Example: Using a Web Services (SOAP) Input Adapter with Policy Driven Security

Set up a Web Services (SOAP) Input adapter that uses Policy driven security and communicates over HTTPS.

The source code for the WSPolicy and MessageUT_Policy classes are located in the adapter example/src directory.

The steps below result in the creation of three keystores (server.jks, client.jks, and service.jks). Do not change the username "client" and "service".

  1. Install Apache Tomcat.
  2. Ensure that the JDK_HOME environment variable is properly set. If it is not, you can set using set_example_env.bat or set_example_env.sh.
  3. Run create_server_keystore <YOURSTOREPASSWORD> to create a server.jks. Answer "localhost" to "What is your first and last name".

    The server.jks is created under the current working directory. The Tomcat SSL HTTP connector and Web Services (SOAP) adapter use the server.jks to set up the HTTPS connection between them.

  4. Run create_client_service_cert <YOURCLIENTPASSWORD> <YOURSERVICEPASSWORD> to create the client.jks and service.jks leystores.
    <YOURCLIENTPASSWORD> is the client.jks keystore password, and <YOURSERVICEPASSWORD> is the service.jks keystore password.
  5. Add the following to the tomcat/conf/server.xml file: 
    <Connector port="8443" 
               protocol="org.apache.coyote.http11.Http11Protocol" 
               SSLEnabled="true" maxThreads="150"  
               scheme="https" secure="true" 
               keystoreFile="ESP_INSTALL\adapters\webservices\examples\input_transportUT\server.jks" 
               keystorePass="YOURSTOREPASSWORD"   
               clientAuth="false" 
               sslProtocol="TLS" />
  6. Add Apache Axis2™ to Tomcat. Copy axis2.war to tomcat/webapps, and start Tomcat.
    Axis2 is automatically unzipped.
  7. Copy the files in rampart/modules to tomcat/webapps/axis2/WEB-INF/modules.
  8. Copy the files in rampart/lib to tomcat/webapps/axis2/ WEB-INF/lib.
  9. Add the following to the <Tomcat>\webapps\axis2\WEB-INF\conf\axis2.xml file:
    <transportReceiver name="https" class="org.apache.axis2.transport.http.AxisServletListener">
<parameter name="port">8443</parameter>
</transportReceiver>
  10. Modify the adapter_config.xml file as follows:
    <security>
			<sslTrustStore>server.jks</sslTrustStore>
			<sslTrustStorePassword>YOURSTOREPASSWORD</sslTrustStorePassword> <!--Just change the element to the same as your input-->

			<WSPolicy>
				<credentials>
							<User>client</User><!--Just change the element to the same as your input-->
					<!-- here the password is the pw for the client keystore -->
							<Password encrypted="false">YOURCLIENTPASSWORD</Password> <!--Just change the element to the same as your input-->
			    </credentials>
				<policyClass>com.sap.esp.adapter.ws.security.MessageUTPolicy</policyClass>
				          <param name="policyPath" value="messageUT_policy.xml"/>
						  <param name="clientKeystore" value="client.jks"/>
				</WSPolicy>
	</security>
    Set <User> and <Password> to the username and password used by node1 in $ESP_HOME/cluster/examples: 
    <EspProjects>
      <EspProject>    
        <Name>StockTraderProject</Name>
        <Uri>esp://localhost:19011/w1/p1</Uri>
        <Security>
			<User></User>
			<Password></Password>
			<AuthType>user_password</AuthType>
  11. Modify the services.xml file as follows:
    <parameter name="MessageUTPassword">YOURSERVICEPASSWORD</parameter> <!--Here, it need YOURSERVICEPASSWORD instead of YOURCLIENTPASSWORD-->
    ......
    <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
     ......
       <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">YOURSERVICEPASSWORD</ramp:property><!--Here, it need YOURSERVICEPASSWORD instead of YOURCLIENTPASSWORD-->
    </ramp:RampartConfig>
  12. Run ant create_sample_aar to create the sample .aar file.
  13. Remove any StockTraderService_noSec.aar or StockTraderService_transportUT.aar files from the adapter examples/service directory if you previously ran those examples.
  14. Copy the examples/service/StockTraderService_messageUT.aar file to the tomcat/webapps/axis2/WEB-INF/services directory under your Web server.
  15. Modify set_example_env.bat or set_example_env.bat by setting ADAPTER_EXAMPLE_USERNAME and ADAPTER_EXAMPLE_PASSWORD to the username and password used by node1 in $ESP_HOME/cluster/examples.
  16. Start the Web server.
  17. Start the ESP node by running the start_node.bat or start_node.sh script.
  18. Start the ESP project by running the start_project.bat or start_project.sh script.
  19. Subscribe to the stream in the project by running the subscribe.bat or subscribe.sh script.
  20. Start the adapter by running the start_adapter.sh or start_adapter.sh script.
    Data begins flowing in the subscription window.
Parent topic: Examples