Welcome to this learning unit on More on TWS – Part 1.

You will learn more features available in TWS in this session.

1
At the end of the session, you will be able to:

Use PW fields in TWS

Implement WS-Security feature in TWS

2
The next important change in TWS R13 is the support for Process Workflow. If you
look at the OFS messages in this slide, you can see some additional information as a
part of the OFS message. Those fields are PW fields. The PW.ACTIVITY.TXN record
is also generated in the output along with the actual FT record. This FT record will be
in IHLD state.

3
Here you can see a sample OFS request and response without PW fields.

4
When you closely observe the request and response generated using TWS (EE), you
can see several new fields added to the request and the message portion of the
response also has additional information. These are PW fields now part of
OFSFunction block in the request message. These are not mandatory fields. Hence
providing values for these fields is based on the user requirement. The contents of the
response message part would be stored in PW.ACTIVITY.TXN.

5
The PW.ACTIVITY.TXN record is also generated in the output and the actual FT
record requested will be in IHLD state.

6
This is the request and response generated by TWS (.NET). Here you can observe
that several new fields added to the request and the message part of the response
carries additional information. These are the PW fields. PW fields are now part of
OFSFunction block in the request message. These are not mandatory fields. Hence
providing values for these fields is based on the user requirement. The contents of the
response message part would be stored in PW.ACTIVITY.TXN.

7
The PW.ACTIVITY.TXN record is also generated in the output and the actual FT
record requested will be in IHLD state.

8
Provide values for PW fields in the web service and check the records created
in T24.

Note: Test PW fields in both TWS EE and .NET.

9
WS-Security (Web Services Security, short WSS) is a flexible and feature-rich
extension to SOAP to apply security to web services. It is a member of the
WS-* family of web service specifications and was published by OASIS. It
incorporates security features in the header of the SOAP message. It specifies
standards to protect the integrity and confidentiality of the message. WS-
Security addresses:

Authentication
Signatures
Encryption

Let us explore the support for WS Security in TWS.

10
As a prerequisite, the OFS.SOURCE record in T24 which TWS is using should have
an attribute value of PREAUTHENTICATED.

11
12
1. In order to enable WS-Security in TWS java, select UserCredentials in Message
Header (WS-Security) property is provided in the login dialog box.
2. Once you select this option, then the username provided in the SOAP Header will
be mapped to the web request common and the password is not provided.

13
When you create a TWS(EE) project with WS-Security enabled, the following contents
are added to the project:

1. wsit-com.temenos.tws.T24WebServicesImpl.xml - WSIT Configuration file

2. wsit-api.jar - This module contains the Metro WSIT API
3. wsit-impl.jar - This module contains the Metro WSIT runtime code

This option is available under WSDL properties.

Note: Metro is a high-performance, extensible, easy-to-use web service stack. It is a

one-stop shop for all your web service needs, from the simplest hello world web
service to reliable, secured, and transacted web service. The Metro web service
stack is a part of the GlassFish community, but it can be also used outside
GlassFish.

14
When you talk about implementing WS-Security, there should be a program to validate
the user. The program name has to be specified in the wsit-
com.temenos.tws.T24WebServicesImpl.xml file as shown above.

15
This code checks whether the user name is libuser and the password is books. The
validation code can be implemented as per the requirement.

To know more about user validation code and how to specify the same in the wsit-
com.temenos.tws.T24WebServicesImpl.xml refer the below mentioned link:

http://www.ibm.com/developerworks/java/library/j-jws10/index.html

16
JBoss uses a default validator to validate in the absence of validator class . The
default validator validates security tokens against tomcat-users.xml file in conf folder.
To use the default validator, create tomcat-users.xml file inside
<jboss>/server/<default>/conf folder. You can see a sample tomcat-users.xml file
above.
If you want to test the web service generated using SOAPUI with jBoss default
validation, then you have to change the SOAP header as shown above.
The demo that you have seen here uses this form of validation.

17
Here you can see a SOAP request with User Credential in the SOAP header.

18
Here you can see the SOAP Response.

19
Here is a FT record in T24.

20
Create a new web service for ACCOUNT version to implement WS Security using
TWS (EE)

21
22
Let us explore the WS Security changes in TWS .NET:
WS-Security (Web Services Security, short WSS) is a flexible and feature-rich
extension to SOAP to apply security to web services.
1. In order to enable WS-Security in TWS .NET, select WS-Security property
provided under the Project Properties tab in the logon box to provide a standard
secure web service.
2. Once you select this option, the username provided in the SOAP Header is
mapped to the web request common without providing the password.

23
The web.config file generated includes the security features as highlighted above.

24
1. TWS(.NET) project created using WS-Security needs a user validation class.
2. The validation class name is specified in the UserNameAuthentication tag of the
web.config file.
3. This is referenced to the project and the library is placed in the bin directory of the
respective TWS project.
4. This custom validation class is provided in the security behaviour to be loaded
when the web service is executed.
5. The Authenticate credentials method in this class has to be modified to provide the
appropriate validation as required in production scenarios.
6. After generating the web service, you can observe that only UserName and
CompanyCode are set in the WebRequestCommon, and the Password is omitted.

Note: By default, there will be a validation class added to the TWS project. This class
is a dummy class that will authenticate any user credentials and hence this class
has to be removed and a custom validation class should be used for user
authentication.

25
To test the Web Service that is security enabled:

Step -1 : Deploy the Web service into IIS

Step -2 : Create and assign a certificate to the Web Service
Step -3 : Create a .NET project to test

As you know how to deploy the web service, now you will learn about step 2 and 3.

26
You have to obtain a certificate through an authentic Certificate Authority. For learning
purpose, you can use self signed certificate. The command “makecert.exe” can be
used to create a self signed certificate.
Ex:
makecert.exe -sr LocalMachine -ss MY -a sha1 -n CN=localhost -sky exchange –
pe

Give permission to read the private key using calcs.exe

Ex:
cacls.exe "C:\Documents and Settings\All Users\Application
Data\Microsoft\Crypto\RSA\Machinekeys\4d657b73466481beba7b0e1b5781db81_c22
5a308-d2ad-4e58-91a8-6e87f354b030" /E /G "NT AUTHORITY\NETWORK
SERVICE":R

Note:
You can simply assign the permission to the Machinekeys folder instead of running
this command.
The demo shown here is specific to IIS 5.1 and Windows XP. For Windows 7 and
above you can use the certificate console to achieve this task simply.

27
To assign the certificate to IIS:

1. Go to the properties of the website and select the ‘Directory Tab’.

2. Click on Server Certificate.
3. This will open the IIS Certificate Wizard. Select ‘Assign an existing Certificate’
option.
4. Select the certificate that has to be added and click on Next to continue with the
wizard.
5. This will assign the certificate to the website and to all the virtual directories under
the website.

Note:
This step is specific to IIS 5.1 and 6.0
Please refer to http://technet.microsoft.com/en-us/library/cc732230(WS.10).aspx for
assigning certificate to IIS 7.

28
The next step is to create a .NET application.
1. In the .NET application, select ‘Add Service Reference’ to the Web service.
2. Right click the reference option from ‘Solution Explorer’ project.
3. Specify the WSDL of the web service in the ‘Add Service Reference’ dialog box
and click on Go to get the service reference.
4. Specify the name for the reference and click on OK.

29
Here you can see a sample code about ‘How to consume the TWS Web Service’.

30
Ensure that the highlighted section is added to the configuration file of the application.
The file name is APP.CONFIG in case of windows application and WEB.CONFIG in
case of web application.

31
Now execute the application.

The code is written in such a way, that a successful execution of the FT should display
the FT ID. Here you can see the FT record.

32
Create a new web service for ACCOUNT version to implement WS Security using
TWS (.NET).

33
34
In this unit, you learnt
How to use PW fields in TWS
How to implement WS-Security feature in TWS

36
37