" ---------------------------------------------------------------------------------------
The files in this directory are as follows:

	SstWSSecurityInsurancePolicyServerInterface.xml - a service deployment descriptor for the VAST Web services Insurance example.
	This deployment descriptor adds a custom security handler for the namespace 'urn:SstWSInsurancePolicyInterface'.  All incoming
	SOAP requests targeted at the 'urn:SstWSInsurancePolicyInterface' will first pass through the sample security handler 
	'SstWSInsurancePolicySecurityHandler'.

	SstWSSecurityInsurancePolicyClientInterface.xml - a client service deployment descriptor for the VAST Web services Insurance example.
	This deployment descriptor is nearly identical to the file SstWSInsurancePolicyClientInterface found in the Web services 'common' samples 
 	directory.  The only addition is a <schemaUrl> entry for the WS-Security schema.  The handler SstWSSecurityHeaderGenerationHandler
	requires the WS-Security schema in order to properly include a 'Security' header in the SOAP outgoing message.

"  -----------   Test setup ---------------------------------------------------------- "


" Updates configuration so that the 'rpc_literal' test resources are properly resolved.  
  This step establishes settings in the active XML configuration causing unqualified WSDL
  resources to be retrieved from the 'rpc_literal' test directory.  "
SstWebServicesInsuranceExample setupRpcLiteral


" Start an HTTP file server to serve required service deployment files.  Files are served from the
  'samples\sstws\common'   subdirectory "
 |server|
 server := SstHttpServerExample runAt: 'http://:63001' 
	in: SstWebServicesInsuranceExample wsCommonResourceDirectory
        
"  ---------------------------   Invocation of operations ------------------  
The scripts below invoke the 'about' operation of the insurance example passing various pieces of security
information.  Read the comment for each script to determine the expected result. 
-------------------------------------------------------------------------------------------- "

" Create a new container, and deploy the secure insurance example deployment descriptor to the
   new container  "
SstWSContainer clearAll.
[ | container resourceName |
	container := SstWSContainer createContainerNamed: 'VastSampleServerContainer'.
	resourceName := SstWebServicesInsuranceExample qualifiedResourceNameFor: 'SstWSSecureInsurancePolicyServerInterface.xml' 
		subDirectory: 'ws_security'.
	container deploy: resourceName.
 AbtXmlUtility log: 'Server deployment completed' ] fork.



" Create the client container and deploy the example Insurance service  "
[  |aContainer serviceCollection resourceName |
  	aContainer := SstWSContainer createContainerNamed:  'VastSampleClientContainer'.
  	resourceName := SstWebServicesInsuranceExample qualifiedResourceNameFor: 'SstWSSecureInsurancePolicyClientInterface.xml' 
		subDirectory: 'ws_security'.
  serviceCollection := aContainer deploy: resourceName.
  AbtXmlUtility log: 'Client deployment completed'  ] fork.



" Invoke the 'about' operation passing a valid userid/password combination "
[|aContainer service |
aContainer := SstWSContainer containerNamed:  'VastSampleClientContainer' 
	ifNone: [ SstWSContainer createContainerNamed: 'VastSampleClientContainer' ].
service := aContainer serviceManager serviceNamed: 'SstWSInsurancePolicyInterface' 
	inNamespace: 'http://www.SstWSInsurancePolicyInterface.com/SstWSInsurancePolicyInterface-impl'.
service sstUsernameToken: ( SstWSUsernameToken new username: 'userid' ; password: 'password' ).
service about inspect ] fork.


" Invoke the 'about' operation passing an invalid userid/password combination "
[|aContainer  service |
aContainer := SstWSContainer containerNamed:  'VastSampleClientContainer' 
	ifNone: [ SstWSContainer createContainerNamed: 'VastSampleClientContainer' ].
service := aContainer serviceManager serviceNamed: 'SstWSInsurancePolicyInterface' 
	inNamespace: 'http://www.SstWSInsurancePolicyInterface.com/SstWSInsurancePolicyInterface-impl'.
service sstUsernameToken: ( SstWSUsernameToken new username: 'userid' ; password: 'invalid password' ).
service about inspect ] fork.


" Invoke the 'about' operation passing a username but no password.  This is often done to 
establish identity without performing any authentication checks.  The handler SstWSInsurancePolicySecurityHandler
allows the 'anonymous' userid to be specified with any password or no password."
[|aContainer  service |
aContainer := SstWSContainer containerNamed:  'VastSampleClientContainer' 
	ifNone: [ SstWSContainer createContainerNamed: 'VastSampleClientContainer' ].
service := aContainer serviceManager serviceNamed: 'SstWSInsurancePolicyInterface' 
	inNamespace: 'http://www.SstWSInsurancePolicyInterface.com/SstWSInsurancePolicyInterface-impl'.
service sstUsernameToken: ( SstWSUsernameToken new username: 'anonymous' ).
service about inspect ] fork.


"  Invoke the 'about' operation without passing 'Security' header.  The server security handler
will raise an exception.  "
[|aContainer  service |
aContainer := SstWSContainer containerNamed:  'VastSampleClientContainer' 
	ifNone: [ SstWSContainer createContainerNamed: 'VastSampleClientContainer' ].
service := aContainer serviceManager serviceNamed: 'SstWSInsurancePolicyInterface' 
	inNamespace: 'http://www.SstWSInsurancePolicyInterface.com/SstWSInsurancePolicyInterface-impl'.
service sstUsernameToken: nil.
service about inspect ] fork.



"  Invoke the 'about' operation and include an HTTP 'Authorization' header containing the
  authorization credentials of the client.   For this case, the authorization credential is stored
  as a String "
[|aContainer  service |
aContainer := SstWSContainer containerNamed:  'VastSampleClientContainer' 
	ifNone: [ SstWSContainer createContainerNamed: 'VastSampleClientContainer' ].
service := aContainer serviceManager serviceNamed: 'SstWSInsurancePolicyInterface' 
	inNamespace: 'http://www.SstWSInsurancePolicyInterface.com/SstWSInsurancePolicyInterface-impl'.
service 
	sstUsernameToken: ( SstWSUsernameToken new username: 'anonymous' ) ;
	sstAuthCredential: 'username:httpPassword'.
service about inspect ] fork.



"  Invoke the 'about' operation and include an HTTP 'Authorization' header containing the
  authorization credentials of the client.   For this case, the authorization credential is stored
  as an SstWSAuthCredential object "
[|aContainer  service |
aContainer := SstWSContainer containerNamed:  'VastSampleClientContainer' 
	ifNone: [ SstWSContainer createContainerNamed: 'VastSampleClientContainer' ].
service := aContainer serviceManager serviceNamed: 'SstWSInsurancePolicyInterface' 
	inNamespace: 'http://www.SstWSInsurancePolicyInterface.com/SstWSInsurancePolicyInterface-impl'.
service 
	sstUsernameToken: ( SstWSUsernameToken new username: 'anonymous' ) ;
	sstAuthCredential: (SstWSAuthCredential new username: 'userid' ; password: 'httpPassword' ).
service about inspect ] fork.



