Wednesday, 29 July 2015

Add Web Service Policy Reference for JEE clients - Explored

While working on something, I recently bumped into this cool feature in JDeveloper whereby you can easily consume secure web services through servlets. As usual, Jdevloper takes care of a lot of things for you, and all you really need to do is use the wizards and write some minimalist code.

In this usecase, I will demonstrate how a secure SOAP service can be consumed through a JEE client using the 'Add Policy Reference feature'. I will be consuming the service in JEE through a servlet.


  • For the purpose of this demo, I created a basic Hello service as below and secured it with the policy 'oracle/wss_username_token_service_policy'.
package pack;
import javax.jws.WebMethod;
import javax.jws.WebParam;
import javax.jws.WebService;
import weblogic.wsee.jws.jaxws.owsm.SecurityPolicy;

@SecurityPolicy(uri = "oracle/wss_username_token_service_policy")
public class Hello {
    public String helloWorld(@WebParam(name = "arg0") String s) {
        return "Hello " + s;

  • Create the web service proxy for this service in a new application. Select the corresponding client policy during creation of the proxy. This step is required since this is the proxy reference that we will be referring to in the servlet.

  • Create a servlet in the same project.

  • Right click on the servlet editor and select Insert Proxy Reference -> As shown, @WebServiceRef annotation gets generated with a reference to our proxy. 

  • Since the proxy also has client side security attached, we can now bring in the security aspect to the servlet as well. For this, place the mouse over @WebServiceRef and right click. Select the option to 'Add JEE Client Policy Annotations'. A confirmation dialog will show up. Select Yes in that to bring in the security annotations.

  • Modify the doGet method to add code to invoke the service. This involves  initializing the port, passing security information and calling the service.
    public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
        PrintWriter out = response.getWriter();
        out.println("<p>The servlet has received a GET. This is the reply.</p>");
        /*Add these lines to invoke secure service*/
        Hello port = helloService.getHelloPort();
        Map<String, Object> reqContext = ((BindingProvider)port).getRequestContext();
        reqContext.put(BindingProvider.USERNAME_PROPERTY, "weblogic");
        reqContext.put(BindingProvider.PASSWORD_PROPERTY, "weblogic1");
        /* End of add lines*/
  • Thats it. Run the servlet to see the output from the service.