Ping Java SDK And Web Services
Ping Java SDK and Web Services (WS-Trust)In an effort to get my head around Java Web Services I have thrown together a quickClient/Service scenario to learn how everything works. I am not the most advanced Javadeveloper and I am continually confused by all the different frameworks and interfaces thatJava provides so I wanted to build a default sandbox that I could play with to test certainweb services scenarios.I have a few scenarios here that all build from a common base. I have been using NetBeansfor this but you can pretty much insert your favourite Java IDE (ie Eclipse) as you wish –you may need to google some of the IDE things like configuring handlers etc. Step One: Basic Web Service provider (WS) and Web Service Client (WSC) Step Two: Enabling WS-Security on the WS (require SAML token) Step Three: Enabling WS-Security on the WSC (swap username token for SAMLtoken) Step Four: Receiving a local SAML token for the WS and returning the subject tothe web serviceThis may help as a learning tool or as the basics for a POC, or at least to save time fromjumping through multiple examples and sample code to produce a simple WS-Trustscenario.Pre-requisites Java IDE with EE capable web server (ie Netbeans with Glassfish)PingFederate with STS enabledPing Java SDKPing WSS Username Token TranslatorDisclaimerThis sample was farmed from various code snippets found all over the Internet,SDK samples and via my own keyboard. This is not guaranteed to work or besafe, secure or well-performing by any means. Good for a POC or to learn theconcepts but nothing else.PingFederate ConfigurationFor all scenarios, the following PingFederate configuration is used:Ping server is listening on sts.wst (and /sp/sts.wst)So the STS endpoint isI just have a self-signed SSL certificate so you will notice the following line in thecode: e);
code: e);IDP Side (to handle the authentication of the Web Services client):Token ProcessorUsername Token Processor 1.1 configured to verify a credential set (eithernamed users, LDAP etc). For this sample I used the “User Table withPassword” option to manually defined usersSP ConnectionWS-Trust connection configured as the screenshot below:SP Side (to service the WS (validate token re-issue local token))Token GeneratorSAML 2.0 Token Generator 1.1 used to issue a local SAML token for theWeb Service and to validate an existing SAML token. Configuration for thetoken generator is below:
IDP ConnectionUsed to interface with the Web Service. Defines the attribute contract,signing cert, issuer etc of the service. Configuration used is included below:
Step One: Basic Web Service provider (WS) and Web Service Client (WSC)Launch the NetBeans IDE and create a new Java Web Application project to create oursample Web Service.Give the project a name
I am using the built-in Glassfish server. Shouldn’t need to modify anything on this screenso you can hit Finish.Now we have a basic Web Application. We need to create the Web Service to sit in here.Right-click on the name of the project and choose New Web Service Give the servicea name and a package name. Also check the box to implement as a “Stateless SessionBean”
Now we have a basic web service that will say “Hello” to a name you provide. To test theservice:Right-click the Project and select “Deploy” to deploy it to the Glassfish web server.Expand the “Web Services” folder under the project, right-click on the service andselect “Test Web Service” to verify the service is correctly running.Once you have created the service, we will now create a web service client to communicatewith this web service.In the NetBeans IDE, create a new Java Application by choosing File New Project:Name the project and click Finish to create a basic Java application.
To create a reference to the Web Service we created, in the project explorer, right-click onthe application project name and select: New Web Service Client Choose to specify the WSDL from the Web Service project we created earlier and clickFinish to create the reference.Now we will add this reference into the Java code to call the web service from our Javaapp.Open the Java application source file in the editor.On the Project explorer, expand the levels under the “Web Service References” until yousee the web service method (red dot) and drag that into your code (under the closing braceof the “main method”)
Modify the main method to call this new method:Right-click the project and choose “Run” to execute the client. You should see the resultsof the web service call in the console:Success. We now have a working web service and web service client configuration.Step Two: Enabling WS-Security on the WS to require SAML security tokenThe next step is to protect the existing web service. The requirements now are that no onecan call this web service without providing a valid SAML security token.To protect the web service, we are going to use the Ping Java SDK to integrate with thePing STS. We are going to create a SOAP Handler to handle the SAML validation withouthaving to change the core web service code.Because we are using the Ping SDK, we need to add the required libraries to our project.In the project explorer, right-click “Libraries” and select “Add JAR/Folder”. Browse tothe location where you expanded the Ping Java SDK and select all the jars in the “lib”folder.In the Web Service project (SampleWS). create a new Java class (we call itSampleWSHandler):
Paste the following code into this Java file:[You may need to modify the package, class name and STS endpoint appropriately]package .NodeList;/**** @author pmeyer*/public class SampleWSHandler implements SOAPHandler SOAPMessageContext {private static String STS ENDPOINT URL c boolean handleMessage(SOAPMessageContext messageContext) {Boolean isRequest (Boolean)messageContext.get(MessageContext.MESSAGE OUTBOUND PROPERTY);//for response message only, true for outbound messages, false for inboundif (!isRequest) {try {SOAPMessage soapMsg messageContext.getMessage();SOAPHeader soapHeader soapMsg.getSOAPHeader();NodeList secHeaders -secext-1.0.xsd","Security");if (secHeaders.getLength() 0) {generateSOAPErrMessage(soapMsg, "No Security Header");}Element securityHeader (Element) secHeaders.item(0);STSClientConfiguration stsClientConfiguration .setStsEndpoint(STS ENDPOINT s(true);STSClient client;try {client new STSClient(stsClientConfiguration);
client new STSClient(stsClientConfiguration);} catch (MalformedURLException e) {throw new RuntimeException(e);}SamlToken token;try {token er);} catch (SecurityTokenException e) {throw new RuntimeException(e);}if (token null) {generateSOAPErrMessage(soapMsg, "No security token found");}boolean valid false;try {valid client.validateToken(token);} catch (STSClientException e) {generateSOAPErrMessage(soapMsg, e.getMessage());}if (!valid) {generateSOAPErrMessage(soapMsg, "Security token invalid");} else {// We have a valid token.System.out.println("WSP: VALID.");}} catch (SOAPException e) {System.err.println(e);}}}return true;@Overridepublic boolean handleFault(SOAPMessageContext context) {return true;}@Overridepublic void close(MessageContext context) {}@Overridepublic Set QName getHeaders() {return null;}}private void generateSOAPErrMessage(SOAPMessage msg, String reason) {try {SOAPBody soapBody t soapFault n);throw new SOAPFaultException(soapFault);} catch (SOAPException e) {}}Next we need to attach this handler to the existing web service code. In the projectexplorer, right-click the “SampleWS” service under the “Web Services” folder in the projectand select “Configure Handlers ”.Click the Add button and browse to the handler file we just created(SimpleWSHandler.java). Click okay to apply that change.To test the changes, re-deploy the web service by right-clicking on the Project name(SampleWS) and selecting “Deploy”.Right-click your Client project and choose “Run”. You should get an error indicating thatno security header was received.
Pretty cool that we only added the handler to the project. Minimal changes to the core webservice code were needed to secure it.[TODO: Modify the WSDL to advertise that we are expecting a SAML security token]Step Three: Enabling WS-Security on the WSC (swap username token for SAML token)Now we will follow a similar process on the client side. We want to authenticate a user viathe STS and present a SAML 2.0 assertion in the SOAP headers for the Web Service toconsume.As with the Web Service provider, in the Client project, right-click the “Libraries” folderand add the JARs from the Java SDK.We now can add a handler on the Client side. Right-click the project and create a new JavaClass In this java file, copy the following code. You can modify the contents appropriately:package ax.xml.ws.handler.soap.SOAPHandler;
import t org.w3c.dom.Element;public class SampleClientHandler implements SOAPHandler SOAPMessageContext ticStringStringStringStringWSS USERNAME TOKEN USERNAME "user123";WSS USERNAME TOKEN PASSWORD "User123";STS ENDPOINT URL "https://localhost:9031/idp/sts.wst";APPLIES TO "http://localhost";public SampleClientHandler() {}@Overridepublic boolean handleMessage(SOAPMessageContext context) {Boolean outboundProperty (Boolean)context.get(MessageContext.MESSAGE OUTBOUND PROPERTY);if (outboundProperty.booleanValue()) {// We are a Web Services Client. We need to get a SAML token to send throughto our service.// First of all, request a security token from the STS:STSClientConfiguration stsClientConfiguration new tStsEndpoint(STS ENDPOINT URL);stsClientConfiguration.setAppliesTo(APPLIES (true);STSClient client;// instantiate the STS clienttry {client new STSClient(stsClientConfiguration);} catch (MalformedURLException e) {throw new RuntimeException(e);}// Send in a Username token and receive the issued SAML tokenElement token;try {token client.issueToken(WSS USERNAME TOKEN USERNAME,WSS USERNAME TOKEN PASSWORD);} catch (STSClientException e) {// deal with the exceptionthrow new RuntimeException(e);}// We now have a SAML token to include in the Web Services RequestSystem.out.println("WSC: RST swapped for SAML token");StringUtils ppUtil new StringUtils();ppUtil.prettyPrint(token);// Insert the SAML token into the SOAP Headers.try {SOAPEnvelope envelope OAPFactory factory SOAPFactory.newInstance();String prefix "wsse";String uri 01-wsswssecurity-secext-1.0.xsd";SOAPElement securityElem factory.createElement("Security", prefix, uri);SOAPElement tokenElement Element(tokenElement);SOAPHeader header tyElem);} catch (Exception e) {e.printStackTrace();}} else {// inbound}}return true;@Overridepublic Set QName getHeaders() {return new TreeSet();}@Overridepublic boolean handleFault(SOAPMessageContext context) {
public boolean handleFault(SOAPMessageContext context) {return false;}}@Overridepublic void close(MessageContext context) {//}Again we must attach this handler to the client code by performing the following steps.In the project explorer, expand the “Web Service References” folder, right-click on the webservice (SampleWS) and choose “Configure Handlers ”Click the Add button and browse to the Handler we just created. Click OK to apply thehandler.Right-click the Client Project and select Run. Assuming the username/password you arepassing to the wss username token processor are correct you should be able to execute theweb service call successfully:Now we have a web services client and server talking to each other and being secured viaSAML/WS-Security.Useful tests at this point are to: Change the credentials and see what a failed authentication looks like. Change the certificate used to sign the SAML token on the IDP side to see what aninvalid assertion looks like.Step Four: Issuing and consuming a local SAML token on the Web ServiceNow that the service is protected we now want to personalize the web service. So now wewant to grab a local SAML token and say hello to the subject of the authentication.In the web service project, update the Handler using the code below. Bold is changed lines:package com.pingidentity.pmeyer.ws;import javax.xml.soap.*;
on;import java.net.MalformedURLException;import java.util.Set;import javax.xml.namespace.QName;import org.w3c.dom.Element;import .utils.StringUtils;/**** @author pmeyer*/public class SampleWSHandler implements SOAPHandler SOAPMessageContext {private static String STS ENDPOINT URL c boolean handleMessage(SOAPMessageContext messageContext) {System.out.println("In WSP getMessage.");Boolean isRequest (Boolean)messageContext.get(MessageContext.MESSAGE OUTBOUND PROPERTY);//for response message only, true for outbound messages, false for inboundif (!isRequest) {try {SOAPMessage soapMsg messageContext.getMessage();SOAPHeader soapHeader soapMsg.getSOAPHeader();NodeList secHeaders -secext-1.0.xsd","Security");if (secHeaders.getLength() 0) {generateSOAPErrMessage(soapMsg, "No Security Header");}Element securityHeader (Element) secHeaders.item(0);STSClientConfiguration stsClientConfiguration .setStsEndpoint(STS ENDPOINT s(true);STSClient client;try {client new STSClient(stsClientConfiguration);} catch (MalformedURLException e) {throw new RuntimeException(e);}SamlToken token;try {token er);} catch (SecurityTokenException e) {throw new RuntimeException(e);}if (token null) {generateSOAPErrMessage(soapMsg, "No security token found");}boolean valid false;try {valid client.validateToken(token);} catch (STSClientException e) {generateSOAPErrMessage(soapMsg, e.getMessage());}
}if (!valid) {generateSOAPErrMessage(soapMsg, "Security token invalid");} else {// We have a valid token. did we swap for local token?System.out.println("WSP: VALID.");try {Element localTokenXML client.issueToken(token);SamlToken localToken new Saml20Token(localTokenXML);String nameID "subject", ontext.Scope.APPLICATION);System.out.println("WSP: SAML Identity is:");System.out.println(nameID);} catch (Exception stsE) {// probably an invalid local SAML token returnedSystem.out.println(stsE.getMessage());}}} catch (SOAPException e) {System.err.println(e);}}}return true;@Overridepublic boolean handleFault(SOAPMessageContext context) {return true;}@Overridepublic void close(MessageContext context) {}@Overridepublic Set QName getHeaders() {return null;}}private void generateSOAPErrMessage(SOAPMessage msg, String reason) {try {SOAPBody soapBody t soapFault n);throw new SOAPFaultException(soapFault);} catch (SOAPException e) {}}With these extra lines we are requesting a new local SAML token and parsing the subjectout of there. (Note: there is no reason you can’t use the subject from the initial tokenreceived, I was just playing with the issuance of a local token at this point)We are also passing along the subject of the SAML token in the message context. So toretrieve that from the web services code we need to modify the web service as such:package ndler.MessageContext;/**** @author pmeyer*/
*/@WebService(serviceName "SampleWS")@Stateless()@HandlerChain(file "SampleWS handler.xml")public class SampleWS {@Resourceprivate WebServiceContext context;@WebMethod(operationName "hello")public String hello(@WebParam(name "name") String txt) {MessageContext msgContext context.getMessageContext();String thisUser "[Unknown]";if (msgContext.containsKey("subject")) {thisUser msgContext.get("subject").toString();}}}return "Hello " thisUser " !";Now when you run the client you should see the subject of the security token beingwelcomed:Things to try at this point are to add attributes to the assertion and pass them through to theweb service.Along the same lines, to pass values from the Web Services client through to the Handler,you can modify the Web Services client code as following to pass the username andpassword:Web Services client code:package sampleclient;import javax.xml.ws.BindingProvider;/**** @author pmeyer*/public class SampleClient {/*** @param args the command line arguments*/public static void main(String[] args) {System.out.println(hello("Oscar"));}private static String hello(java.lang.String name) {com.pingidentity.pmeyer.ws.SampleWS Service service newcom.pingidentity.pmeyer.ws.SampleWS Service();com.pingidentity.pmeyer.ws.SampleWS port service.getSampleWSPort();
com.pingidentity.pmeyer.ws.SampleWS port service.getSampleWSPort();((BindingProvider) port).getRequestContext().put("username", "user234");((BindingProvider) port).getRequestContext().put("password", "User234");}}return port.hello(name);In addition we also need to modify the Web Services client SOAP Handler to use thevalues provided in the request context rather than the hard
Ping Java SDK and Web Services (WS-Trust) In an effort to get my head around Java Web Services I have thrown together a quick Client/Service scenario to learn how everything works. I am not the most advanced Java developer and I am continually confused by all the different frameworks and interfaces that
AWS SDK for JavaScript AWS SDK for JavaScript code examples AWS SDK for .NET AWS SDK for .NET code examples AWS SDK for PHP AWS SDK for PHP code examples AWS SDK for Python (Boto3) AWS SDK for Python (Boto3) code examples AWS SDK for Ruby AWS SDK for Ruby co
java.io Input and output java.lang Language support java.math Arbitrary-precision numbers java.net Networking java.nio "New" (memory-mapped) I/O java.rmi Remote method invocations java.security Security support java.sql Database support java.text Internationalized formatting of text and numbers java.time Dates, time, duration, time zones, etc.
Java Version Java FAQs 2. Java Version 2.1 Used Java Version This is how you find your Java version: Start the Control Panel Java General About. 2.2 Checking Java Version Check Java version on https://www.java.com/de/download/installed.jsp. 2.3 Switching on Java Console Start Control Panel Java Advanced. The following window appears:
AWS SDK for JavaScript Developer Guide for SDK Version 3 Maintenance and support for SDK major versions What is the AWS SDK for JavaScript? Welcome to the AWS SDK for JavaScript Developer Guide. This guide provides general information about setting up and configuring the AWS SDK for JavaScript. It also walks you through examples and tutorial
ANDROID SDK INSTALLATION . Receive the SDK . After receiving information on how to retrieve the ZIP File containing the SDK, use the following steps on to install the SDK properly. Install Static Library & Header . To install the Barometric SDK, add the files included in the zip file to the listed locations below. .ZIP FILES FILE LOCATION
3 About Nokia Java SDK installation and configuration This guide describes how to install and configure the Nokia SDK for Java. Target audience The guide is meant for developers who plan to create content and application for mobile phone handsets that conform to the Nokia SDK for Java. Scope The help contains the following main sections:
The AWS SDK for Java provides a Java API for Amazon Web Services. Using the SDK, you can easily build Java applications that work with Amazon S3, Amazon EC2, Amazon SimpleDB, and more. We regularly add support for new s
INTRODUCTION 5 562, 579, 582, 585, 591, 592, 610). Population genetics, for example, identifies the conditions—selection pressures, mutation rates, population
