OJA Generic Template
Download
Report
Transcript OJA Generic Template
A Guide to Secure Web
Services with GJXML
Hey I
downloade
d an IEPD!
Cool, how do you
write a web
service?
Moo! I
use Java
I use
.NET
Service-Oriented Architecture
The WIJIS Justice Gateway: A single, secure
point of read-only access to disparate state
and local justice information resources.
Local Law Enforcement
Records Management Systems
1)
Publish pointers from RMS
to Gateway Cache
2) End Users Search Cache,
WIJIS
3) Gateway requests Incident
Report from RMS
Request Incident Report
Justice
Gateway
5) Gateway displays
4) RMS returns Incident Report
Incident Report
WIJIS
WIJIS Developer Guide
Service providers should be mapping data to
GJXML, not bogged down in implementation
details
Provide
example WSDL – Contract First!
Server and client implementation in multiple languages
compile schema into objects
XSLT
http://www.wijiscommons.org/gjxdm_example/
WIJIS
Incident Report IEPD – The Homer Simpson
Case Study
IEPD can be downloaded here:
http://www.search.org/programs/info/xml-iep.asp
Let’s take a look, we see…
Instance Examples
Document and constraint schemas
Doh, Now what?
WIJIS
DOT NET 2.0 Instructions
Generate C# Objects from WSDL with this
command:
wsdl.exe /server
http://wijis.wisconsin.gov/wsdl/RecordRetrievalServiceWithIEPD.wsdl
Create .NET Web Service and add references
Example C# files and instructions here:
http://www.wijiscommons.org/gjxdm_example/#dotNet
WIJIS
Testing the Service – The Python Way
Create a sample invocation file
Run the sample python script
Script can be run over http, https or
https w/ client certificates
Keep the test client simple!
Examples available here:
http://www.wijiscommons.org/gjxdm_example/#client
WIJIS
Java Instructions - Overview
Generate Jar File from WSDL using Jaxb
Download sample Record Retrieval Service
Project for Eclipse
WIJIS provides Ant tasks in project
Full details at:
http://www.wijiscommons.org/gjxdm_example/#java
WIJIS
Make your XML look Pretty - XSLT
WIJIS Gateway invokes services, then:
WIJIS Needed to transform results
End users are not machines but humans
Distributing XSLT helps service providers
inspect Incident Reports before publishing
Instance and transformed documents here
http://www.wijiscommons.org/gjxdm_example/#xslt
WIJIS
WIJIS – Security Overview
Incident Report request conducted over
HTTPS with X509 Client Certificates
Layer 3 IP Address filtering
WIJIS runs our own certificate authority
Authorization granted based on name in
certificate
WIJIS
WIJIS – 4 Security Tests
Certificate signed by WIJIS Certificate
Authority
Certificate is not expired
Name in Certificate matches name on wire
Certificate has been revoked
WIJIS
X509 Certificate Request Process
Client creates a private key
openssl genrsa -out MyPrivateKey.key 1024
Using private key, client creates a Certificate
Signing Request (CSR)
openssl req -new -nodes -key MyPrivateKey.key -out MyCSR.csr
CSR sent to CA and signed certificate is returned
Signed certificate can be joined with Private Key
openssl pkcs12 -export -in MyCertificate.pem -inkey
MyPrivateKey.key -out MyPFXFile.pfx
WIJIS
X509 Certificate Tools
OpenSSL
useful for both .NET and Java users.
Keytool
useful only for Java users
Microsoft CertUtil – Not really useful for
anyone
WIJIS
Example Server Configurations with SSL and
Client Certificates
IIS 6.0
Step by Step available at:
http://www.wijiscommons.org/gjxdm_example/#dotNet
Apache Tomcat 5.5
Step by Step available at:
http://www.wijiscommons.org/gjxdm_example/#java
WIJIS
IEPD Distribution Suggestions
In addition to Instance Examples, include
Example WSDL
Auto-generated C# files and Jar Files (JaxB)
Sample Implementations and test client
XSLT with sample HTML output
WIJIS
Developer Guide – Return on Investment
Lowers the barriers to secure web services using
GJXML
Re-use of code saves developer time for
agencies/vendors and stretches grant $$
Vendors integrate with WIJIS once and can
distribute to all customers
Prior to Guide: 0 Services, now 7 vendors, over
73 agencies in 8 months
Links
wijiscommons.org/gjxdm_example – wijis
developer guide
oja.wi.gov/wijis – WIJIS Web Page
wijisgateway.org – WIJIS Blog
Contact Info
[email protected]
[email protected]