This section demonstrates adding security to the web service client that references the web service created in the previous section. This web service is secured using the security mechanism described in Username Authentication with Symmetric Keys. When this security mechanism is used with a web service, the web service client must provide a username and password in addition to specifying the certificate of the server.
To add security to the client that references this web service, complete the following steps.
Create the client application by following the steps described in Creating a Client to Consume a WSIT-Enabled Web Service.
Whenever you make changes on the service, refresh the client so that the client will pick up the change. To refresh the client, right-click the node for the Web Service Reference for the client, and select Refresh Client.
Expand the node for the web service client application, CalculatorWSServletClient.
Expand the node for Web Service References.
Right-click CalculatorWSService and select Edit Web Service Attributes.
Select the WSIT Configuration tab of the CalculatorWSService dialog.
For this testing environment, provide a default username and password. To do this, follow these steps:
Expand the Username Authentication node.
Type the username and password that you created on GlassFish into the Default Username and Default Password fields. If you followed the steps in the section Adding Users to GlassFish, the user name is wsitUser and the password is changeit.
In a production environment, you should configure a Username Handler and a Password Handler class to eliminate the security risk associated with the default username and password options.
Provide the server’s certificate by pointing to an alias in the client truststore. To do this, select the Certificates node, click the Load Aliases button for the Truststore, then select xws-security-server from the Truststore Alias list.
Click OK to close this dialog.
In the tree, drill down from the project to Source Packages->META-INF. Double-click on CalculatorWSService.xml, and verify that lines similar to the following are present:
<wsp:All> <wsaws:UsingAddressing xmlns:wsaws="http://www.w3.org/2006/05/addressing/wsdl"/> <sc:CallbackHandlerConfiguration wspp:visibility="private"> <sc:CallbackHandler default="wsitUser" name="usernameHandler"/> <sc:CallbackHandler default="changeit" name="passwordHandler"/> </sc:CallbackHandlerConfiguration> <sc:TrustStore wspp:visibility="private" location="home\glassfish\domains\domain1\config\cacerts.jks" storepass="changeit" peeralias="xws-security-server"/> </wsp:All>
An example of this file can be viewed in the tutorial by clicking this link: Client-Side WSIT Configuration Files.
Right-click the CalculatorWSServletClient node and select Run Project.