Extending GateIn WSRP WS-Security

Version 1

    GateIn wsrp ws-security implementation is wrapped around the JBossWS Native implementation. By default it is setup to pass the credentials of the currently logged in user in the consumer to the producer. There may be cases or situations where this is not the ideal situation. For example, providing a mapping between users when they are different between the consumer and producer, when a producer uses a single registered user for everyone from a particular consumer, etc...

     

    This document will describe how to modify and extend the wsrp ws-securiy for custom behaviours.

     

    The Consumer Configuration

    The consumer uses two SoapHandler classes to interact with JBossWS:

     

      • org.wsrp.wss.jboss5.handlers.consumer.WSSecurityCredentialHandler
        • This class retrieves the credentials for the currently logged in user and adds those credentials as properties to the MessageContext.

     

      • org.wsrp.wss.jboss5.handlers.consumer.JBWSSecurityHandlerWrapper
        • This class wraps the JBossWS WSSecurityHandler and specifies the configuration file to use. This class is needed to intergrate with JBossWS.

     

    The configuration of these handlers is done through the org.gatein.wsrp.wss.WebServiceSecurityFactory class. The WebServiceSecurityFactory class contains methods to register and unregister handlers. In GateIn, this class is configured in the JBoss5WSSServiceIntegration which is started from gatein-wsrp-integration.ear/lib/jboss5integration.jar/conf/configuration.xml

     

    Extending the Consumer

    In order to extend the consumer, you will need to remove the WSSecurityCredentialHandler and add your own.

     

    1. Create your own SOAPHandler class. You will need to pass your credentials as the javax.xml.ws.security.auth.username and javax.xml.ws.security.auth.password properties of the SOAPMessageContext. JBossWS will look for these properties when sending the credentials.

     

    public boolean handleMessage(SOAPMessageContext soapMessageContext)
       {
          if (Boolean.TRUE.equals(soapMessageContext.get(MessageContext.MESSAGE_OUTBOUND_PROPERTY)))
          {
               soapMessageContext.put(BindingProvider.USERNAME_PROPERTY, username);
               soapMessageContext.put(BindingProvider.PASSWORD_PROPERTY, password);
          }
          else
          {
             return handleResponse(soapMessageContext);
          }
       }
    

     

      2.  Remove the WSSecurityCredentialHandler from the WebServiceSecurityFactory class and add your handler to it instead.

     

    WebServiceSecurityFactory wssFactory = WebServiceSecurityFactory.getInstance();
    wssFactory.unregisterWebServiceSecurityHandler(wsSecurityCredentialHandler);
    wssFactory.registerWebServiceSecurityHandler(new CustomHandler());
    

     

    Note: you can also reconfigure the configuration.xml file so that the JBoss5WSSServiceIntegration class is never started. In this case you will also have to add the JBWSSecurityHandlerWrapper to the factory class.

     

    The Producer Configuration

    The producer uses two SoapHandler classes to interact with JBossWS:

     

      • org.wsrp.wss.jboss5.handlers.producer.WSSecurityCredentialHandler
        • This class retrieves the credentials from the consumer and uses them to programatically login to the producer.

     

      • org.wsrp.wss.jboss5.handlers.producer.JBWSSecurityHandlerWrapper
        • This class wraps the JBossWS WSSecurityHandler and specifies the configuration file to use. This class is needed to intergrate with JBossWS.

     

    The configuration of these handlers is done through a standard handler chain xml configuration file, located at:

    gatein-integration.ear/wsrp-producer-jb5wss.war/WEB-INF/classes/org/gatein/wsrp/endpoints/producer-handler-chain.xml

    Extending The Producer

    The producer can be extended by creating your own SOAPHandler class. You will then need to remove the WSSecurityCredentialHandler from the producer-handler-chain.xml file and add your own in its place.