Parlay X Web Services Architecture 18-3 Example 18–1 Web Service Client Security import oracle.sdp.parlayx.presence.consumer.PresenceConsumerClient; ... MapString, Object config = new HashMapString, Object; config.putjavax.xml.ws.BindingProvider.ENDPOINT_ADDRESS_PROPERTY, owlcs_url; config.putoracle.sdp.parlayx.ParlayXConstants.POLICIES, new String[] {oraclewss11_saml_token_with_message_protection_client_policy}; config.putjavax.xml.ws.BindingProvider.USERNAME_PROPERTY, test.user1; PresenceConsumerClient presenceClient = new PresenceConsumerClientconfig;

18.2.4 Keystore Configuration

In order to use the recommended WS-Security policy, you must configure a keystore containing the public and private key information required by OWSM. Refer to Configuring the Credential Store Using WLST in Oracle Fusion Middleware Securing WebLogic Web Services for Oracle WebLogic Server for information on how to configure the keystore and corresponding credential store entries. ■ If both your web service client and OWLCS server are in the same domain, then they share a keystore and credential store. ■ If your web service client and OWLCS server are in different domains, then you must import the OWLCS public key into your client domains keystore, and must import your client domains public key into the OWLCS keystore.

18.2.5 Client Aliases

When using certain WS-Security policies such as the SAML policy recommended here, the client must use the servers public key to encrypt the web service request. However, there is generally only one keystore configured per domain. Therefore, if you have a domain in which there are web service clients that communicate with web services in multiple other domains, then you may need to override the default keystore entry used by OWSM. For example, if you have a domain in which application A is a web service client to a SOA web service, and application B is a web service client to an OWLCS web service, then As requests must be encrypted using the public key of the SOA domain, and Bs requests must be encrypted using the public key of the OWLCS domain. You can accomplish this goal by overriding the keystore alias used by OWSM for each request. ■ Import the two server domains public keys into the client domains keystore using different keystore aliases. For example, import the OWLCS public key with alias owlcs_public_key, and the SOA public key with alias soa_public_key. ■ When creating an OWLCS web service client, specify the recipient keystore alias parameter, setting the key to oracle.wsm.security.util.SecurityConstants.Config.KEYSTORE_ oracle.wsm.security.util.SecurityConstan ts.Config.KEYSTORE_RECIPIENT_ALIAS_ PROPERTY String optional keystore alias for target service. See Client Aliases . Table 18–1 Cont. Client security keys Key Type Typical Value 18-4 Oracle WebLogic Communications Server Administration Guide RECIPIENT_ALIAS_PROPERTY and the value to owlcs_public_key as shown in Example 18–2 . Example 18–2 Client Aliases import oracle.sdp.parlayx.presence.consumer.PresenceConsumerClient; ... MapString, Object config = new HashMapString, Object; config.putjavax.xml.ws.BindingProvider.ENDPOINT_ADDRESS_PROPERTY, owlcs_url; config.putoracle.sdp.parlayx.ParlayXConstants.POLICIES, new String[] {oraclewss11_saml_token_with_message_protection_client_policy}; config.putjavax.xml.ws.BindingProvider.USERNAME_PROPERTY, test.user1; config.putoracle.wsm.security.util.SecurityConstants.Config.KEYSTORE_RECIPIENT_ ALIAS_PROPERTY, owlcs_public_key PresenceConsumerClient presenceClient = new PresenceConsumerClientconfig; ■ The SOA or other web service client will similarly need to override the keystore alias, but the exact mechanism may differ. For example if using a JAX-WS client stub directly, then you can add the override property to the JAX-WS request context. See Policy Configuration Overrides for the Web Service Client in Oracle Fusion Middleware Securing WebLogic Web Services for Oracle WebLogic Server for more details.

18.3 Installing the Web Services

The Web services are packaged as a standard .ear file and can be deployed the same as any other Web services through Enterprise Manager. The .ear file contains two .war files that implement the two interfaces. The web services are dependent on the following shared libraries: oracle.sdp.client, oracle.sdp.platform, oracle.sdp.presencecommons. Your client applications need to import and be compiled against the oracle.sdp.client shared library that is provided with OWLCS. This consists of importing parlayx.jar into your projects. In addition to compiling against the oracle.sdp.client shared library, this shared library should also be available in the target runtime environment that is, oracle.sdp.client is deployed as a shared library in your target Weblogic Server. In addition to the shared library above, the OWLCS installation contains war files for the notification Web services. These war files contain all the necessary jar files that developers need to import to enable notification for the different Web services: ■ messagingwsnotification-version.war – deployable war file that contains jars that should be imported when building a client intends to receive notifications for message delivery status and message reception. This war should also be deployed along with the client application in order for the OWLCS server to be able to invoke the messaging notification Web service. ■ presencewsnotification-version.war – deployable war file that contains jars that should be imported when building a client intends to receive notifications for presence status changes. This war should also be deployed along with the client application so that the OWLCS server can invoke the presence notification Web service.