Release 3.0.1 is an open source application server for the Java EE platform. Metro is an open-source web service stack that is a part of Oracle GlassFish Server.
With OWSM 12c, you attach policies to web service endpoints. Each policy consists of one or more assertions, defined at the domain-level, that define the security requirements. A set of predefined policies and assertions are provided out-of-the-box.
For more information about:
OWSM predefined policies, see "Predefined Policies" in Securing Web Services and Managing Policies with Oracle Web Services Manager.
Configuring and attaching OWSM 12c policies, see "Securing Web Services" and "Attaching Policies" in Securing Web Services and Managing Policies with Oracle Web Services Manager.
Configuring Oracle GlassFish, see http://download.oracle.com/docs/cd/E18930_01/index.html
.
Configuring Metro web services, see http://metro.java.net/guide/
Table 9-1 and Table 9-2 summarize the most common GlassFish Server interoperability scenarios based on the following security requirements: authentication, message protection, and transport.
Table 9-1 OWSM 11g Service Policy and GlassFish Client Interoperability
Identity Token | WS-Security Version | Message Protection | Transport Security | Service Policy | Client Policy |
---|---|---|---|---|---|
SAML |
1.1 |
Yes |
No |
|
See "Configuring an OWSM 12c Web Service and a GlassFish Client" |
Table 9-2 GlassFish Service and OWSM 11g Client Policy Interoperability
Identity Token | WS-Security Version | Message Protection | Transport Security | Service Policy | Client Policy |
---|---|---|---|---|---|
SAML |
1.1 |
Yes |
No |
See "Configuring a GlassFish Web Service and an OWSM 12c Client" |
|
This section describes how to implement username token with message protection that conforms to the WS-Security 1.1 standard, in the following interoperability scenarios:
The following instructions tell how to configure an OWSM 12c web service and a GlassFish client to implement username token with message protection that conforms to the WS-Security 1.1 standard:
Table 9-3 Configuration Prerequisites for Interoperability
Task | Description | More Information |
---|---|---|
1 |
Create a $JAVA_HOME/bin/keytool -genkeypair -alias orakey -keypass welcome -keyalg RSA -dname "CN=orakey, O=oracle C=us" -keystore default-keystore.jks -storepass welcome |
-- |
2 |
Copy |
-- |
3 |
Create a file user in GlassFish with the following command: $<GLASSFISHV3_HOME>/glassfish/bin/asadmin create-file-user |
|
4 |
Import $JAVA_HOME/bin/keytool -importkeystore -srckeystore <path-to>/default-keystore.jks -destkeystore <path-to-gf-domain>/config/cacerts.jks -srcalias orakey -destalias orakey -srckeypass welcome -destkeypass changeit |
-- |
5 |
Copy |
-- |
Table 9-4 Configuring OWSM 12c Web Service
Task | Description | More Information |
---|---|---|
1 |
Create a Web service. |
-- |
2 |
Attach the following policy to the Web service: |
"Attaching Policies" in Securing Web Services and Managing Policies with Oracle Web Services Manager |
Table 9-5 Configuring GlassFish/Metro Client
Task | Description | More Information |
---|---|---|
1 |
Using NetBeans, create a Metro client by selecting New Project > Java > Java Application. Provide a project name and location and select Finish. |
-- |
2 |
Right-click on the project. Select New > Web service Client. Follow the wizard and provide WSDL URL for service deployed in WebLogic. |
-- |
3 |
Select Edit Web Services Attributes. |
-- |
4 |
Check Use Development Defaults to include Metro libraries into the project. |
-- |
5 |
Uncheck Use Development Defaults. Provide username subject and password. |
-- |
6 |
For a Metro SE client:
|
-- |
7 |
For a Metro Java EE client:
|
-- |
The following instructions tell how to configure a GlassFish web service and an OWSM 12c client to implement username token with message protection that conforms to the WS-Security 1.1 standard:
Table 9-6 Configuration Prerequisites for Interoperability
Task | Description | More Information |
---|---|---|
1 |
Create a $JAVA_HOME/bin/keytool -genkeypair -alias orakey -keypass welcome -keyalg RSA -dname "CN=orakey, O=oracle C=us" -keystore default-keystore.jks -storepass welcome |
-- |
2 |
Copy |
-- |
3 |
Save the credentials in credential store using WLST commands. For example: $<ORACLE_HOME>/common/bin/wlst.sh > connect() > createCred(map="oracle.wsm.security", key="keystore-csf-key", user="keystore", password="welcome") > createCred(map="oracle.wsm.security", key="sign-csf-key", user="orakey", password="welcome") > createCred(map="oracle.wsm.security", key="enc-csf-key", user="orakey", password="welcome") >createCred(map="oracle.wsm.security", key="glassfish.credentials" , user="wlsUser" , password="welcome1" , description="Glassfish user credentials"); A file |
-- |
4 |
Create a file user in GlassFish with the following command: $<GLASSFISHV3_HOME>/glassfish/bin/asadmin create-file-user |
|
5 |
Import $JAVA_HOME/bin/keytool -importkeystore -srckeystore <path-to>/default-keystore.jks -destkeystore <path-to-gf-domain>/config/keystore.jks -srcalias orakey -destalias orakey -srckeypass welcome -destkeypass changeit |
-- |
6 |
Copy |
-- |
Table 9-7 Configuring the GlassFish/Metro Web Service
Task | Description | More Information |
---|---|---|
1 |
Create a Metro Web service. |
|
2 |
Configure the appropriate security mechanism. |
Table 9-8 Configuring the OWSM 11g Client
Task | Description | More Information |
---|---|---|
1 |
Using JDeveloper, create a Web service proxy for the GlassFish service. Select the policy |
-- |
2 |
Set the |
-- |
3 |
In the Web service proxy main class, set the system property of |
-- |
Note:
If you are using:Oracle Service Bus business service, set the property overrides to glassfish.credentials in the Security page. For more information, see "Policy Overrides" in Oracle Fusion Middleware Developer's Guide for Oracle Service Bus at http://docs.oracle.com/html/E15866_01/owsm.htm
.
SOA Web service reference, set the property overrides to glassfish.credentials in the Security page. For more information, see Section 46.2.2 "How to Override Policy Configuration Property Values" in Developer's Guide for SOA Suite at http://docs.oracle.com/middleware/1213/soasuite/develop-soa/soa-security-policies-jdev.htm#SOASE85427
.
This section tells how to implement SAML token (sender vouches) with message protection that conforms to the WS-Security 1.1 standard, in the following interoperability scenarios:
"Configuring an OWSM 12c Web Service and a GlassFish Client"
"Configuring a GlassFish Web Service and an OWSM 12c Client"
The following instructions tell how to configure an OWSM 12c web service and a GlassFish client to implement SAML token (sender vouches) with message protection that conforms to the WS-Security 1.1 standard:
Table 9-9 Configuration Prerequisites for Interoperability
Task | Description | More Information |
---|---|---|
1 |
Create a $JAVA_HOME/bin/keytool -genkeypair -alias orakey -keypass welcome -keyalg RSA -dname "CN=orakey, O=oracle C=us" -keystore default-keystore.jks -storepass welcome |
-- |
2 |
Copy |
-- |
3 |
Create a file user in GlassFish with the following command: $<GLASSFISHV3_HOME>/glassfish/bin/asadmin create-file-user |
|
4 |
Add the user. |
"Create users" in Oracle WebLogic Server Administration Console Online Help |
5 |
Import $JAVA_HOME/bin/keytool -importkeystore -srckeystore <path-to>/default-keystore.jks -destkeystore <path-to-gf-domain>/config/cacerts.jks -srcalias orakey -destalias orakey -srckeypass welcome -destkeypass changeit |
-- |
6 |
Copy |
-- |
Table 9-10 Configuring the OWSM 11g Web Service
Task | Description | More Information |
---|---|---|
1 |
Create a web service. |
-- |
2 |
Attach the following policy to the web service: |
"Attaching Policies" in Securing Web Services and Managing Policies with Oracle Web Services Manager |
Table 9-11 Configuring the GlassFish/Metro Client
Task | Description | More Information |
---|---|---|
1 |
Using NetBeans, create a Metro client by selecting New Project > Java > Java Application. Provide a project name and location. Select the server to deploy and select Finish. |
-- |
2 |
Right-click the project. Select New > Web Service Client. Follow the wizard and provide WSDL URL for service deployed in WebLogic. |
-- |
3 |
Create a SAML CallbackHandler that can be used with WSIT SAML Security Mechanisms supported by NetBeans.
|
-- |
4 |
To configure the JVM, log on to the GlassFish Administration Console.
|
Oracle GlassFish Server 3.1 Administration Guide at: |
5 |
Expand Web Services Reference node. Using NetBeans, right click Service Reference and select Edit Web Services Attributes. |
-- |
6 |
For SAML Callback Handler option, click Browse and select the file from Step 3. |
-- |
7 |
Set the alias in Keystore and Truststore. |
-- |
8 |
Open index.jsp file. Right click and select Web Service Client Reference. Select Operation in Select Operation to Invoke dialog box and click ok. |
-- |
9 |
Run the project. |
-- |
The following instructions tell how to configure an GlassFish web service and a OWSM 12c client to implement SAML token (sender vouches) with message protection that conforms to the WS-Security 1.1 standard:
Table 9-12 Configuration Prerequisites for Interoperability
Task | Description | More Information |
---|---|---|
1 |
Create a $JAVA_HOME/bin/keytool -genkeypair -alias orakey -keypass welcome -keyalg RSA -dname "CN=orakey, O=oracle C=us" -keystore default-keystore.jks -storepass welcome |
-- |
2 |
Copy |
-- |
3 |
Save the credentials in credential store using WLST commands. For example: $<ORACLE_HOME>/common/bin/wlst.sh > connect() > createCred(map="oracle.wsm.security", key="keystore-csf-key", user="keystore", password="welcome") > createCred(map="oracle.wsm.security", key="sign-csf-key", user="orakey", password="welcome") > createCred(map="oracle.wsm.security", key="enc-csf-key", user="orakey", password="welcome") >createCred(map="oracle.wsm.security", key="glassfish.credentials" , user="wlsUser" , password="welcome1" , description="Glassfish user credentials"); A file |
-- |
4 |
Create a file user in GlassFish with the following command: $<GLASSFISHV3_HOME>/glassfish/bin/asadmin create-file-user |
|
5 |
Import $JAVA_HOME/bin/keytool -importkeystore -srckeystore <path-to>/default-keystore.jks -destkeystore <path-to-gf-domain>/config/keystore.jks -srcalias orakey -destalias orakey -srckeypass welcome -destkeypass changeit |
-- |
6 |
Copy |
-- |
Table 9-13 Configuring GlassFish/Metro Web Service
Task | Description | More Information |
---|---|---|
1 |
Create a Metro web service. |
|
2 |
Configure the appropriate security mechanism |
Table 9-14 Configuring OWSM 11g Client
Task | Description | More Information |
---|---|---|
1 |
Using JDeveloper, create a web service proxy for the GlassFish service. Select the policy |
"Developing and Securing Web Services" in Developing Applications with Oracle JDeveloper. |
2 |
Set the path to |
-- |
3 |
Set the USERNAME_PROPERTY as follows: |
-- |
4 |
Invoke the web service. |
-- |