Configuring Message-Level Security 2-31
2.
Edit the Web services security configuration to create a credential provider, as described in the Oracle WebLogic Server Administration Console Help:
■
On the Create Credential Provider tab, enter the following:
– A provider name, which is your name for this MBean instance.
– The provider class name, which can be
weblogic.wsee.security.wssc.v200502.sct.ClientSCCredentialProvider or
weblogic.wsee.security.wssc.v13.sct.ClientSCCredentialProvider or
weblogic.wsee.security.saml.SAMLTrustCredentialProvider
– The token type, which is a short name to identify the token. For example,
sct or saml.
3.
Select Next.
4.
Enter the namevalue pairs for the STS URI.
5.
Select Finish.
6.
On the Security Configuration General tab, set the value of the Default Credential Provider STS URI.
The Default Credential Provider STS URL is the default STS endpoint URL for all WS-Trust enabled credential providers of this Web service security configuration.
2.8.2.6 Configuring STS Security Policy: Standalone Client
The following code example demonstrates setting the STS security policy on a client stub, under JAX-RPC, as indicated in bold.
import weblogic.wsee.message.WlMessageContext; . . .
String wsdl = http:myserversamlsecuredservice?wsdl; SamlSecuredService service = new SamlSecuredService_Implwsdl;
SamlSecured port = service.getSamlSecuredSoapPort; Stub stub = Stub port;
InputStream policy = loadPolicy; stub._setPropertyWlMessageContext.WST_BOOT_STRAP_POLICY, policy;
The following code example demonstrates setting the STS security policy on a client stub, under JAX-WS, as indicated in bold.
import weblogic.wsee.message.WlMessageContext; . . .
String wsdl = http:myserverwsssecuredservice?wsdl; WsSecuredService service = new WsSecuredService_Implwsdl;
WsscSecured port = service.getWsSecuredSoapPort; BindingProvider provider = BindingProvider port;
Map context = provider.getRequestContext; InputStream policy = loadPolicy;
context._setPropertyWlMessageContext.WST_BOOT_STRAP_POLICY, policy;
2.8.2.7 Configuring STS Security Policy Using WLST: Client On Server Side
Example 2–7 demonstrates using WLST to create a credential provider for the default
Web services security configuration, and then configuring the STS security policy, as indicated by bold text. The value for the StsPolicy property must be either a policy
2-32 Securing WebLogic Web Services for Oracle WebLogic Server
included in WebLogic Server see Section 2.16, Using WS-SecurityPolicy 1.2 Policy
Files or a custom policy file in a J2EE library see
Section 2.7, Creating and Using a Custom Policy File
.
Example 2–7 Configuring STS Security Policy Using WLST
userName = sys.argv[1] passWord = sys.argv[2]
host = sys.argv[3]+:+sys.argv[4] sslhost = sys.argv[3]+:+sys.argv[5]
samlstsurl = sys.argv[6] url=t3:+ host
print Connect to the running adminSever connectuserName, passWord, url
edit startEdit
defaultWss = cmo.lookupWebserviceSecuritydefault_wss
Create credential provider for SAML Trust Client wtm = defaultWss.createWebserviceCredentialProvidertrust_client_saml_cp
wtm.setClassNameweblogic.wsee.security.saml.SAMLTrustCredentialProvider wtm.setTokenTypesaml_trust
cpm = wtm.createConfigurationPropertyStsUri cpm.setValuesamlstsurl
cpm = wtm.createConfigurationPropertyStsPolicy
cpm.setValueWssp1.2-2007-Https-UsernameToken-Plain
save activateblock=true
disconnect exit
2.8.2.8 Configuring STS Security Policy: Using the Console
Perform the following steps to configure the STS security policy using the console:
1.
Create a Web services security configuration, as described in the Oracle WebLogic Server Administration Console Help. This creates an empty configuration.
2.
Edit the Web services security configuration to create a credential provider, as described in the Oracle WebLogic Server Administration Console Help:
■
On the Create Credential Provider tab, enter the following:
– A provider name, which is your name for this MBean instance.
– The provider class name, which can be
weblogic.wsee.security.wssc.v200502.sct.ClientSCCredentialProvider or
weblogic.wsee.security.wssc.v13.sct.ClientSCCredentialProvider or
weblogic.wsee.security.saml.SAMLTrustCredentialProvider
– The token type, which is a short name to identify the token. For example,
sct or saml.
3.
Select Next.
4.
Enter the namevalue pairs for the STS policy.
Configuring Message-Level Security 2-33
5.
Select Finish.
2.8.2.9 Configuring the STS SOAP and WS-Trust Version: Standalone Client