I have a WSDL of type RPC/Encoded and implementing Message Level Security (my XSD is complex type).
Can I use Spring WS for this type of Web Service?
is JAX-WS support this type of web service?
What is best way to implement this type of webservice? I need to implement the client.
JAX-WS does not support RPC/Encoded type of web services. For this we can use Rampart and also for more reference we can also refer to WSO2
Related
I created Visual studio default Azure API Apps. I call the API from SPA JavaScript but the return type is XML and I'd like it to be JSON. I tried to set XMLHttpRequest.responseType = "json" but after that the response is null.
So, how to define the Azure API App return type?
why are you using XMLHttpRequest? can you try using the HTTPClient
Web API provides media-type formatters for both JSON and XML. The
framework inserts these formatters into the pipeline by default.
Clients can request either JSON or XML in the Accept header of the
HTTP request. JSON formatting is provided by the
JsonMediaTypeFormatter class. By default, JsonMediaTypeFormatter uses
the Json.NET library to perform serialization. Json.NET is a
third-party open source project.
How can I use ServiceBehaviorAttribute in my Web API 2 project to create & recycle instance context object on every request? I tried to set it traditional way by configuring in web.config but didn't work. I think I may need to set custom attribute so any suggestion/thoughts are appreciated!
[ServiceBehaviorAttribute(InstanceContextMode = InstanceContextMode.PerCall)]
I am new to Web API so not having much exposure on it.
The ServiceBehaviorAttribute is in the System.ServiceModel namespace and is used exclusively for WCF not for Web API. The following link seems to address your issue: Programmatically set InstanceContextMode
How can I authenticate with HTTP Basic, via the application server domain/secure realm, using a Session Bean published as a #WebService?
In a Web project one could use web.xml to map Roles to Groups, but I have no idea how to do it in a EJB-JAR project. I don't think it can be done with ejb-jar.xml.
Sample code, which works fine without the roles annotations:
#Stateless
#WebService(portName="RestrictedServicePort")
#DeclareRoles(value = "Administrators")
public class RestrictedServiceBean {
#RolesAllowed(value = "Administrators")
public String restrictedOperation() {
return "Secret information";
}
}
Error:
<faultstring>[EJB:010160]Security Violation: User: '<anonymous>' has insufficient permission to access EJB: type=<ejb>
Basic Credentials Header:
Authorization: Basic d2VibG9naWM6d2VsY29tZTE=
I suspect it must be done via vendor-specific configuration. I am using WebLogic 10.3.6, Java EE 5 / EJB 3.0.
Basic Auth via Policy
From the v10 docs:
A Web service can have zero or more WS-Policy files associated with
it. WS-Policy files follow the guidelines of the WS-Policy
specification. WebLogic Server uses WS-Policy files to specify the
details of the message-level security (digital signatures and
encryption) and reliable messaging capabilities of a Web service. You
can attach a WS-Policy file to a Web service endpoint, which means
that the policy assertions apply to all the operations of a Web
service endpoint. You can also attach a WS-Policy file to an
operation, which means that the policy assertions apply only to the
specific operation. In addition, you can attach a WS-Policy file to
the inbound or outbound SOAP message, or both.
It would appear you can attach a basic auth policy to your service:
<sp:TransportToken>
<wsp:Policy>
<sp:HttpBasicAuthentication/>
</wsp:Policy>
</sp:TransportToken>
You can apply this custom policy via the administrative console via the steps outlined here or you can consider referencing one of the Oracle-preconfigured policies.
Mapping Roles to Groups
The WebLogic (v12) documentation mentions the following when discussing usage of #RolesAllowed in an EJB:
You can also use the annotation to explicitly declare roles that are implicitly declared if you use the #RolesAllowed annotation on the class or a method of the class.
You create security roles in WebLogic Server using the Administration Console. For details, see "Manage Security Roles" in the Oracle WebLogic Server Administration Console Help.
The Manage Security Roles section continues on to discuss scoped roles.
You can then create a scoped role for a specific EJB that contains highly sensitive business logic. When you create a policy for the EJB, you can specify that only the scoped role can access the EJB.
More information on managing scoped roles is here.
Solved adding the role mapping as it is done in any web module, but using the proprietary weblogic-ejb-jar.xml, as follows:
<wls:security-role-assignment>
<wls:role-name>Administrators</wls:role-name>
<wls:principal-name>myweblogicgroup</wls:principal-name>
</wls:security-role-assignment>
The "myweblogicgroup" is the group created in the WebLogic security realm for which the system user used to authenticated to the web service is associated.
This link helped me.
I'm trying to use Thinktecture.IdentityModel.45 for authentication in ASP.NET Web API.
I'm trying to get the Basic Authentication to work. And have downloaded the source and got the sample to work. (JsBasicAuth).
We have Web API in the same project as a MVC application. And when the test client calls ~/api/identity all handlers and authorization work. But then the framework (web api) tries to invoke a controller called "identity" and the call fails.
{"Message":"No HTTP resource was found that matches the request URI 'http://localhost/app/api/identity'.","MessageDetail":"No type was found that matches the controller named 'identity'."}
Do I need to exclude /identity /token from the routing? What am I missing?
I now discovered the Common project in the sample solution. There is a IdentityController there. And I didn't have that in my own project. Now it works! :)
I'm a little bit confused, I want a WCF service that takes values and returns them as XML, to be bound to an ASP.NET project. So I guess I should create WCF Service Library instead of Application, then bind it to ASP.NET via "Add Service Reference"? And, if I got it correctly, that allows me to use service without any proxy classes?
P.S. Service method code that returns XML is something like
[System.ServiceModel.OperationContract]
[System.ServiceModel.Web.WebGet(
UriTemplate = "men",
ResponseFormat = System.ServiceModel.Web.WebMessageFormat.Xml)]
Human[] getAll();
getAll() just generates an array of objects of Human class.
Actually, you've got it partially correct, and partially sideways.
Yes, use a WCF Service Library to create the service.
No, don't use "Add Service Reference".
Instead, add the WCF Service Library as a normal project reference to the ASP.NET web application. Then create a "YourService.svc" file as the endpoint for the service.
<% #ServiceHost Service="MyNamespace.MyServiceImplementationTypeName" %>
See "Deploying an Internet Information Services-Hosted WCF Service".
You will also need some configuration in web.config. I don't know the best way to do this.