Configuring Message-Level Security 2-111
print found exsiting bean for: + cpName Create credential provider for DK
cpName=default_dk_cp wtm=defaultWss.lookupWebserviceCredentialProvidercpName
if wtm == None: wtm = defaultWss.createWebserviceCredentialProvidercpName
wtm.setClassNameweblogic.wsee.security.wssc.v13.
dk.DKCredentialProvider
wtm.setTokenTypedk cpm = wtm.createConfigurationPropertyLabel
cpm.setValueWS-SecureConversationWS-SecureConversation cpm = wtm.createConfigurationPropertyLength
cpm.setValue16 else:
print found exsiting bean for: DK + cpName :
2.23.6 Revised configWss_Service.py
The configWss_Service.py script is similar to configWss.py, but it is used only when the source and destination Web service are hosted in two servers.
The configWss_Service.py file is the same as that in WL_ HOME
\samples\server\examples\src\examples\webservices\wsrm_ security\configWss_Service.py, with the changes shown in bold. The
build.xml file provides the command input.
Example 2–32 configWss_Service.py
: Create credential provider for SCT
cpName=default_sct_cp wtm=defaultWss.lookupWebserviceCredentialProvidercpName
if wtm == None: print creating new webservice credential provider : + cpName
wtm = defaultWss.createWebserviceCredentialProvidercpName wtm.setClassNameweblogic.wsee.security.wssc.
v13.sct.ServerSCCredentialProvider
wtm.setTokenTypesct cpm = wtm.createConfigurationPropertyTokenLifeTime
cpm.setValue43200000 else:
print found exsiting bean for: + cpName
Create credential provider for DK cpName=default_dk_cp
wtm=defaultWss.lookupWebserviceCredentialProvidercpName if wtm == None:
wtm = defaultWss.createWebserviceCredentialProvidercpName wtm.setClassNameweblogic.wsee.security.wssc.v13.dk.
DKCredentialProvider
wtm.setTokenTypedk cpm = wtm.createConfigurationPropertyLabel
cpm.setValueWS-SecureConversationWS-SecureConversation cpm = wtm.createConfigurationPropertyLength
Note: Long lines in this script have been formatted for readability.
2-112 Securing WebLogic Web Services for Oracle WebLogic Server
cpm.setValue16 else:
print found existing bean for: DK + cpName :
2.23.7 Building and Running the Example
After you have changed the example to use the new policy namespace, follow the steps in the WL_
HOME \samples\server\examples\src\examples\webservices\wsrm_
security\instructions.html file to build and run the example. There are no changes needed to these steps.
2.24 Securing Web Services Atomic Transactions
When using Web services atomic transactions, as described in Using Web Services Atomic Transactions in Programming Advanced Features of JAX-WS Web Services for
Oracle WebLogic Server, it is recommended that you secure the application message headers that contain the coordination context and IssuedTokens using one of the
following predefined policies:
■
Wssp1.2-2007-SignAndEncryptWSATHeaders.xml—Specifies that the WS-AtomicTransaction headers are signed and encrypted.
■
Wssp1.2-2007-Wsp1.5-SignAndEncryptWSATHeaders.xml—Specifies that the WS-AtomicTransaction headers are signed and encrypted. Web Services Policy 1.5
is used.
You can attach policies using one of the following methods:
■
At design time, using the Policy and Policies annotations, as described in Section 2.6, Example of Adding Security to a JAX-WS Web Service
.
■
At deployment time, using the WebLogic Server Administration Console, as described in
Section 2.10, Associating Policy Files at Runtime Using the Administration Console
. The following example shows how to secure a Web services atomic transaction
programmatically, using the Policy and Policies annotations. Relevant code is shown in bold.
package jaxws.interop.rsp; ...
import javax.jws.WebService; import javax.xml.ws.BindingType;
import weblogic.wsee.wstx.wsat.Transactional;
import weblogic.wsee.wstx.wsat.Transactional.TransactionalFlowType; Note:
Because header encryption is available as part of the WS-Security 1.1 standard, it is highly recommended that you use only
WS-Security 1.1 binding policies in conjunction with the policies listed above to secure the application request messages. WS-Security 1.1
binding policies contain sp:Wss11 assertion in the policy and -Wss1.1 in the predefined policy name. If WS-Security 1.0 policies are
used, WebLogic Server encrypts the header into WS-Security 1.0 non-standard format.