Previous Topic: How to Set Log Files, and Command-line Help to Another LanguageNext Topic: Troubleshoot Issues Related to Protected Web Services Making Use of Apache Commons Logging and Log4j

Web Services Security GuidesCA SiteMinder® Web Services Security Agent for Oracle WebLogic GuideFinal Steps

Final Steps

This section contains the following topics:

Prevent WebLogic 10 from Loading Incompatible Version of XML Security

Restart WebLogic

Configure Web Services to Invoke the SiteMinder WSS Agent JAX-RPC Handler

Configure Policies for the SiteMinder WSS Agent

Troubleshoot Issues Related to Protected Web Services Making Use of Apache Commons Logging and Log4j

Prevent WebLogic 10 from Loading Incompatible Version of XML Security

By default, Weblogic Server 10 loads an older version of XML security (1.3.0) that is incompatible with the version used by the SiteMinder WSS Agent (1.4.1).

To prevent WebLogic 10 from loading the 1.3.0 XML security JAR, rename WLS_HOME\modules\com.bea.core.apache.xml.security_1.3.0.jar to some other name. For example, com.bea.core.apache.xml.security_1.3.0_backup.jar.

Restart WebLogic

After completing WebLogic-side configuration of the SiteMinder WSS Agent, you must restart the WebLogic server.

Configure Web Services to Invoke the SiteMinder WSS Agent JAX-RPC Handler

To protect a JAX-RPC web service using the SiteMinder WSS Agent, you must configure it to invoke the SiteMinder WSS Agent JAX-RPC Handler. To do this, you must add the SiteMinder WSS Agent JAX-RPC Handler class (com.ca.soa.agent.appserver.jaxrpc.XMLAgentJaxrpcHandlerProxy) to the web service deployment descriptor in the webservices.xml file.

You can do this manually by editing the webservices.xml file for each JAX-RPC web service module. However, if your web services are implemented as JWS files and you have set up an Ant-based development environment, it is more efficient to update your web services to use handler chains.

Manually Edit JAX-RPC Web Service Deployment Descriptors

To configure JAX-RPC web services not implemented as JWS files to invoke the SiteMinder WSS Agent, you must manually edit their deployment descriptors to add the SiteMinder WSS Agent JAX-RPC Handler.

Follow these steps:

  1. Unpack the enterprise archive (EAR) containing one or more web services.
  2. Examine the EAR to determine which of the modules within it contains a JAX-RPC web service.(A module that contains a JAX-RPC web service if it has a webservices.xml file in the META-INF folder for EJB endpoints, or the WEB-INF folder for servlet endpoints.)
  3. For each module in the EAR identified as a JAX-RPC web service:
    1. Unpack the archive containing the module. (The archive will be a JAR file for EJB endpoints and a WAR file for servlet endpoints.)
    2. Find the webservices.xml file.
    3. For each port-component element found in the webservices.xml file, add a handler element: 
      <handler>
   <handler-name>WSS Agent Handler<handler-name>
   <handler-class>
      com.ca.soa.agent.appserver.jaxrpc.XMLAgentJaxrpcHandlerProxy
   </handler-class>
</handler>

      Note: The WSS Agent JAX-RPC handler must always be invoked first; If other handler elements are already present or subsequently added to the webservices.xml file, the WSS Agent JAX-RPC Handler element must be placed before them.

  4. Repackage the module into the appropriate archive type (JAR or WAR).
  5. When all modules have been configured, repackage the EAR.
  6. Install or update the enterprise application.
Use Handler Chains

The most efficient way to configure services implemented as JWS files to invoke the SiteMinder WSS Agent is to define the SiteMinder WSS Agent JAX-RPC Handler class in a handler chain configuration file which can then be referenced from the JWS files of all web services in your enterprise that you need to protect.

Note: The following procedures assume that you have set up an Ant-based development environment and have a working build.xml file that includes a target for running the jwsc Ant task.

Use a Handler Chain to Invoke the SiteMinder WSS Agent for HTTP Requests

To configure services implemented as JWS files to invoke the SiteMinder WSS Agent for requests received over HTTP transport, define the SiteMinder WSS Agent JAX-RPC Handler class in a handler chain configuration file.

Follow these steps:

  1. Create a handler chain configuration file that defines a JAX-RPC handler chain. The chain can include as many handler classes as you require but must define the SiteMinder WSS Agent JAX-RPC Handler class first.

    Example HandlerConfig.xml: 

    <jwshc:handler-config xmlns:jwshc="http://www.bea.com/xml/ns/jws"
 xmlns:soap1="http://HandlerInfo.org/Server1"
 xmlns:soap2="http://HandlerInfo.org/Server2"
 xmlns="http://java.sun.com/xml/ns/j2ee" >
  <jwshc:handler-chain>
   <jwshc:handler-chain-name>HandlerChainName</jwshc:handler-chain-name>
   <jwshc:handler>
	  <handler-name>handlerOne</handler-name>
	  <handler-class>com.ca.soa.agent.appserver.jaxrpc.XMLAgentJaxrpcHandlerProxy
	  </handler-class>
	</jwshc:handler>
  </jwshc:handler-chain>
</jwshc:handler-config>
    HandlerChainName

    Specifies the name of handler chain.

  2. Add the JWS annotation @HandlerChain(file="HandlerConfig.xml", name="HandlerChainName") to the web service JWS file.
  3. Rebuild the JWS web service.

WebLogic server will invoke SiteMinder WSS Agent JAX-RPC handler.

Note: For more information on SOAP message handlers and handler chains, see the WebLogic documentation.

Use a Handler Chain to Invoke the SiteMinder WSS Agent for JMS Requests

To configure services implemented as JWS files to invoke the SiteMinder WSS Agent for requests received over JMS transport, define the SiteMinder WSS Agent JAX-RPC Handler class in a handler chain configuration file.

Follow these steps:

  1. Create a handler chain configuration file that defines a JAX-RPC handler chain. The chain can include as many handler classes as you require but must define the SiteMinder WSS Agent JAX-RPC Handler class first.

    Example HandlerConfig.xml: 

    <jwshc:handler-config xmlns:jwshc="http://www.bea.com/xml/ns/jws"
 xmlns:soap1="http://HandlerInfo.org/Server1"
 xmlns:soap2="http://HandlerInfo.org/Server2"
 xmlns="http://java.sun.com/xml/ns/j2ee" >
  <jwshc:handler-chain>
   <jwshc:handler-chain-name>HandlerChainName</jwshc:handler-chain-name>
   <jwshc:handler>
	  <handler-name>handlerOne</handler-name>
	  <handler-class>
	    com.ca.soa.agent.appserver.jaxrpc.jms.XMLAgentJMSJaxrpcHandlerProxy
	  </handler-class>
	</jwshc:handler>
  </jwshc:handler-chain>
</jwshc:handler-config>
    HandlerChainName

    Specifies the name of handler chain.

  2. Add the JWS annotation @HandlerChain(file="HandlerConfig.xml", name="HandlerChainName") to the web service JWS file.
  3. Rebuild the JWS web service.

WebLogic server will invoke SiteMinder WSS Agent JAX-RPC handler for JMS requests.

Note: For more information on SOAP message handlers and handler chains, see the WebLogic documentation.

Configure Policies for the SiteMinder WSS Agent

You create authentication and authorization policies to protect web service resources hosted on WebLogic from their associated WSDL files using the Administrative UI. For more information, see the CA SiteMinder® Web Services Security Policy Configuration Guide.