Show TOC

Example: Using a Web Services (SOAP) Input Adapter with Policy Driven SecurityLocate this document in the navigation structure

Set up a Web Services (SOAP) Input adapter that uses Policy driven security and communicates over HTTPS.

Prerequisites

The cluster database stores configuration information. Ensure that the cluster is running, so that the adapter can interact with the projects on the cluster.

Context

The source code for the WSPolicy and MessageUT_Policy classes are located in the adapter example/src directory.

The steps below result in the creation of three keystores (server.jks, client.jks, and service.jks). Do not change the username "client" and "service".

Procedure

  1. Install Apache Tomcat.
  2. Ensure that the JDK_HOME environment variable is properly set. If it is not, you can set it using set_example_env.bat or set_example_env.sh.
  3. Run create_server_keystore <YOURSTOREPASSWORD> to create a server.jks. Answer "localhost" to "What is your first and last name".

    The server.jks is created under the current working directory. The Tomcat SSL HTTP connector and Web Services (SOAP) adapter use the server.jks to set up the HTTPS connection between them.

  4. Run create_client_service_cert <YOURCLIENTPASSWORD> <YOURSERVICEPASSWORD> to create the client.jks and service.jks leystores.
    <YOURCLIENTPASSWORD> is the client.jks keystore password, and <YOURSERVICEPASSWORD> is the service.jks keystore password.
  5. Add the following to the tomcat/conf/server.xml file: 
    <Connector port="8443" 
               protocol="org.apache.coyote.http11.Http11Protocol" 
               SSLEnabled="true" maxThreads="150"  
               scheme="https" secure="true" 
               keystoreFile="ESP_INSTALL\adapters\webservices\examples\input_transportUT\server.jks" 
               keystorePass="YOURSTOREPASSWORD"   
               clientAuth="false" 
               sslProtocol="TLS" />
  6. Add Apache Axis2™ to Tomcat. Copy axis2.war to tomcat/webapps, and start Tomcat.
    Axis2 is automatically unzipped.
  7. Copy the files in rampart/modules to tomcat/webapps/axis2/WEB-INF/modules.
  8. Copy the files in rampart/lib to tomcat/webapps/axis2/ WEB-INF/lib.
  9. Add the following to the <Tomcat>\webapps\axis2\WEB-INF\conf\axis2.xml file:
    <transportReceiver name="https" class="org.apache.axis2.transport.http.AxisServletListener">
<parameter name="port">8443</parameter>
</transportReceiver>
  10. Modify the adapter_config.xml file as follows:
    <security>
			<sslTrustStore>server.jks</sslTrustStore>
			<sslTrustStorePassword>YOURSTOREPASSWORD</sslTrustStorePassword> <!--Change the element to the same as your input-->

			<WSPolicy>
				<credentials>
							<User>client</User><!--Change the element to the same as your input-->
					<!-- here the password is the pw for the client keystore -->
							<Password encrypted="false">YOURCLIENTPASSWORD</Password> <!--Just change the element to the same as your input-->
			    </credentials>
				<policyClass>com.sap.esp.adapter.ws.security.MessageUTPolicy</policyClass>
				          <param name="policyPath" value="messageUT_policy.xml"/>
						  <param name="clientKeystore" value="client.jks"/>
				</WSPolicy>
	</security>
    Set <User> and <Password> to the username and password used by node1 in $STREAMING_HOME/cluster/examples: 
    <EspProjects>
      <EspProject>    
        <Name>StockTraderProject</Name>
        <Uri>esp[s]://localhost:19011/w1/p1</Uri>
        <Security>
			<User>user</User>
			<Password>password</Password>
			<AuthType>user_password</AuthType>
  11. Modify the services.xml file as follows:
    <parameter name="MessageUTPassword">YOURSERVICEPASSWORD</parameter> <!--Provide YOURSERVICEPASSWORD instead of YOURCLIENTPASSWORD-->
    ......
    <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
     ......
       <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">YOURSERVICEPASSWORD</ramp:property><!--Provide YOURSERVICEPASSWORD instead of YOURCLIENTPASSWORD-->
    </ramp:RampartConfig>
  12. Run ant create_sample_aar to create the sample .aar file.
  13. Remove any StockTraderService_noSec.aar or StockTraderService_transportUT.aar files from the adapter examples/service directory if you previously ran those examples.
  14. Copy the examples/service/StockTraderService_messageUT.aar file to the tomcat/webapps/axis2/WEB-INF/services directory under your Web server.
  15. Modify set_example_env.bat or set_example_env.sh to set ADAPTER_EXAMPLE_USERNAME and ADAPTER_EXAMPLE_PASSWORD to the desired user name and password combination, and set ADAPTER_EXAMPLE_CLUSTER_NODE_PROTOCOL to esps if SSL is enabled or esp if SSL is disabled.
  16. Start the Web server.
  17. Start the node by running the start_node.bat or start_node.sh script.
  18. Start the project by running the start_project.bat or start_project.sh script.
  19. Subscribe to the stream in the project by running the subscribe.bat or subscribe.sh script.
  20. Start the adapter by running the start_adapter.sh or start_adapter.sh script.
    Data begins flowing in the subscription window.