XML and Web Services Security
Sample Applications

Implementation Version: EA 2.0

Building and Running the Sample Applications With ASant

You can build and run the XML and Web Services Security sample applications using the supplied asant and/or ant build files. This document assumes the user is deploying the sample applications to the Sun Java Systems Application Server, and thus asant is used for demonstration purposes. If you are deploying to a different application server, use the ant tool instead. To build, package, deploy, and run the sample applications, follow the correct steps for your platform:

For Solaris/Linux, follow these steps. On some shells, you would use setenv in place of export. When using setenv, replace the = with a space.

  1. Set the following variables as appropriate for your system:
    1. % export JAVA_HOME=<your J2SE installation directory>
    2. % export JWSDP_HOME=<your JWSDP 1.6 installation directory>
    3. % export SJSAS_HOME=<your Application Server installation directory> (or use SJSWS_HOME or TOMCAT_HOME) as applicable)
    4. % export ANT_HOME=$SJSAS_HOME (or the location of your Ant installation)
    5. % export PATH=$JWSDP_HOME/jwsdp-shared/bin;$SJSAS_HOME/bin:$PATH
  2. Edit the sample build.properties file, following these instructions:
    1. % cd $JWSDP_HOME/xws-security/samples/<sample-name>
    2. % cp build.properties.sample build.properties
    3. Edit build.properties as shown in Editing the build.properties file.
  3. To display usage information for the sample,
    % $ANT_HOME/bin/asant 
  4. Follow the instructions provided in %JWSDP_HOME%/xws-security/samples/<sample-name>/README.txt for setting up and running the example on each of the three possible containers.

For Windows NT/2000/XP:

  1. Set the following variables as appropriate for your system:
    1. > set JAVA_HOME=<your J2SE installation directory>
    2. > set JWSDP_HOME=<your JWSDP 1.6 installation directory>
    3. > set SJSAS_HOME=<your Application Server installation directory> (or use SJSWS_HOME or TOMCAT_HOME) as applicable)
    4. > set ANT_HOME=%SJSAS_HOME% (or the location of your Ant installation)
    5. > set PATH=%JWSDP_HOME%\jwsdp-shared\bin;%SJSAS_HOME%\bin;%PATH%
  2. Edit the sample build.properties file, following these instructions:
    1. > cd %JWSDP_HOME%\xws-security\samples\<sample-name>
    2. > copy build.properties.sample build.properties
    3. Edit build.properties as shown in Editing the build.properties file.
  3. To display usage information for the sample,
    > %ANT_HOME%\bin\asant
  4. Follow the instructions provided in %JWSDP_HOME%\xws-security\samples\<sample-name>\README.txt for setting up and running the example on each of the three possible containers.

Editing the build.properties file

Copy the file %JWSDP_HOME%\xws-security\samples\<sample-name>\build.properties.sample to build.properties. The following is a list of the configurable properties with a description of what needs to be modified in the build.properties file:

List of Sample Applications

samples/simple
This sample application lets you plug in different client and server-side configurations describing security settings. This example has support for digital signatures, XML encryption/decryption, and username token verification. This example allows and demonstrates combinations of these basic security mechanisms through configuration files. See the application's README.txt file for more information on running this example.
 
samples/jaas-sample
This sample demonstrates how to plugin a JAAS LoginModule for authentication. This example allows and demonstrates the following functionality:

  • Obtaining a username and password from the user at runtime. Sending the username and password in a WSS UsernameToken to the server.
  • Configuring the server application to use JAAS authentication to authenticate the username-password it received.
  • Using the SubjectAccessor API from within the endpoint implementation methods to access the sender's subject after authentication.
 
samples/api-sample
This sample application shows how to use the XWS-Security 2.0 APIs in a stand alone mode. This sample defines the XWSSProcessor interface and provides an implementation for it. The Client.java file uses the XWSSProcessor APIs to secure a SOAP message.

This sample does not require a container and uses configuration files that have the simpler structure starting with <xwss:SecurityConfiguration> as the root element. Other XWS-Security samples, such as the simple sample, that are based on JAX-RPC use <xwss:JAXRPCSecurity> as the root element. See the application's README.txt file for more information on running this example.

 
samples/swainterop
This sample application demonstrates the SwA interoperability scenarios. See the application's README.txt file for more information on running this example.
 
samples/samlinterop
This sample application demonstrates support for OASIS WSS SAML Token Profile 1.0 in XWS-Security. See the application's README.txt file for more information on running this example.
 
samples/dynamic-policy
This sample application demonstrates how the request and response security policies can be set at runtime from the SecurityEnvironmentHandler callback.

In this sample, the SecurityEnvironmentHandler inserts a SignaturePolicy at runtime asking for a signature over the body of the message. For the requesting side, this is equivalent to a <xwss:Sign> element in the configuration file, and for the receiving side this is equivalent to a <xwss:RequireSignature> element in the configuration file. Both the request and response contain a signature over the body. See the application's README.txt file for more information on running this example.

 
samples/dynamic-response
This sample application demonstrates using the certificate that arrived in a signed request to encrypt the response back to the requester. See the application's README.txt file for more information on running this example.