Previous
Next


Client-Side Security  Locate

Overview  Locate

You can configure an authentication provider, such as HttpDigest or WS-Security, on the client side.

Setting up an authentication provider for your communication is the first step needed to authenticate a client. You also need to transfer the client identity (or credentials) to the Web service. The next sections show how this is done.

Take into account org.idoox.security.ContextExpiredException in your implementation. You need to catch this exception and repeat the call. The examples below do not need to catch this exception, because the client code is too quick to let the security context expire.

[Caution]Caution

Do not forget to include the java.security.auth.login.config Java property in your scripts. It should point to the file that contains the login module entries used by configured security providers. The java command should look like the following:

java -Djava.security.auth.login.config="$WASP_HOME"/conf/jaas.config ... test.Test

Setting the Initiating Security Provider  Locate

The initiating security provider is used to secure outgoing calls performed by the service client.

Example 10 shows how to set up the initiating security provider and authenticate the service client to use HttpBasic security provider. Modifications for other providers are analogous.

Example 10. Client Authentication: HttpBasic Provider With WaspSecurity

// Copyright 2002 Systinet Corp. All rights reserved.
// Use is subject to license terms.
package example.security;

import org.idoox.security.Credentials;
import org.idoox.wasp.WaspSecurity;
import org.systinet.wasp.Wasp;
import org.systinet.wasp.admin.DeployService;
import org.systinet.wasp.webservice.ServiceClient;


public class ClientAuthentication3 {
    public static void main(String[] args) throws Exception {
        // initialize Wasp
        Wasp.init();

        // create a service client
        ServiceClient serviceClient = ServiceClient.create();

        // acquire credentials using WaspSecurity
        Credentials credentials = WaspSecurity.acquireClientCredentials("admin", 
            "changeit", "HttpBasic");

        // set credentials on the service client using WaspSecurity
        WaspSecurity.setCredentials(serviceClient, new Credentials[]{credentials});

        serviceClient.setWSDLLocation("https://localhost:6443/admin/DeployService");

        // set HttpBasic to be the initiating security provider
        WaspSecurity.setInitiatingProvider(serviceClient, "HttpBasic");

        // create a service proxy
        DeployService deployService = (DeployService) serviceClient.createProxy
            (DeployService.class);

        // authentication is performed in the call
        System.out.println(deployService.getContexts());
    }
}

The code in Example 10 performs the following actions:

  1. Create a service client with ServiceClient.create(...).

  2. Acquire credentials using WaspSecurity.acquireClientCredentials(...)

    The credentials needed for the HttpBasic security provider are created. Name, password and security provider are required. The result of such authentication is a org.idoox.security.Credentials instance that is stored for later use.

    [Note]Note

    WSO2 SOA Enablement Server must be initiated before WaspSecurity.acquireClientCredentials(...) is called. This is most often done by creating the client, as in the example.

  3. Set credentials on the service client using WaspSecurity.setCredentials(...).

    The service client passed as the first parameter will be associated with the credentials passed as the second argument.

  4. Set WSDL location

    Set a WSDL location. The Deploy service is used here as an example. The credentials itself need not to be set before lookup, but it is recommended. If you authenticate before lookup, the credentials can be used for lookup as in the cases of HttpBasic and SSL client authentication.

  5. Set HttpBasic to be the initiating security provider

    All calls performed by the service client from now will be secured using HttpBasic security provider.

  6. Create a service proxy

    The service proxy inherits security settings from the service client.

  7. Authentication is performed in the call

    You must invoke a method to authenticate yourself to the server side. Authentication is performed in the call using the credentials stored for all threads. A string array is returned by the deployService.getContexts() method.

Starting With Java Properties  Locate

You can also start your client application with Java properties that set up client authentication and the authentication mechanism. In Example 11, the client code is not written to include security. If you start the client application with the wasp.userName, wasp.password and wasp.securityMechanism properties, as shown below, the client obtains credentials and sets the security mechanism. If the wasp.securityMechanism property is set, it takes precedence over WSO2 SOA Enablement Server configuration settings.

java -Djava.security.auth.login.config=jaas.config -Dwasp.userName=admin -Dwasp.password=changeit -Dwasp.securityMechanism=HttpBasic examples.security.ClientAuthentication

Example 11. Client Authentication: Defaults Using Java Properties

// Copyright 2002 Systinet Corp. All rights reserved.
// Use is subject to license terms.
package example.security;

import org.systinet.wasp.admin.DeployService;
import org.systinet.wasp.webservice.Registry;


public class ClientAuthentication5 {
    public static void main(String[] args) throws Exception {
        // lookup service
        DeployService deployService =
            (DeployService) Registry.lookup("https://localhost:6443/" + 
                "admin/DeployService",
                DeployService.class);

        // invoke a method
        System.out.println(deployService.getContexts());
    }
}


Previous
Next