2-30 Securing WebLogic Web Services for Oracle WebLogic Server
Stub stub = Stub port; String sts = https:stsserverstandaloneSTSsamlSTS;
stub._setPropertyweblogic.wsee.jaxrpc.WLStub.WST_STS_ENDPOINT_ON_SAML, sts;
The following code example demonstrates setting the STS URI for SAML on a client stub under JAX-WS.
String wsdl = http:myserverwsssecuredservice?wsdl; WsSecuredService service = new WsSecuredService_Implwsdl;
String sts = https:stsserverstandaloneSTSsamlSTS; WsscSecured port = service.getWsSecuredSoapPort;
BindingProvider provider = BindingProvider port; Map context = provider.getRequestContext;
context.putweblogic.wsee.jaxrpc.WLStub.WST_STS_ENDPOINT_ON_SAML, sts
2.8.2.4 Configuring STS URI Using WLST: Client On Server Side
Example 2–6 demonstrates using the WebLogic Scripting Tool WLST to create a
credential provider for the WS-Trust client and then configuring the STS URI, as indicated by bold text.
The provider class name can be one of the following:
■
weblogic.wsee.security.wssc.v200502.sct.ClientSCCredentialProvi der
■
weblogic.wsee.security.wssc.v13.sct.ClientSCCredentialProvider
■
weblogic.wsee.security.saml.SAMLTrustCredentialProvider
Example 2–6 Configuring STS URI Using WLST
userName = sys.argv[1] passWord = sys.argv[2]
host = sys.argv[3]+:+sys.argv[4] sslhost = sys.argv[3]+:+sys.argv[5]
url=t3:+ host connectuserName, passWord, url edit
startEdit defaultWss = cmo.lookupWebserviceSecuritydefault_wss
Create credential provider for SCT Trust Client wtm = defaultWss.createWebserviceCredentialProvidertrust_client_sct_cp
wtm.setClassNameweblogic.wsee.security.wssc.v13.sct.ClientSCCredentialProvider wtm.setTokenTypesct_trust
cpm = wtm.createConfigurationPropertyStsUri cpm.setValuehttps: + sslhost + standaloneSTSwssc13STS
save activateblock=true
disconnect exit
2.8.2.5 Configuring STS URI Using Console: Client On Server Side
Configuring the STS URI through the WebLogic Server Administration Console allows the decision about which URI to use to be made at runtime, and not during the Web
service development cycle.
Follow these steps to configure the STS URI through the Console:
1.
Create a Web services security configuration, as described in the Oracle WebLogic Server Administration Console Help. This creates an empty configuration.
Configuring Message-Level Security 2-31
2.
Edit the Web services security configuration to create a credential provider, as described in the Oracle WebLogic Server Administration Console Help:
■
On the Create Credential Provider tab, enter the following:
– A provider name, which is your name for this MBean instance.
– The provider class name, which can be
weblogic.wsee.security.wssc.v200502.sct.ClientSCCredentialProvider or
weblogic.wsee.security.wssc.v13.sct.ClientSCCredentialProvider or
weblogic.wsee.security.saml.SAMLTrustCredentialProvider
– The token type, which is a short name to identify the token. For example,
sct or saml.
3.
Select Next.
4.
Enter the namevalue pairs for the STS URI.
5.
Select Finish.
6.
On the Security Configuration General tab, set the value of the Default Credential Provider STS URI.
The Default Credential Provider STS URL is the default STS endpoint URL for all WS-Trust enabled credential providers of this Web service security configuration.
2.8.2.6 Configuring STS Security Policy: Standalone Client
The following code example demonstrates setting the STS security policy on a client stub, under JAX-RPC, as indicated in bold.
import weblogic.wsee.message.WlMessageContext; . . .
String wsdl = http:myserversamlsecuredservice?wsdl; SamlSecuredService service = new SamlSecuredService_Implwsdl;
SamlSecured port = service.getSamlSecuredSoapPort; Stub stub = Stub port;
InputStream policy = loadPolicy; stub._setPropertyWlMessageContext.WST_BOOT_STRAP_POLICY, policy;
The following code example demonstrates setting the STS security policy on a client stub, under JAX-WS, as indicated in bold.
import weblogic.wsee.message.WlMessageContext; . . .
String wsdl = http:myserverwsssecuredservice?wsdl; WsSecuredService service = new WsSecuredService_Implwsdl;
WsscSecured port = service.getWsSecuredSoapPort; BindingProvider provider = BindingProvider port;
Map context = provider.getRequestContext; InputStream policy = loadPolicy;
context._setPropertyWlMessageContext.WST_BOOT_STRAP_POLICY, policy;
2.8.2.7 Configuring STS Security Policy Using WLST: Client On Server Side