Skip to main content
Skip table of contents

Using UsernameToken Security Action

This section demonstrates the capability of WSStub and WSConsumer (4.0) to send/receive secured SOAP messages using UsernameToken Web Service Security action.

Scenario

Expose a simple Web Service using WSStub. Using the UsernameToken WS-Security mechanism, configure the WSStub component to ascertain the identity of the sender (WebserviceConsumer 4.0) of SOAP requests. Similarly, using the UsernameToken mechanism, configure the WebserviceConsumer component to check the identity of the sender (WSStub) of SOAP responses.

Components used

Setting up the Example

Using Password Callback Class

Password Callback Class is required for the UsernameToken security function to specify a password for the username as well as for private keys in the keystore. Private keys will be used to sign and/or decrypt a message. To specify the password, an implementation of javax.security.auth.callback.CallbackHandler is needed. A fully qualified class name for this implementation should be provided in CPS.

Refer Creating Password Callback Class handler to create a Password Callback Class.

Configuring WSStub component

When WSStub receives a message secured by UsernameToken, it will verify the username and password. To verify, the UsernameToken action must be enabled in the WSStub Configuration Property Sheet (CPS). To configure WSStub component, perform the following action in eStudio:

  1. Add a new Event Process with the name 'WSSecurity_Example'.
  2. Drag the WSStub component from the WebService category in the Micro Service Palette to the Fiorano Orchestrator.


    Figure 1: Adding WSStub component to Fiorano Orchestrator
     
  3. Double-click the WSStub component in the orchestrator to open Configuration Property Sheet (CPS).
  4. In the Configuration screen, click WSDL Configuration button


    Figure 2: WSDL Configuration
     
  5. In the WSDL Configuration dialog box, select Auto_created_Operataion present in the left pane to enable input (request) and output (response).


    Figure 3: Selecting Auto_created_Operation
     
  6. Under Input tab, perform the below actions:
    1. Click Add button to add Name 'PartName1'.
    2. Click the Ellipsis button to open Select Type/Element dialog box. Select the string option to configure the WSStub component to send a string message and then click OK.


      Figure 4: Adding Input attributes under Auto_created_Opretaion
       
  7. Perform the same actions (as performed under the Input tab) under Output tab to add a part 'PartName1' and 'string' under Name and Type/Element respectively and click OK in the WSDL Configuration dialog box.

    Fiorano Mapper will be used to configure Route Transformation between Input and Output. This is explained in Configuring Route Transformation section.

  8. Click Next to navigate to Security Configuration screen. Under WS-Security Configuration section, click WS-Security button to configure WS-Security settings.


    Figure 5: Security Configuration
     

  9. In the Request WS-Security tab, perform the following actions:
    1. Under Security Actions section, select Username Token check box.
    2. In Password Callback Class under Username Token section, provide the class name (PWCallback; refer to the Creating Password Callback Class handler).

      If the class has a package, then provide absolute class, that is, if the password Callback Class name is 'PWCallback' in the package com.wsSecurity package, then the absolute class name is 'com.wsSecurity.PWCallback'. This class will provide the necessary password which will then be added along with the User in the Security Header of the message.


      Figure 6: Security settings in Request WS-Security

      • Other actions such as the following can also be used:
        • Encryption action as illustrated in the example Using Encrypt Security Action.
        • A Timestamp value can be added to Request/Response to carry Created and Expires values indicating when a request or response is created and when it will expire. While adding a timestamp to the security header, the Created element will have the current time in GMT, and the Expires element will have the current time + time to live in GMT.
        • Signature configuration is similar to that of Encryption. Here, the client should have a keystore that has its private key, and the server should have a keystore with the client’s public key in it.
      • When more than one action is chosen, the order of actions can be managed by selecting the action and using the scroll buttons on the right side.


  10. In the Response WS-Security tab, select Username Token check box under Security Actions section to enable Username Token security action and then provide the following values:

    1. User: Username that has to be used in the Username token security function.
    2. Password Callback Class: Provide the class name (PWCallback; refer to the Creating Password Callback Class handler section).
    3. Password Type: Provide 'PasswordText' for a plain text password to be sent in the message (as a Password Callback class is provided). If a password is not required, provide 'PasswordNone'.


      Figure 7: Security settings in Response WS-Security
       

  11. Click OK to save WS-Security settings and click Finish to save WSStub component configuration.

  12. In the three ports that get generated after WSStub configuration, connect the output port 'REQUEST' to the input port 'RESPONSE'.


    Figure 8: Connecting WSStub output port to input port

Configuring Route Transformation

To configure the transformation between the input and output port, perform the following actions in the Fiorano Orchestrator:

  1. Right-click route1, point to Configure Transformation, and select Mapper Project to open the Fiorano Mapper editor.


    Figure 9: Opening Mapper Project editor
     
  2. In the Output Structures panel in Mapper Project, click PartName1 element as it appears in Funclet View.


    Figure 10: Adding PartName1 to Funclet View
     
  3. In the Funclet View panel, drag the function element Constant to the Funclet easel and double-click it to change the name to 'Secure_ACK' to give logical meaning to the scenario (acknowledgement message of a secured message received).


    Figure 11: Adding Constant and renaming it
     
  4. Connect the Source node of the constant 'Secure_ACK' to the destination node of PartName1.


    Figure 12: Connecting the Constant with PartName1
     
  5. Click Save icon (or File >Save) to save the transformation configuration and close the Mapper Project editor.

Launching Web Service

To launch the webservice, perform the following actions:

  1. Click Check Resource and Connectivity icon (or press ALT+SHIFT+C) to check resource and connectivity.
  2. Click Run Event Process icon (ALT+SHIFT+R).
  3. Right-click WSStub component and click Copy WSDL URL to copy the URL to the clipboard, which is used in the next section.


    Figure 13: Copying WSDL URL to clipboard

Configuring WebSeriveConsumer component

Setting up the Security Configurations in WebServiceConsumer component, corresponding to the WSStub security configurations, is essential to access the webservice. To configure the component, perform the following actions:

  1. Drag the WebserviceConsumer component from the WebService category in the Micro Service Palette to the Fiorano Orchestrator.


    Figure 14: Adding WebServiceConsumer to Orchestrator
     
  2. Double-click the WebserviceConsumer component in the orchestrator to open Configuration Property Sheet (CPS).
  3. In the Managed Connection Factory, click WSDL Ellipsis button. In Wsdl dialog box, paste the copied WSDL URL in the URL text field and click OK.


    Figure 15: Pasting the copied WSDL URL
     
  4. Click Next. In the Interaction Configurations page, click WebService Operation ellipsis button and select the operation with the prefix 'Auto_created_Operation' from OperationName dialog box. Click OK to configure Web Service Security settings.


    Figure 16: Selecting Auto created operation
     
  5. To verify username and password, the UsernameToken action must be enabled in WSConsumer too (as configured in WSStud). So, scroll down the screen and provide the following values under Security – Request section:
    1. UsernameToken WS-Security (Request): Select this check box to enable adding the respective action to security header.
    2. UserPassword Callback class (Request) and Password type: Same values as used in the Response WS-Security section mentioned in the WSStub Configuration section, that is, fiorano, PWCallback, and PasswordText respectively.

      Specify the Order of UsernameToken (Request) when more actions are enabled.


      Figure 17: Security Request settings
       

  6. Scroll further down the screen and provide the following values under Security – Response section:
    1. Select UsernameToken WS-Security (Response) check box.
    2. Password Callback Class (Response):  Same value as used in Password Callback class (Request) section above, that is, PWCallback .
    3. Select Is Password Required checkbox.


      Figure 18: Security Response settings
       
  7. Click Finish in the Interaction Configurations panel to save WebServiceConsumer component configuration.

Composing the Event Process and Configuring the Feeder component

Drag a Feeder component and Display component from Util category in the Micro Service Palette to the WSSecurity_Example Fiorano Orchestrator.

  1. Connect the components in the below manner:
    1. Feeder output port to WebServiceConsumer input port.
    2. WebServiceConsumer output port to Display input port.


      Figure 19: Connecting Feeder and Display to WebServiceConsumer component
       
  2. Double-click Feeder component and perform the following actions to configure it:
    1. In the Message Type Configuration page, retain Output Message Format option as 'XML' and click the Connected Port Schemas button.
    2. In the Connected ports dialog box, select IN_PORT to enable connection between the output port of Feeder and input port of WebServiceConsumer component. Click OK and then click Next.

      Schema appears in the Message Type Configuration panel after connecting the ports in the Connected ports pop-up window.


      Figure 20: Enabling connection between input and output ports
       

    3. In the Message Details Configuration page, click the Generate Sample button to load sample input.
    4. Under No.of Repeatable elements to be generated section in the XSD Sample Generation Dialog window, replace max value '3' with '1' so that only one output is generated, and click OK.


      Figure 21: Reducing maximum number of output to '1'
       
  3. Click Finish to save the Feeder configuration.


    Figure 22: Loading Sample Input

Running the Example

To run the example, perform the following actions in the WSSecurity_Example event process:

  1. Click the Synchronize Event Process icon to apply the modifications made to the event process that is already running. Two windows get opened for Feeder and Display components.
     
  2. In the Feeder, click the Send button to send the message "Input".


    Figure 23: Sending a message from Feeder
     
  3. In the Display window, click the second tab at the lower-left part of the window.
    UsernameToken header indicates that Username Token security action is enabled on response in WSStub with the username and password configured and that WebserviceConsumer authenticates using values provided under Security-Response. PartName1 'SecureACK' can also be found.


    Figure 24: Message received in Display with the UsernameToken header and PartName1

Reference

Please note that the component options used in this example are specific to WS-Security. To explore other options present in WSStub and WebServiceConsumer components, refer to the sections WSStub and WebServiceConsumer4.0 respectively.


JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.