Oracle Web Service Manager 11€¦ · Message Protection Policy in WLS using Oracle Web Services...

Oracle Web Service Manager 11g Message Protection Policy (in WLS) March 2012

Step-by-Step Instruction Guide

Author Prakash Yamuna Senior Development Manager

Oracle Corporation

Message Protection Policy in WLS using Oracle Web Services Manager 11g

Oracle Corporation | Message Protection Policy | Version 10 2

Table of Contents Use Case 4

Description 4

Objective 4

Software Requirements 4

Prerequisites 4

Verified Product Version 4

Potentially Applies to Product Version(s) 4

Download Main Page 4

Product URLs 5

Step by Step Instructions 6

Install Location 6

Create HelloWorld POJO JAX-WS Application 7

Attach Message protection OWSM Security Policy 18

Creating Keystore and Credentials 22

Configuring Integrated WLS Server to enable enforcing Message protection Policy 23

Copying the Keystore under the right location for Integrated WLS Server 25

Verifying jps-configxml in Default Domain 26

Creating Credentials required for Keystore access 27

Relationship between Keystore Credential Store jps-configxml 29

Testing with SOAP UI 30

Create SOAP UI Project 30

Create WS-Security Configurations 33

Add KeystoreCertificates 34

Add Outgoing WS-Security Configurations 36



Add Incoming WS-Security Configurations 42

Appendix 47

Log Generated the first time any app is run in Integrated WLS Server 47



Use Case

Description

This How-To demonstrates how to use OWSM Message Protection policy to secure a JAX-WS Web Service and how to

test it with SOAP UI

Objective

The main objective of this How-To

Demonstrate the steps required to secure a simple HelloWorld JAX-WS web service in JDeveloper

Configure the Integrated WLS Server to enable using OWSM message protection policies to secure HelloWorld

JAX-WS

Run the HelloWorld JAX-WS web service within the Integrated WLS Server that ships with JDeveloper

Configure and Test the HelloWorld JAX-WS with SOAP UI

Software Requirements

Prerequisites

Product Download URL

1 Install SOA Suite 11116 with

JDeveloper

2 SOAP UI Pro 401

Verified Product Version

Product Release Version

1 WebLogic 1036

2 SOA 11116

3 JDeveloper 11116

Potentially Applies to Product Version(s)


1 WebLogic 1033 1034 1035 1036

2 SOA 11114 11115 11116

Download Main Page

httpwwworaclecomtechnetworkmiddlewaresoasuitedownloadsindexhtml



Product URLs

Product URL LoginPassword

EM Fusion Middle Control httpadmin_hostadmin_portem User weblogic

Password welcome1

Note This How-To uses SOAP UI Pro 401 The steps can vary with other versions of SOAP UI



Step by Step Instructions

Install Location

In this How-To JDeveloper has been installed at

DOracle11gMiddleware

We will define ORACLE_HOME= DOracle11gMiddleware

JDeveloperexe is at $ORACLE_HOMEjdeveloperjdeveloperexe

In this How-To I am running JDeveloper from command line as shown in Figure 1

Figure 1 Starting JDeveloper with the -su option



Create HelloWorld POJO JAX-WS Application

1 Start creation of a new application by click on ldquoNew Applicationrdquo in Figure 2

Figure 2 Click on New Application

This is will launch a new application creation wizard



2 Provide the following values as show in Figure 3 ldquoApplication NamerdquoHelloWorldJaxWS ldquoDirectoryrdquo DJDevelopermyworkHelloWorldJaxWS JDeveloper wil create the new application in the above directory For purposes of this How-To select ldquoGeneric Applicationrdquo from the Application Template as shown in Figure 3

Figure 3 Provide Application Name and Folder information

Click on ldquoNextrdquo button to proceed to the next step



3 Create a Project for the new application by providing Project information like ldquoProject Namerdquo ldquoDirectoryrdquo as show in Figure 4 Since we want to create a POJO based Web Service Select ldquoWeb Servicesrdquo from the ldquoProject Technologiesrdquo tab This will automatically also include Java Figure 4 shows the selected technologies for this project

Figure 4 Select Project Technologies and provide Project information

Click on ldquoNextrdquo button



4 Complete the New Application creation process by providing package information and leave the defaults for ldquoJava Source Pathrdquo and ldquoOutput Directoryrdquo as shown on Figure 5

Figure 5 Provide Package and other Java Settings

Click on ldquoFinishrdquo button to complete creation of the new application and the project



5 Next we will create a Java Class To create a Java Class right click on the ldquoHelloWorldrdquo project under the HelloWorldJaxWS application and select ldquoNewrdquo from the Context Menu as shown in Figure 6

Figure 6 Creating Java Class in a project

6 This will launch the Dialog show in Figure 7 In the ldquoCurrent Project Technologiesrdquo tab Select ldquoJavardquo from the

ldquoCategoriesrdquo on the Left Hand Side and under ldquoItemsrdquo panel on the Right Hand side select ldquoJava Classrdquo as shown in

Figure 7 Click on the ldquoOKrdquo button after making the above selections

Figure 7 Select Java Class from the New Gallery Dialog



7 This will launch the new ldquoJava Classrdquo Creation Dialog as show in Figure 8 Provide ldquoHelloWorldrdquo as the name of the

java class and provide appropriate value for the java package Retain defaults for the remainder of the fields Click

ldquoOKrdquo to complete the new Java Class creation dialog

Figure 8 New Java Class creation Dialog

8 JDeveloper will generate code along the lines shown below

package helloworld

public class HelloWorld

public HelloWorld()

super()



Add the following lines of code to the HelloWorld class

9 The next step is to basically create a Web Service from the HelloWorld java class created in the previous steps To

create a Web Service right click on the HelloWorldjava file Select ldquoCreate Web Servicehelliprdquo from the Context menu

as shown in Figure 9

Figure 9 Launch the Web Service Creation Wizard on the HelloWorld POJO class

public String hello(String str)

return Hello + str



10 From the ldquoJava Web Service creationrdquo wizard select Java EE 15 option The entire Web Service creation wizard is a

multi-step process as show in Figure 10 - Figure 17

Figure 10 Select Java EE 15 from the Java Web Service Creation wizard

Figure 11 Provide Web Service name



Figure 12 Retain default SOAP binding

Figure 13 Select the methods that should be exposed as part of the Web Service



Figure 14 Skip Additional Classes

Figure 15 Skip specifiying policies



Figure 16 Skip providing any Handlers

Figure 17 Finish creation of Web Service



Attach Message protection OWSM Security Policy

1 To attach the OWSM message protection policy to the Web Service ldquoright clickrdquo on the HelloWorldjava file in

JDeveloper Select ldquoWeb Service Propertieshelliprdquo from the Context menu item Figure 18 This will launch the Dialog box

seen in Figure 19

Figure 18 Define Web Service Properties



2 In the Configure Policies Dialog select ldquoOWSM policiesrdquo Upon selection of the OWSM Policies option the system

will display the list of out of the box policies that are shipped as part of OWSM Also notice the Default Policy Store

location

In this How-To it maps to

ldquoDOracle11gMiddlewarejdevelopersystem11116386192DefaultDomainoraclestoregmdsrdquo

Figure 19 Select OWSM policies option to secure the Web Service



3 For the purposes of this How-To letrsquos select the oraclewss10_message_protection_service_policy as show in

Figure 20

Figure 20 Selection of oraclewss10_message_protection_service_policy

Click ldquoOKrdquo button to complete the Policy Attachment Upon completion of the PolicyAttachment the SecurityPolicy

annotation will be added to the HelloWorld POJO class as show in Figure 21



Figure 21 Code view with SecurityPolicy annotation



Creating Keystore and Credentials

4 In order to use the oraclewss10_message_protection_service_policy we need Keystore and Credentials First we

will create keystore using the keytool command as shown in Figure 22 The command to create the keystore using

keytool (Note Keytool is shipped with JDK)

Figure 22 Keystore creation command and steps

You can validate the contents of the keystore by using the following keytool command

Figure 23 Check contents of Keystore using keytool

$gt keytool -genkey -keyalg RSA -alias orakey -keystore default-keystorejks -storepass welcome1 -validity

3600

$gtkeytool -list -keystore default-keystorejks -storepass welcome1



Configuring Integrated WLS Server to enable enforcing Message protection Policy

In order to be able to deploy the HelloWorld POJO Web Service to Integrated WLS Server and test the enforcement of

the OWSM oraclewss10_message_protection_service_policy ndash we need to configure the WLS Domain in which

Integrated WLS Server runs however initially upon the Install the domain is not created completely You can ensure the

domain is created completely by trying to the ldquoHelloWorldrdquo Web Service You do this by ldquoright clickingrdquo on

HelloWorldjava and selecting ldquoRunrdquo from the Context Menu as show in Figure 24

Figure 24 Running HelloWorld Web Service in Integrated WLS Server first time



The appendix shows the log that is output by the system in JDeveloper The key aspect that is of interest here are the

following messages

[Waiting for the domain to finish building]

[094756 PM] Creating Integrated Weblogic domain

[095003 PM] Extending Integrated Weblogic domain

[095051 PM] Integrated Weblogic domain processing completed successfully

Using port 7101

DOracle11gMiddlewarejdevelopersystem11116386192DefaultDomainbinstartWebLogiccmd

[waiting for the server to complete its initialization]

As mentioned earlier the key thing to note is

On running this the first time ndash the domain for running the Integrated WLS is extended and the necessary artifacts are created By default this domain is called ldquoDefaultDomainrdquo In this scenario the ldquoDefaultDomainrdquo is located at DOracle11gMiddlewarejdevelopersystem11116386192DefaultDomain



Copying the Keystore under the right location for Integrated WLS Server

5 Copy the default-keystorejks created earlier to

ldquoDOracle11gMiddlewarejdevelopersystem11116386192DefaultDomainconfigfmwconfigrdquo as shown in Figure 25

Figure 25 Copying default-keystorejks under DefaultDomain



Verifying jps-configxml in Default Domain

6 The jps-configxml will be found under

DOracle11gMiddlewarejdevelopersystem11116386192DefaultDomainconfigfmwconfig The most important entry in jps-configxml that is of interest is the following keystore service entry lt-- KeyStore Service Instance --gt ltserviceInstance name=keystore provider=keystoreprovider location=default-keystorejksgt ltdescriptiongtDefault JPS Keystore Serviceltdescriptiongt ltproperty name=keystoreprovidertype value=filegt ltproperty name=keystorefilepath value=gt ltproperty name=keystoretype value=JKSgt ltproperty name=keystorecsfmap value=oraclewsmsecuritygt ltproperty name=keystorepasscsfkey value=keystore-csf-keygt ltproperty name=keystoresigcsfkey value=sign-csf-keygt ltproperty name=keystoreenccsfkey value=enc-csf-keygt ltserviceInstancegt The next step is to configure the credentials in the DefaultDomain



Creating Credentials required for Keystore access

Ensure the Integrated WLS Server is running 7 Start WLST from DOracle11gMiddleware oracle_commoncommonbinwlstcmd as shown in Figure 26

Figure 26 Starting WLST for Integrated WLS Server



8 Connect to the Integrated WLS Server running DefaultDomain as show in Figure 27

Figure 27 Connect to Integrated WLS Server

Once connected add the following credentials to the credential store

$gt createCred(map=oraclewsmsecurity key=keystore-csf-key user=owsm password=welcome1 desc=Keystore key) $gtcreateCred(map=oraclewsmsecurity key=enc-csf-key user=orakey password=welcome1 desc=Encryption key) $gtcreateCred(map=oraclewsmsecurity key=sign-csf-key user=orakey password=welcome1 desc=Signing key)



Relationship between Keystore Credential Store jps-configxml

9 Many people find the relationship between keystore keys credential store credentials and jps-configxml

confusing Figure 28 shows the relationship between all these artifacts

Figure 28 Relationship bw Keystore Credential Store Credentials and jps-configxml



Testing with SOAP UI 1 Before testing the Web Service with SOAP UI Run the HelloWorld from within JDeveloper as shown in Figure 24

Create SOAP UI Project

2 To test the HelloWorld Web Service secured with the OWSM ldquooraclewss10_message_protection_service_policyrdquo start SOAP UI and create a new Project as shown in Figure 29

Figure 29 Create new project in SOAP UI



3 Provide Project Namerdquo and ldquoWSDLrdquo information for the HelloWorld WS as show in Figure 30

Figure 30 Provide WSDL information for the Web Service that needs to be tested



4 Double click on the helloworld-msg-prot-test SOAP UI project to open various configurations one can specify for the

project as show in Figure 31 Click on the WS-Security Configurations tab

Figure 31 Specify the WS-Security Configurations



Create WS-Security Configurations

5 There are 3 sub-tabs under the ldquoWS-Security Configurationsrdquo tab in SOAP UI These are the ldquoOutgoing WS-Security

Configurationsrdquo tab ldquoIncoming WS-Security Configurationsrdquo tab and the ldquoKeystoreCertificatesrdquo tab We will first fill

out the KeystoresCertificates tab Click on the KeystoreCertificates tab as shown in Figure 32

Figure 32 Specify the KeystoreCertificates to be used by SOAP UI



Add KeystoreCertificates

6 Click on the ldquo+rdquo button to add a keystore as shown in Figure 33 This will launch a dialog to select the Key Material as

show in Figure 34 You will be prompted for the password to the default-keystorejks Enter ldquowelcome1rdquo as show in

Figure 35

Figure 33 Adding a Keystore

Figure 34 Select a JKS keystore from the file system



Figure 35 Specify Password for the default-keystorejks

7 Figure 36 shows the result of adding the default-keystorejks to SOAP UI

Figure 36 Result of adding default-keystorejks

NOTE For purposes of simplicity ndash I have selected the same default-keystorejks file that was used by the HelloWorld Web Service in practice the client and service DO NOT share the same keystore instead you should use separate keystores and exchange the public certificates of the client and the service



Add Outgoing WS-Security Configurations

8 The next step is to add the ldquoOutgoing WS-Secure Configurationsrdquo to the project You can do this by click on the Outgoing S-Security Configurations tab and clicking on the ldquo+rdquo icon as shown in Figure 37

Figure 37 Initiate addition of Outgoing WS-Security Configuration



9 Enter the ldquoNamerdquo of the configuration as ldquowss10rdquo This will create a panel on the lower half of the screen to add relevant WS-Security Configuration for ldquowss10rdquo Click on the ldquo+rdquo icon highlighted with a red circle in Figure 38 We need to add 3 entries in the following order

a Timestamp b Signature c Encryption

Upon clicking the ldquo+rdquo icon an ldquoAdd WSS Entryrdquo popup dialog will be presented which contains a single drop down list Select ldquoTimestamprdquo from the dialog as shown in Figure 39

Figure 38 Adding WSS Configuration for wss10

Figure 39 Add Timestamp

10 Configure the ldquoTimestamprdquo WSS Entry The two fields are shown in Figure 40



a Time to Live 5000 b Leave the unit for ldquoTime to Liverdquo in milliseconds

Figure 40 Specify Time to Live as part of Timestamp configuration

11 Add the ldquoSignaturerdquo WSS Entry by clicking on the ldquo+rdquo icon again as shown in Figure 38 and selecting ldquoSignaturerdquo from

the ldquoAdd WSS Entryrdquo drop down as shown in Figure 41

Figure 41 Select Signature WSS Entry to Add to wss10 configuration



12 The ldquoSignaturerdquo configuration is more involved and requires a lot more fields to be filled in as shown in Figure 42 Here is a summary of the fields and values that need to be provided

a Keystore Select ldquodefault-keystorejksrdquo from the drop down (Note Only keystores added in the KeystoreCertificates tab will be displayed in this drop down)

b Alias ldquoorakeyrdquo This particular keystore in the How-To has only a single alias However a keystore can have multiple keys and aliases

c Password ldquowelcome1rdquo This is the password for the alias d Key Identifier Type Select ldquoBinary Security Tokenrdquo from the drop down e Signature Algorithm Select ldquohttpwwww3org200009xmldsigrsa-sha1rdquo from the drop down f Signature Canonicalization Select ldquohttpwwww3org200110xml-exc-c14nrdquo from the drop down g Digest Algorithm Select ldquohttpwwww3org200009xmldsigsha1rdquo from the drop down h Use Single Certificate Ensure ldquoUse single certificate for signingrdquo is checked i Parts

Name Namespace Encode

Body httpschemasxmlsoaporgsoapenvelope Element

Timestamp httpdocsoasis-openorgwss200401oasis-200401-wss-wssecurity-utility-10xsd

Element

Figure 42 Providing Signature configuration



13 Add the ldquoEncryptionrdquo WSS Entry by clicking on the ldquo+rdquo icon again as shown in Figure 38 and selecting ldquoEncryptionrdquo from the ldquoAdd WSS Entryrdquo drop down as shown in Figure 43

Figure 43 Adding Encryption WSS entry

14 The ldquoEncryptionrdquo configuration is more involved and requires a lot more fields to be filled in as shown in Figure 44

Here is a summary of the fields and values that need to be provided a Keystore Select ldquodefault-keystorejksrdquo from the drop down (Note Only keystores added in the

KeystoreCertificates tab will be displayed in this drop down) b Alias ldquoorakeyrdquo This particular keystore in the How-To has only a single alias However a keystore can have

multiple keys and aliases c Password ldquowelcome1rdquo This is the password for the alias d Key Identifier Type Select ldquoBinary Security Tokenrdquo from the drop down e Embedded Key Name and Embedded Key Password are not relevant and will be readonly fields So skip

these fields f Symmetric Encoding Algorithm Select ldquohttpwwww3org200104xmlencaes128-cbcrdquo from the drop

down g Key Encryption Algorithm Select ldquohttpwwww3org200104xmlencrsa-oaep-mgf1prdquo from the drop

down h Encryption Canonicalization Select ldquohttpwwww3org200110xml-exc-c14nrdquo from the drop down i Create Encrypted Key Ensure the checkbox is checked j Parts


Body httpschemasxmlsoaporgsoapenvelope Content



Figure 44 Encryption Configuration



Add Incoming WS-Security Configurations

15 Click on the ldquoIncoming WS-Security Configurationsrdquo sub tab and click on the ldquo+rdquo icon as show in Figure 45 You will be prompted to enter a name for the incoming configuration specify ldquowss10rdquo as the name as shown in Figure 46

Figure 45 Add Incoming WS-Security Configuration

Figure 46 Provide a name for the Incoming WSS Configuration



16 Click on the ldquowss10rdquo entry and select the following a Decrypt Keystore Select ldquodefault-keystorejksrdquo from the drop down b Signature Keystore Select ldquodefault-keystorejksrdquo from the drop down c Password ldquowelcome1rdquo

The final incoming security configuration is shown in Figure 47

Figure 47 Incoming WSS Configuration



17 Now that we have created all the necessary WS-Security Configurations we are ready to test the HelloWorld Service To do so click on the ldquohellordquo operation on the Left hand browse tree This will create a request as show in Figure 48 Click on the ldquoAutrdquo tab on the ldquoRequestrdquo panel on the RHS side of the screen The ldquoAutrdquo tab is in the bottom and has been highlighted in Figure 48 Select the following values

a Outgoing WSS Select ldquowss10rdquo from the drop down b Incoming WSS Select ldquowss10rdquo from the drop down

Figure 48 Select the previosuly created WSS Configuration to be used while testing



18 Enter ldquoprakashrdquo for arg0 and click on the green arrow button to send the request You will be prompted for password ndash enter ldquowelcome1rdquo Figure 49 and Figure 50 show the steps and the results of a successful test If there is a failure ndash you will see a SOAP response with a fault

Figure 49 Send request to the HelloWorld WS



Figure 50 Results of a successful test



Appendix

Log Generated the first time any app is run in Integrated WLS Server





Using port 7101



JAVA Memory arguments -Xms256m -Xmx512m -XXCompileThreshold=8000 -XXPermSize=128m -XXMaxPermSize=512m

WLS Start Mode=Development

CLASSPATH=DORACLE~1MIDDLE~1ORACLE~1modulesoraclejdbc_1111ojdbc6dmsjarDORACLE~1MIDDLE~1patch_wls1035profilesdefaultsys_manifest_classpathweblogic_patchjarDORACLE~1MIDDLE~1patch_jdev1111profilesdefaultsys_manifest_classpathweblogic_patchjarDORACLE~1MIDDLE~1JDK160~1libtoolsjarDORACLE~1MIDDLE~1WLSERV~13serverlibweblogic_spjarDORACLE~1MIDDLE~1WLSERV~13serverlibweblogicjarDORACLE~1MIDDLE~1modulesfeaturesweblogicservermodules_10350jarDORACLE~1MIDDLE~1WLSERV~13serverlibwebservicesjarDORACLE~1MIDDLE~1modulesORGAPA~11libant-alljarDORACLE~1MIDDLE~1modulesNETSFA~10_1libant-contribjarDORACLE~1MIDDLE~1ORACLE~1modulesoraclejrf_1111jrfjarDORACLE~1MIDDLE~1WLSERV~13commonderbylibderbyclientjarDORACLE~1MIDDLE~1WLSERV~13serverlibxqrljar

PATH=DORACLE~1MIDDLE~1patch_wls1035profilesdefaultnativeDORACLE~1MIDDLE~1patch_jdev1111profilesdefaultnativeDORACLE~1MIDDLE~1WLSERV~13servernativewin32DORACLE~1MIDDLE~1WLSERV~13serverbinDORACLE~1MIDDLE~1modulesORGAPA~11binDORACLE~1MIDDLE~1JDK160~1jrebinDORACLE~1MIDDLE~1JDK160~1binDoraclexeapporacleproduct1020serverbinCProgram FilesThinkPadUtilitiesCWINDOWSsystem32CWINDOWSCWINDOWSSystem32WbemCWINDOWSsystem32WindowsPowerShellv10DORACLE~1MIDDLE~1WLSERV~13servernativewin32oci920_8



To start WebLogic Server use a username and

password assigned to an admin-level user For

server administration use the WebLogic Server

console at httphostnameportconsole

starting weblogic with Java version

java version 160_24

Java(TM) SE Runtime Environment (build 160_24-b50)

Java HotSpot(TM) Client VM (build 191-b02 mixed mode)

Starting WLS with line



DORACLE~1MIDDLE~1JDK160~1binjava -client -Xms256m -Xmx512m -XXCompileThreshold=8000 -XXPermSize=128m -XXMaxPermSize=512m -DweblogicName=DefaultServer -Djavasecuritypolicy=DORACLE~1MIDDLE~1WLSERV~13serverlibweblogicpolicy -DjavaxnetssltrustStore=DOracle11gMiddlewarewlserver_103serverlibDemoTrustjks -DweblogicnodemanagerServiceEnabled=true -Xverifynone -da -Dplatformhome=DORACLE~1MIDDLE~1WLSERV~13 -Dwlshome=DORACLE~1MIDDLE~1WLSERV~13server -Dweblogichome=DORACLE~1MIDDLE~1WLSERV~13server -Djpsappcredentialoverwriteallowed=true -Dcommoncomponentshome=DORACLE~1MIDDLE~1ORACLE~1 -Djrfversion=1111 -DorgapachecommonsloggingLog=orgapachecommonsloggingimplJdk14Logger -Ddomainhome=DORACLE~1MIDDLE~1JDEVEL~1SYSTEM~192DEFAUL~1 -Djrockitoptfile=DORACLE~1MIDDLE~1ORACLE~1modulesoraclejrf_1111jrocket_optfiletxt -Doracleserverconfigdir=DORACLE~1MIDDLE~1JDEVEL~1SYSTEM~192DEFAUL~1configFMWCON~1serversDefaultServer -Doracledomainconfigdir=DORACLE~1MIDDLE~1JDEVEL~1SYSTEM~192DEFAUL~1configFMWCON~1 -Digfarisidbeanscarmlloc=DORACLE~1MIDDLE~1JDEVEL~1SYSTEM~192DEFAUL~1configFMWCON~1carml -Digfarisidstackhome=DORACLE~1MIDDLE~1JDEVEL~1SYSTEM~192DEFAUL~1configFMWCON~1arisidprovider -Doraclesecurityjpsconfig=DORACLE~1MIDDLE~1JDEVEL~1SYSTEM~192DEFAUL~1configfmwconfigjps-configxml -Doracledeployedappdir=DORACLE~1MIDDLE~1JDEVEL~1SYSTEM~192DEFAUL~1serversDefaultServertmp_WL_user -Doracledeployedappext=- -DweblogicalternateTypesDirectory=DORACLE~1MIDDLE~1ORACLE~1modulesoracleossoiap_1111DORACLE~1MIDDLE~1ORACLE~1modulesoracleoamprovider_1111 -Djavaprotocolhandlerpkgs=oraclemdsnetprotocol -DweblogicjdbcremoteEnabled=false -Dwsmrepositorypath=DORACLE~1MIDDLE~1JDEVEL~1SYSTEM~192DEFAUL~1oraclestoregmds -Dweblogicmanagementdiscover=true -DwlwiterativeDev= -DwlwtestConsole= -DwlwlogErrorsToConsole= -Dweblogicextdirs=DORACLE~1MIDDLE~1patch_wls1035profilesdefaultsysext_manifest_classpathDORACLE~1MIDDLE~1patch_jdev1111profilesdefaultsysext_manifest_classpath weblogicServer

ltMar 16 2012 95054 PM PDTgt ltInfogt ltSecuritygt ltBEA-090905gt ltDisabling CryptoJ JCE Provider self-integrity check for better startup performance To enable this check specify -DweblogicsecurityallowCryptoJDefaultJCEVerification=truegt

ltMar 16 2012 95054 PM PDTgt ltInfogt ltSecuritygt ltBEA-090906gt ltChanging the default Random Number Generator in RSA CryptoJ from ECDRBG to FIPS186PRNG To disable this change specify -DweblogicsecurityallowCryptoJDefaultPRNG=truegt

ltMar 16 2012 95055 PM PDTgt ltInfogt ltWebLogicServergt ltBEA-000377gt ltStarting WebLogic Server with Java HotSpot(TM) Client VM Version 191-b02 from Sun Microsystems Incgt



ltMar 16 2012 95055 PM PDTgt ltInfogt ltManagementgt ltBEA-141107gt ltVersion WebLogic Server 10350 Fri Apr 1 202006 PDT 2011 1398638 gt

ltMar 16 2012 95057 PM PDTgt ltNoticegt ltWebLogicServergt ltBEA-000365gt ltServer state changed to STARTINGgt

ltMar 16 2012 95057 PM PDTgt ltInfogt ltWorkManagergt ltBEA-002900gt ltInitializing self-tuning thread poolgt

ltMar 16 2012 95057 PM PDTgt ltNoticegt ltLog Managementgt ltBEA-170019gt ltThe server log file DOracle11gMiddlewarejdevelopersystem11116386192DefaultDomainserversDefaultServerlogsDefaultServerlog is opened All server side log events will be written to this filegt

ltMar 16 2012 95108 PM PDTgt ltNoticegt ltSecuritygt ltBEA-090082gt ltSecurity initializing using security realm myrealmgt

Mar 16 2012 95114 PM oracleodsvirtualizationengineutilVDELogger info

INFO ConfigObjectReloaded for ServerConfig PreviousVersion -1 CurrentVersion 0


INFO Notification event sent for activating changes


INFO AdaptersConfig MBean reloaded


INFO Notification sent for AdaptersConfig MBean reloaded


INFO Notification sent for Mapping config object reloaded













ltMar 16 2012 95122 PM PDTgt ltNoticegt ltWebLogicServergt ltBEA-000365gt ltServer state changed to STANDBYgt


ltMar 16 2012 95204 PM PDTgt ltNoticegt ltLog Managementgt ltBEA-170027gt ltThe Server has established connection with the Domain level Diagnostic Service successfullygt

ltMar 16 2012 95204 PM PDTgt ltNoticegt ltWebLogicServergt ltBEA-000365gt ltServer state changed to ADMINgt

ltMar 16 2012 95205 PM PDTgt ltNoticegt ltWebLogicServergt ltBEA-000365gt ltServer state changed to RESUMINGgt

ltMar 16 2012 95205 PM PDTgt ltNoticegt ltServergt ltBEA-002613gt ltChannel Default is now listening on 1270017101 for protocols iiop t3 ldap snmp httpgt

ltMar 16 2012 95205 PM PDTgt ltNoticegt ltWebLogicServergt ltBEA-000331gt ltStarted WebLogic Admin Server DefaultServer for domain DefaultDomain running in Development Modegt

ltMar 16 2012 95205 PM PDTgt ltNoticegt ltWebLogicServergt ltBEA-000365gt ltServer state changed to RUNNINGgt

ltMar 16 2012 95205 PM PDTgt ltNoticegt ltWebLogicServergt ltBEA-000360gt ltServer started in RUNNING modegt

IntegratedWebLogicServer startup time 74437 ms

IntegratedWebLogicServer started

[Running application HelloWorldJaxWS on Server Instance IntegratedWebLogicServer]

[095206 PM] ---- Deployment started ----

[095206 PM] Target platform is (Weblogic 103)

[095208 PM] Retrieving existing application information

[095208 PM] Running dependency analysis

[095208 PM] Deploying 2 profiles

[095209 PM] Wrote Web Application Module to DOracle11gMiddlewarejdevelopersystem11116386192oj2eedrsHelloWorldJaxWSHelloWorldWebAppwar

[095210 PM] Wrote Enterprise Application Module to DOracle11gMiddlewarejdevelopersystem11116386192oj2eedrsHelloWorldJaxWS

[095210 PM] Deploying Application

[095213 PM] Application Deployed Successfully

[095213 PM] The following URL context root(s) were defined and can be used as a starting point to test your application



[095213 PM] http1270017101HelloWorldJaxWS-HelloWorld-context-root

[095213 PM] Elapsed time for deployment 6 seconds

[095213 PM] ---- Deployment finished ----

Run startup time 6609 ms

[Application HelloWorldJaxWS deployed to Server Instance IntegratedWebLogicServer]

Target URL -- http1270017101HelloWorldJaxWS-HelloWorld-context-rootHelloWorldPort



Oracle Web Services Manager

March 2012

Author Prakash Yamuna

Oracle Corporation

World Headquarters

500 Oracle Parkway

Redwood Shores CA 94065

USA

Worldwide Inquiries

Phone +16505067000

Fax +16505067200

oraclecom

Copyright copy 2011 Oracle andor its affiliates All rights reserved This document is provided for

information purposes only and the contents hereof are subject to change without notice This

document is not warranted to be error-free nor subject to any other warranties or conditions whether

expressed orally or implied in law including implied warranties and conditions of merchantability or

fitness for a particular purpose We specifically disclaim any liability with respect to this document and

no contractual obligations are formed either directly or indirectly by this document This document may

not be reproduced or transmitted in any form or by any means electronic or mechanical for any

purpose without our prior written permission

Oracle is a registered trademark of Oracle Corporation andor its affiliates Other names may be

trademarks of their respective owners

0109



Table of Contents Use Case 4

Description 4

Objective 4

Software Requirements 4

Prerequisites 4

Verified Product Version 4

Potentially Applies to Product Version(s) 4

Download Main Page 4

Product URLs 5

Step by Step Instructions 6

Install Location 6

Create HelloWorld POJO JAX-WS Application 7

Attach Message protection OWSM Security Policy 18

Creating Keystore and Credentials 22

Configuring Integrated WLS Server to enable enforcing Message protection Policy 23

Copying the Keystore under the right location for Integrated WLS Server 25

Verifying jps-configxml in Default Domain 26

Creating Credentials required for Keystore access 27

Relationship between Keystore Credential Store jps-configxml 29

Testing with SOAP UI 30

Create SOAP UI Project 30

Create WS-Security Configurations 33

Add KeystoreCertificates 34

Add Outgoing WS-Security Configurations 36




Appendix 47




Use Case

Description



Objective




JAX-WS




Prerequisites



JDeveloper

2 SOAP UI Pro 401



1 WebLogic 1036

2 SOA 11116

3 JDeveloper 11116



1 WebLogic 1033 1034 1035 1036

2 SOA 11114 11115 11116

Download Main Page




Product URLs



Password welcome1





Install Location











































package helloworld


public HelloWorld()

super()









return Hello + str
























seen in Figure 19






location







Figure 20

















3600














following messages





Using port 7101




























































Figure 35






































Element











































Appendix






Using port 7101














java version 160_24








































































March 2012


Oracle Corporation

World Headquarters

500 Oracle Parkway


USA

Worldwide Inquiries

Phone +16505067000

Fax +16505067200

oraclecom











0109




Appendix 47




Use Case

Description



Objective




JAX-WS




Prerequisites



JDeveloper

2 SOAP UI Pro 401



1 WebLogic 1036

2 SOA 11116

3 JDeveloper 11116



1 WebLogic 1033 1034 1035 1036

2 SOA 11114 11115 11116

Download Main Page




Product URLs



Password welcome1





Install Location











































package helloworld


public HelloWorld()

super()









return Hello + str
























seen in Figure 19






location







Figure 20

















3600














following messages





Using port 7101




























































Figure 35






































Element











































Appendix






Using port 7101














java version 160_24








































































March 2012


Oracle Corporation

World Headquarters

500 Oracle Parkway


USA

Worldwide Inquiries

Phone +16505067000

Fax +16505067200

oraclecom











0109



Use Case

Description



Objective




JAX-WS




Prerequisites



JDeveloper

2 SOAP UI Pro 401



1 WebLogic 1036

2 SOA 11116

3 JDeveloper 11116



1 WebLogic 1033 1034 1035 1036

2 SOA 11114 11115 11116

Download Main Page




Product URLs



Password welcome1





Install Location











































package helloworld


public HelloWorld()

super()









return Hello + str
























seen in Figure 19






location







Figure 20

















3600














following messages





Using port 7101




























































Figure 35






































Element











































Appendix






Using port 7101














java version 160_24








































































March 2012


Oracle Corporation

World Headquarters

500 Oracle Parkway


USA

Worldwide Inquiries

Phone +16505067000

Fax +16505067200

oraclecom











0109



Product URLs



Password welcome1





Install Location











































package helloworld


public HelloWorld()

super()









return Hello + str
























seen in Figure 19






location







Figure 20

















3600














following messages





Using port 7101




























































Figure 35






































Element











































Appendix






Using port 7101














java version 160_24








































































March 2012


Oracle Corporation

World Headquarters

500 Oracle Parkway


USA

Worldwide Inquiries

Phone +16505067000

Fax +16505067200

oraclecom











0109




Install Location











































package helloworld


public HelloWorld()

super()









return Hello + str
























seen in Figure 19






location







Figure 20

















3600














following messages





Using port 7101




























































Figure 35






































Element











































Appendix






Using port 7101














java version 160_24








































































March 2012


Oracle Corporation

World Headquarters

500 Oracle Parkway


USA

Worldwide Inquiries

Phone +16505067000

Fax +16505067200

oraclecom











0109





































package helloworld


public HelloWorld()

super()









return Hello + str
























seen in Figure 19






location







Figure 20

















3600














following messages





Using port 7101




























































Figure 35






































Element











































Appendix






Using port 7101














java version 160_24








































































March 2012


Oracle Corporation

World Headquarters

500 Oracle Parkway


USA

Worldwide Inquiries

Phone +16505067000

Fax +16505067200

oraclecom











0109









return Hello + str
























seen in Figure 19






location







Figure 20

















3600














following messages





Using port 7101




























































Figure 35






































Element











































Appendix






Using port 7101














java version 160_24








































































March 2012


Oracle Corporation

World Headquarters

500 Oracle Parkway


USA

Worldwide Inquiries

Phone +16505067000

Fax +16505067200

oraclecom











0109
























seen in Figure 19






location







Figure 20

















3600














following messages





Using port 7101




























































Figure 35






































Element











































Appendix






Using port 7101














java version 160_24








































































March 2012


Oracle Corporation

World Headquarters

500 Oracle Parkway


USA

Worldwide Inquiries

Phone +16505067000

Fax +16505067200

oraclecom











0109





location







Figure 20

















3600














following messages





Using port 7101




























































Figure 35






































Element











































Appendix






Using port 7101














java version 160_24








































































March 2012


Oracle Corporation

World Headquarters

500 Oracle Parkway


USA

Worldwide Inquiries

Phone +16505067000

Fax +16505067200

oraclecom











0109




Figure 20

















3600














following messages





Using port 7101




























































Figure 35






































Element











































Appendix






Using port 7101














java version 160_24








































































March 2012


Oracle Corporation

World Headquarters

500 Oracle Parkway


USA

Worldwide Inquiries

Phone +16505067000

Fax +16505067200

oraclecom











0109














3600














following messages





Using port 7101




























































Figure 35






































Element











































Appendix






Using port 7101














java version 160_24








































































March 2012


Oracle Corporation

World Headquarters

500 Oracle Parkway


USA

Worldwide Inquiries

Phone +16505067000

Fax +16505067200

oraclecom











0109













following messages





Using port 7101




























































Figure 35






































Element











































Appendix






Using port 7101














java version 160_24








































































March 2012


Oracle Corporation

World Headquarters

500 Oracle Parkway


USA

Worldwide Inquiries

Phone +16505067000

Fax +16505067200

oraclecom











0109
























































Figure 35






































Element











































Appendix






Using port 7101














java version 160_24








































































March 2012


Oracle Corporation

World Headquarters

500 Oracle Parkway


USA

Worldwide Inquiries

Phone +16505067000

Fax +16505067200

oraclecom











0109




































Element











































Appendix






Using port 7101














java version 160_24








































































March 2012


Oracle Corporation

World Headquarters

500 Oracle Parkway


USA

Worldwide Inquiries

Phone +16505067000

Fax +16505067200

oraclecom











0109










































Appendix






Using port 7101














java version 160_24








































































March 2012


Oracle Corporation

World Headquarters

500 Oracle Parkway


USA

Worldwide Inquiries

Phone +16505067000

Fax +16505067200

oraclecom











0109








java version 160_24








































































March 2012


Oracle Corporation

World Headquarters

500 Oracle Parkway


USA

Worldwide Inquiries

Phone +16505067000

Fax +16505067200

oraclecom











0109





































































March 2012


Oracle Corporation

World Headquarters

500 Oracle Parkway


USA

Worldwide Inquiries

Phone +16505067000

Fax +16505067200

oraclecom











0109

Oracle Web Service Manager 11€¦ · Message Protection Policy in WLS using Oracle Web Services...

Documents

Transcript of Oracle Web Service Manager 11€¦ · Message Protection Policy in WLS using Oracle Web Services...