21 July 2008

WS-Policy + Weblogic WebServer + Working

Finally a WS-Policy that worked. I was trying to do it in the JBOSS and Tomcat when a thought of using weblogic came to my mind. I used weblogic when it was in 7ish and 8ish versions but now it is in 10ish version. It grew up a lot :-D.

I've seen the whole workshop so simillar to Eclipse, I believe they use eclipse as their base environment and then integrate their own packages into it. When adding servers to your project, it even let you to add Tomcat servers, but no JBOSS (as I believe since JBOSS bought by Red Hat).

I used this helps / tutorials to do the simple project.

(-) http://ws.apache.org/commons/neethi/index.html

this called Neethi, API provided by the apache for using ws-policy with your web services. It is in 2.0.4th version.

http://edocs.beasys.com/wls/docs92/ConsoleHelp/taskhelp/webservices/ConfigureWSPolicyFile.html

This was the main help for me to associate a WS-Policy to a web service. Although it was for the 9th version but it helped a lot and I could figure out what to do. There were some minor changes in steps that I think anyone can get it while reading that.

http://localhost:7001/console/console.portal?_nfpb=true&_pageLabel=AppApplicationSecurityPage&AppApplicationRolesPortlethandle=com.bea.console.handles.AppDeploymentHandle(%22com.bea%3AName%3DtestWSEAR%2CType%3DAppDeployment%22)

This was  the place  that I added policies to the service, the policy is so simple that answer a request in specific time (e.g 2:30:00 PM to 3:00:00PM) and if not in that time the service called the answer would be something like this :




env:Client.Authentication
Access Denied to operation getCustomers

weblogic.wsee.util.AccessException: Access Denied to operation getCustomers
at weblogic.wsee.security.AuthorizationHandler.handleRequest(AuthorizationHandler.java:62)
at weblogic.wsee.handler.HandlerIterator.handleRequest(HandlerIterator.java:123)
at weblogic.wsee.ws.dispatch.server.ServerDispatcher.dispatch(ServerDispatcher.java:85)
at weblogic.wsee.ws.WsSkel.invoke(WsSkel.java:80)
at weblogic.wsee.server.servlet.SoapProcessor.handlePost(SoapProcessor.java:66)
at weblogic.wsee.server.servlet.SoapProcessor.process(SoapProcessor.java:44)
at weblogic.wsee.server.servlet.BaseWSServlet$AuthorizedInvoke.run(BaseWSServlet.java:257)
at weblogic.wsee.server.servlet.BaseWSServlet.service(BaseWSServlet.java:156)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:226)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:124)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:283)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:175)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3395)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(Unknown Source)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2140)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2046)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1366)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:200)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:172)




http://edocs.beasys.com/wls/docs92/ConsoleHelp/taskhelp/webservices/ViewInstalledWebServices.html

with the help of this you can see your web services deployed on your application server.

The nice thing about weblogic server I came up with was the lock & edit function, you could lock in your current status of server, do the changes and when everything satisfactory you are able to assign the changes to the server and services running.

18 July 2008

Web Services, WS-Policy, Implementation

After a talk with my supervisor and getting deeper into WS-Policy, it seems that it is not only for security policies and can represent all other types of policies as well. The formal description of WS-Policy can be found here.

So the problem was to implement a web service and attach a ws-policy to it. I've used to work with JBoss and BEA weblogic workshop but no Tomcat (a little bit). The astonishing thing I found about weblogic was that they were bought by oracle and now you are using oracle bea weblogic workshop. It also provides the simplest way to use WS-Policy with the web services (with this help) you can figure out how easy is attaching a ws-policy to a web service.

Anyway, thinking of open source and being able to have a defence of why did I use an application server, I tried to put the service into Tomcat and/or Jboss. Jboss version 5 is in its Candidate release at the time of my coding While Tomcat has its 6th version coming out.

Tomcat was lighter and took less time to run and start while Jboss has its huge attachments and take almost 3 to 5 minutes on my computer to run. The deployment of the codes is not considered in the times mentioned.

AXIS is an important part of my work done, it is not my work but it is a library that I used. The funny thing about AXIS is that recently it come to version 2 and the community call it AXIS 2 while also having the versions beside it, like AXIS 2 ver 1.4 which at the beginning confused me a lot. I was looking for downloading AXIS 2 but I got to AXIS2 ver 1.4.

Finally within Eclipse, I tried using two version of Tomcat server (both 5.5), JBoss (ver 5, candidate release) and one Tomcat (ver 6.0), I don't know what was going on but at the beginning I got a lot of exceptions at the time of generation which lead me to this bug (https://bugs.eclipse.org/bugs/show_bug.cgi?id=84843), reading that it should be solved on the later versions but somehow it was not.

After overcoming the errors generated by AXIS, I didn't get the results I wanted, the results I want want basically being able to generate a web service based on a function / WSDL file. I switched to AXIS2, The reason was basically to be updated with the latest technology besides being compatible with WS-Policy.

After doing that I got to the problem of getting errors like "Servlet.service() for servlet AxisServlet threw exception java.lang.NoSuchMethodError" finding this page (http://blogs.msdn.com/dotnetinterop/archive/2005/03/31/404087.aspx) figured out that this is not only my problem and is for all other ones using AXIS and AXIS2 together.

So I finally implement a web service with the help of AXIS2 on a Tomcat server which is functional, I'm sending soap messages through the interface and getting response, although it is a sayHello example it shows that everything is in place and working. some address like : http://localhost:64825/wsexplorer/wsexplorer.jsp?org.eclipse.wst.ws.explorer=0 the WSDL address was http://localhost:8080/webserviceSH/services/HelloWorld?wsdl . Although it gives some exceptions in the meantime (mentioned above), it is running smoothly.

The only thing remaining is to check if I attach a WS-Policy to it how it behaves, It should be simple like the one Oracle described.

  • AXIS : http://ws.apache.org/axis/

  • Tutorial Basic : http://www.roseindia.net/webservices/buildingsimplewebservice.shtml

  • WS-Policy in BEA Weblogic : http://edocs.beasys.com/wls/docs92/ConsoleHelp/taskhelp/webservices/ConfigureWSPolicyFile.html

  • WTP Tutorial : http://www.eclipse.org/webtools/community/tutorials/BottomUpAxis2WebService/bu_tutorial.html

2 June 2008

WS-Policy + WS-PolicyAttachment

Looking for how to manage to figure out policies relations to the web services, I've found out a paper called "A Practical Introduction to WS-Policy". Out of that you can simply figure out how to write a web service with a WS-Policy attached to it. The WS-Policy needs WS-PolicyAttachment showing how these policies to attached and how to use.

Both of these are XML based files and are easy to interpret.
The only problem with that is WS-Policy is only giving solutions for security policies, like having a specific token or something like that. What I was looking for it was to somehow check the policy behind a web service in all aspects of business process and not only security requirements.

The ones that WS-Policy can talk about is :

  • Integrity (digital signatures)

  • Confidentiality (encryption)

  • MessagePredicate (specifies message parts that SOAP messages must contain)

  • MessageAge

  • SecurityToken