View Attach (1) Info

Workflow Name: amset3securityheadertest#

Constituent Services: setSecurityHeadertest#

Workflow Description#

This is to test the process of using the JBI ESB to place security information in the SOAP header as a more elegant and efficient alternative to placing SOAP header message parts in each operation (as demonstrated in the previous workflow).

The base WSDL has one operation that takes in a WSS Security element and simply returns it. By the magic of JBI the Security element is also placed in the SOAP header of the response.

Note in the setSecurityHeaderWSDL.wsdl (so good I named it twice) below that there is no reference to the SOAP header. All SOAP header operations are controlled from the BPEL process which in turn uses a WSDL import - nmPropertiesDefinitions.wsdl which defines the "Normalized Router" properties (the SOAP header elements).

Technical Notes#

Note that the nightly build of GlassFishESB is being used to take advantage of the newish SOAP header tools.

Platform: GlassFishESB V2 (nightly build 10 June 2009), NetBeans IDE 6.5 (including BPEL Designer, implementing WS-BPEL 2.0)
Java: 1.6.0_10; Java HotSpot(TM) Client VM 11.0-b15
System: Windows XP version 5.1 running on x86; Cp1252; en_GB (nb).


Alfresco Labs 3.1 Final running on remote server, 64-bit Java 1.6.0_13, Tomcat 6 on Red Hat Enterprise Linux 5.

The Process#

Figure 3.1. securityHeaderTestBpel.bpel NetBeans process diagram (elements labelled)


(The little warning triangle on the Assign 2 box is NetBeans informing us that there is a type mismatch. This can occur, for example, when an input maps a pure xsd:string onto some extended string type, with an attribute, perhaps. In this type of case it normally causes no problems - the warning could be removed by spending a bit more time sorting out the datatypes in the input message.)


The BPEL Script#

Note the import of the nmPropertiesDefintions.wsdl and the Assign operations which XPaths values from the SOAP body elements and assigns them to SOAP header elements defined by the property definition WSDL.

Code snippet 3.1. securityHeaderTestBpel.bpel 

<?xml version="1.0" encoding="UTF-8"?>
<process
    name="securityHeaderTestBpel"
    targetNamespace="http://enterprise.netbeans.org/bpel/SecurityHeaderTestBpel/securityHeaderTestBpel"
    xmlns="http://docs.oasis-open.org/wsbpel/2.0/process/executable"
    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
    xmlns:sxt="http://www.sun.com/wsbpel/2.0/process/executable/SUNExtension/Trace" 
    xmlns:sxed="http://www.sun.com/wsbpel/2.0/process/executable/SUNExtension/Editor"
    xmlns:sxat="http://www.sun.com/wsbpel/2.0/process/executable/SUNExtension/Attachment"
    xmlns:sxeh="http://www.sun.com/wsbpel/2.0/process/executable/SUNExtension/ErrorHandling"
    xmlns:tns="http://enterprise.netbeans.org/bpel/SecurityHeaderTestBpel/securityHeaderTestBpel"
    xmlns:ns0="http://j2ee.netbeans.org/wsdl/SecurityHeaderTestBpel/setSecurityHeaderWSDL"
    xmlns:sxed2="http://www.sun.com/wsbpel/2.0/process/executable/SUNExtension/Editor2"
    xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
    xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
    xmlns:ns1="http://j2ee.netbeans.org/wsdl/SecurityHeaderTestBpel/nmPropertiesDefinitions">

   <import namespace="http://j2ee.netbeans.org/wsdl/SecurityHeaderTestBpel/setSecurityHeaderWSDL" location="setSecurityHeaderWSDL.wsdl" importType="http://schemas.xmlsoap.org/wsdl/"/>
   <import namespace="http://j2ee.netbeans.org/wsdl/SecurityHeaderTestBpel/nmPropertiesDefinitions" location="nmPropertiesDefinitions.wsdl" importType="http://schemas.xmlsoap.org/wsdl/"/>
   <partnerLinks>
      <partnerLink name="PartnerLink1" partnerLinkType="ns0:setSecurityHeaderWSDL" myRole="setSecurityHeaderWSDLPortTypeRole"/>
   </partnerLinks>
   <variables>
      <variable name="SetSecurityHeaderWSDLOperationOut" messageType="ns0:setSecurityHeaderWSDLOperationResponse"/>
      <variable name="SetSecurityHeaderWSDLOperationIn" messageType="ns0:setSecurityHeaderWSDLOperationRequest"/>
   </variables>
   <sequence>
      <receive name="Receive1" createInstance="yes" partnerLink="PartnerLink1" operation="setSecurityHeaderWSDLOperation" portType="ns0:setSecurityHeaderWSDLPortType" variable="SetSecurityHeaderWSDLOperationIn"/>
      <assign name="Assign1">
         <copy>
            <from variable="SetSecurityHeaderWSDLOperationIn" part="part1"/>
            <to variable="SetSecurityHeaderWSDLOperationOut" part="part1"/>
         </copy>
      </assign>
      <assign name="Assign2">
            <copy>
                <from>$SetSecurityHeaderWSDLOperationOut.part1/wsu:Timestamp/wsu:Created</from>
                <to variable="SetSecurityHeaderWSDLOperationOut" property="ns1:header_created"/>
            </copy>
            <copy>
                <from>$SetSecurityHeaderWSDLOperationOut.part1/wsu:Timestamp/wsu:Expires</from>
                <to variable="SetSecurityHeaderWSDLOperationOut" property="ns1:header_expires"/>
            </copy>
            <copy>
                <from>$SetSecurityHeaderWSDLOperationOut.part1/wsse:UsernameToken/wsse:Password/@Type</from>
                <to variable="SetSecurityHeaderWSDLOperationOut" property="ns1:header_passwordType"/>
            </copy>
            <copy>
                <from>$SetSecurityHeaderWSDLOperationOut.part1/wsse:UsernameToken/wsse:Username</from>
                <to variable="SetSecurityHeaderWSDLOperationOut" property="ns1:header_username"/>
            </copy>
            <copy>
                <from>$SetSecurityHeaderWSDLOperationOut.part1/wsse:UsernameToken/wsse:Password</from>
                <to variable="SetSecurityHeaderWSDLOperationOut" property="ns1:header_password"/>
            </copy>
        </assign>
      <reply name="Reply1" partnerLink="PartnerLink1" operation="setSecurityHeaderWSDLOperation" portType="ns0:setSecurityHeaderWSDLPortType" variable="SetSecurityHeaderWSDLOperationOut"/>
   </sequence>
</process>

Code snippet 3.2. nmPropertiesDefinitions.wsdl 

<?xml version="1.0" encoding="UTF-8"?>
<definitions name="nmPropertiesDefinitions" targetNamespace="http://j2ee.netbeans.org/wsdl/SecurityHeaderTestBpel/nmPropertiesDefinitions"
    xmlns="http://schemas.xmlsoap.org/wsdl/"
    xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"
    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
    xmlns:tns="http://j2ee.netbeans.org/wsdl/SecurityHeaderTestBpel/nmPropertiesDefinitions"
    xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
    xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
    xmlns:ns1="http://j2ee.netbeans.org/wsdl/SecurityHeaderTestBpel/setSecurityHeaderWSDL"
    xmlns:vprop="http://docs.oasis-open.org/wsbpel/2.0/varprop"
    xmlns:sxnmp="http://www.sun.com/wsbpel/2.0/process/executable/SUNExtension/NMProperty">
    <import location="setSecurityHeaderWSDL.wsdl" namespace="http://j2ee.netbeans.org/wsdl/SecurityHeaderTestBpel/setSecurityHeaderWSDL"/>

    <types>
        <xsd:schema targetNamespace="http://j2ee.netbeans.org/wsdl/SecurityHeaderTestBpel/nmPropertiesDefinitions">
            <xsd:import schemaLocation="oasis-200401-wss-wssecurity-secext-1.0.xsd" namespace="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"/>
        </xsd:schema>
    </types>


    <vprop:property name="header_created" type="xsd:string"/>
    <vprop:propertyAlias propertyName="tns:header_created" messageType="ns1:setSecurityHeaderWSDLOperationResponse" part="part1" sxnmp:nmProperty="org.glassfish.openesb.headers.soap">
        <vprop:query>wsse:Security/wsu:Timestamp/wsu:Created</vprop:query>
    </vprop:propertyAlias>

    <vprop:property name="header_expires" type="xsd:string"/>
    <vprop:propertyAlias propertyName="tns:header_expires" messageType="ns1:setSecurityHeaderWSDLOperationResponse" part="part1" sxnmp:nmProperty="org.glassfish.openesb.headers.soap">
        <vprop:query>wsse:Security/wsu:Timestamp/wsu:Expires</vprop:query>
    </vprop:propertyAlias>


    <vprop:property name="header_passwordType" type="xsd:string"/>
    <vprop:propertyAlias propertyName="tns:header_passwordType" messageType="ns1:setSecurityHeaderWSDLOperationResponse" part="part1" sxnmp:nmProperty="org.glassfish.openesb.headers.soap">
        <vprop:query>wsse:Security/wsse:UsernameToken/wsse:Username/@Type</vprop:query>
    </vprop:propertyAlias>


    <vprop:property name="header_username" type="xsd:string"/>
    <vprop:propertyAlias propertyName="tns:header_username" messageType="ns1:setSecurityHeaderWSDLOperationResponse" part="part1" sxnmp:nmProperty="org.glassfish.openesb.headers.soap">
        <vprop:query>wsse:Security/wsse:UsernameToken/wsse:Username</vprop:query>
    </vprop:propertyAlias>


    <vprop:property name="header_password" type="xsd:string"/>
    <vprop:propertyAlias propertyName="tns:header_password" messageType="ns1:setSecurityHeaderWSDLOperationResponse" part="part1" sxnmp:nmProperty="org.glassfish.openesb.headers.soap">
        <vprop:query>wsse:Security/wsse:UsernameToken/wsse:Password</vprop:query>
    </vprop:propertyAlias>
    
</definitions>

Note that the properties are defined using the following type of statement: 

<vprop:property name="header_created" type="xsd:string"/>

The property is then associated with one or more property aliases. 

<vprop:propertyAlias propertyName="tns:header_created" messageType="ns1:setSecurityHeaderWSDLOperationResponse" part="part1" sxnmp:nmProperty="org.glassfish.openesb.headers.soap">
    <vprop:query>wsse:Security/wsu:Timestamp/wsu:Created</vprop:query>
</vprop:propertyAlias>

Input/Output#

Code snippet 3.3. Input SOAP message 

<soapenv:Envelope xsi:schemaLocation="http://schemas.xmlsoap.org/soap/envelope/ http://schemas.xmlsoap.org/soap/envelope/" 
                  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
                  xmlns:xsd="http://www.w3.org/2001/XMLSchema" 
                  xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" 
                  xmlns:oas="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" 
                  xmlns:oas1="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
  <soapenv:Body>
    <oas:Security>
      <oas1:Timestamp>
        <!--Optional:-->
        <oas1:Created>Now</oas1:Created>
        <!--Optional:-->
        <oas1:Expires>Later</oas1:Expires>
      </oas1:Timestamp>
      <oas:UsernameToken>
        <oas:Username>deBoisbaudran</oas:Username>
        <oas:Password oas1:Id="" Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">sekrit</oas:Password>
      </oas:UsernameToken>
    </oas:Security>
  </soapenv:Body>
</soapenv:Envelope>

Code snippet 3.4. Output SOAP message 

<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" 
                   xmlns:xsd="http://www.w3.org/2001/XMLSchema" 
                   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
                   xsi:schemaLocation="http://schemas.xmlsoap.org/soap/envelope/ http://schemas.xmlsoap.org/soap/envelope/">
  <SOAP-ENV:Header>
    <Security xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
      <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
        <wsu:Created>Now</wsu:Created>
        <wsu:Expires>Later</wsu:Expires>
      </wsu:Timestamp>
      <UsernameToken>
        <Username Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">deBoisbaudran</Username>
        <Password xmlns:msgns="http://j2ee.netbeans.org/wsdl/SecurityHeaderTestBpel/setSecurityHeaderWSDL" xmlns:oas="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:oas1="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText" oas1:Id="">sekrit</Password>
      </UsernameToken>
    </Security>
  </SOAP-ENV:Header>
  <SOAP-ENV:Body>
    <Security xmlns:msgns="http://j2ee.netbeans.org/wsdl/SecurityHeaderTestBpel/setSecurityHeaderWSDL" xmlns:oas="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:oas1="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
      <oas1:Timestamp>
        <oas1:Created>Now</oas1:Created>
        <oas1:Expires>Later</oas1:Expires>
      </oas1:Timestamp>
      <oas:UsernameToken>
        <oas:Username>deBoisbaudran</oas:Username>
        <oas:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText" oas1:Id="">sekrit</oas:Password>
      </oas:UsernameToken>
    </Security>
  </SOAP-ENV:Body>
</SOAP-ENV:Envelope>

And we see the Security element has been placed in the SOAP header. Well done, JBI.

Add new attachment

Only authorized users are allowed to upload new attachments.

List of attachments

Kind Attachment Name Size Version Date Modified Author Change note
png
 setSecurityHeaderTestBpel.png 21.9 kB 1 17-Jun-2009 12:32 clayton
« This page (revision-) was last changed on 06-Sep-2009 13:34 by clayton