Archive for June, 2010

A book of five rings

These days I am reading two different translations of the same book “Go Rin No Sho” a book originally written by famous Japanese warrier Miyamoto Mushashi(1584-1646).  Why two translations of the same book and why I read both?. To understand let’s go into some detail.

Miyamoto Mushashi lived in a time where Feudal Japan is ruled by various warrier clans. He was a wondering Samurai (Ronin) who travelled alone honing his sword skills. He faced many duals with famous Samurai many of which were between life and death.

He survived all the duals  he fought and later his life he lived an ascetic life and just few months before his death wrote “A book of five rings”. This book was about strategy. The strategies he learned from his life and death duals and his life long learning. Those days his followers used these strategies in real war. As time passed when business became the war between people, companies and nations, some started to use those strategies in business.
The translation by Victor Harris try to interpret the original content intended by Mushashi. The translation by Thomas Cleary try to interpret the ideas targeting the business world.

The idea is that wherever strategy is involved these ancient techniques still give insight into winning. Present WBA heavyweight boxing champion David Haye said that his camp trained according to Art of War by Sun Tzu, another ancient strategy book famous among todays strategists. His opponent was seemingly ahead of every aspect but to astonishment of many(including me), he won the fight.

It is said that Australian cricket team and Philiphines Manny Pacquiao(currently WBO welter weight champ) and many other sport teams also use Art of War.
Some of the well know general guide lines of Mushashi are as follows

1. Do not think dishonestly.
2. The Way is in training.
3. Become acquainted with every art.
4. Know the Ways of all professions
5. Distinguish between gain and loss in worldly matters.
6. Develop an intuitive judgement and understanding for everything.
7. Perceive those things which cannot be seen.
8. Pay attention even to trifles.
9. Do nothing which is of no use.

Read Full Post »

I have a proxy service deployed in my esb server. This service will verify the signature of the incoming messages and decrypt them before sending it to the target service. I send the messges to ESB using WSO2 wsclient which is bundled with WSO2 WSF/C. To sign the messages I use Alice’s private key. To encrypt the messages I use the public key received from ESB ( You can find Alice’s samples keys bundled with WSF/C samples. More on ESB keys during this article).

To deploy that service I followed the following procedure. I first created a simple pass through service using the Add/Proxy Service menu. I gave the target server as my WSAS instance running on a separate server. After that I selected the created proxy service and added security using the Sign and Encrypt option. I also gave the private and trusted key store as wso2carbon.jks. I also added Alice’s public key to the wso2carbon.jks key store using WSO2 ESB admin console facilities.

Now my services are ready, I wanted to use WSO2 wsclient (A command line web services client tool) to access the service through ESB. To learn more about how to use wsclient and how to secure your messages using it please refer to [1] and [2]. To encrypt and sign messages wsclient use server certificate in PEM format. We give the server certificate using –recipient-certificate option.  Usually I use my wsclient command line tool to access web services deployed in Apache2 server. So I knew how to generate my server certificates in PEM format from  PKCS key stores. But did not know how to generate PEM certificates from JKS key stores. Howerver I could not find a direct way to do this. Following is how I did this using java keytool and openssh x509 commands.

keytool -export -file wso2carbon.cer -keystore /wso2carbon.jks -alias wso2carbon

In this step we create a wso2carbon.cer file using wso2carbon.jks server keystore. Here you will be asked the password for the keystore entry alias.

After that I executed the following command to create the recipient certificate in PEM format.

openssl x509 -out wso2carbon.pem -outform pem -in wso2carbon.cer -inform der

Now I could use the created pem certificate to execute the following command to access the service

./wsclient –log-level error –no-wsa –soap –no-mtom –sign-body –key /alice_key.pem –certificate /alice_cert.cert –recipient-certificate /wso2carbon.pem –encrypt-payload –policy-file ./policy.xml  http://localhost:8280/services/SignEncProxy < ./data/POService.xml


[1] https://damithakumarage.wordpress.com/2008/10/04/access-secure-enabled-web-services-from-command-line/

[2] https://damithakumarage.wordpress.com/2010/05/25/using-wso2-wsclient-generate-your-custom-soap-messages-for-you/


Read Full Post »

There are many ways you can write a web service and deploy it in WSO2 WSAS application server environment. I already to explained how to deploy your POJO service in Eclipse platform.
Here I’ll explain in detail the top down approach(Contract first) using WSAS admin console. I don’t use Eclipse platform here. An WSO2 Oxygentank article, “Deploying Web Services using Apache Axis2 Eclipse Plugins” explain using Eclipse plugins for deploying your web services using contract first approach.

I started code generating for POWSDL

I used the WSO2 WSAS admin UI to generate my service code. Select the WSDL2Java tool under tools menu.  In the -uri option select the wsdl from your filesystem and upload it. I selected the options -ss, -sd and -u.  When you click generate it will generate the code and download it to your local file system as a zip file.

I unzipped this file and add my server code at src/org/wso2/carbon/core/services/po/POServiceSkeleton.java as

public org.wso2.carbon.core.services.po.BuyStocks buyStocks
(org.wso2.carbon.core.services.po.BuyStocks buyStocks)
return buyStocks;

Note that at the root of the unzipped folder there is a pom.xml file. So you execute mvn to build your source. If you have a maven repository already with required jars it is advised to use mvn with -o option so that maven will not download already existing jars in your repository.

When the build is completed you will have target/build/lib/POService.aar ready to be deployed in WSO2 WSAS.

I then uploaded this in to WSAS as an Axis2 service. To do that in WSAS admin UI under services menu select add Axis2 Service sub menu. Then just browse to your aar file and click upload. Your POService will be listed in the services list.


Read Full Post »