WS-SecurityPolicy with policies on binding, and operations

Solution Verified - Updated -

Environment

JBoss Enterprise Application Platform (EAP) 6.0

Issue

We are using a WSDL which references policies in both the binding, and on the operation input and output. How do we implement a server side implementation and client, packaged as a war, which will run on JBoss EAP 6?

<wsdl:binding name="ProfileMgmtServiceSoapBinding" type="tns:ProfileMgmt">
    <soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>
    <wsp:PolicyReference URI="#ProfileMgmtServiceSoapBindingBindingPolicy"/>
    <wsdl:operation name="getCustomerDiscount">
      <soap:operation soapAction="" style="document"/>
      <wsdl:input name="getCustomerDiscount">
        <soap:body use="literal"/>
    <wsp:PolicyReference URI="#getCustomerDiscountBindingOpInputPolicy"/>
      </wsdl:input>
      <wsdl:output name="getCustomerDiscountResponse">
        <soap:body use="literal"/>
    <wsp:PolicyReference URI="#getCustomerDiscountBindingOpOutputPolicy"/>
      </wsdl:output>
    </wsdl:operation>
  </wsdl:binding>
  ...
  <wsp:Policy wsu:Id="ProfileMgmtServiceSoapBindingBindingPolicy" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsrmp="http://docs.oasis-open.org/ws-rx/wsrmp/200702" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
  ...
  </wsp:Policy>
  ...
  <wsp:Policy wsu:Id="getCustomerDiscountBindingOpInputPolicy" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsrmp="http://docs.oasis-open.org/ws-rx/wsrmp/200702" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
  ...
  </wsp:Policy>
  ...
  <wsp:Policy wsu:Id="getCustomerDiscountBindingOpOutputPolicy" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsrmp="http://docs.oasis-open.org/ws-rx/wsrmp/200702" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
  ...
  </wsp:Policy>

Resolution

The key to getting this working is to use a contract-first approach to developing them. Using the WSDL as the source for generated both the client and server.

1) Generate the WS Stubs using wsconsume
2) Make sure that the web service implementation used a wsdlLocation which referenced a shipped WSDL, see ProfileMgmtBean.java:

    @WebService(
        ...
        wsdlLocation="WEB-INF/wsdl/ProfileMgmt.wsdl")

3) After that the configuration is exactly the same as SignEncrypt example found here:

https://access.redhat.com/knowledge/solutions/219853

Note that Spring configuration is not used at all. That is no need for jbossws-cxf.xml, and Spring to be installed as a module on EAP.

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Comments