The following example application starts with the example provided in Chapter 3, WSIT Example Using a Web Container and NetBeans IDE and demonstrates adding transport security to both the web service and to the web service client.
For this example, the security mechanism of Transport Security (SSL) is used to secure the application. To add security to the service part of the example, follow these steps.
Create the CalculatorApplication example by following the steps described in the following sections of Chapter 3, WSIT Example Using a Web Container and NetBeans IDE:
Expand CalculatorApplication->Web Services, then right-click the node for the web service, CalculatorWS, and select Edit Web Service Attributes.
Deselect Reliable Messaging if it is selected.
Select Secure Service.
From the drop-down list for Security Mechanism, select Transport Security (SSL).
Click OK to close the WSIT Configuration dialog.
A new file is added to the project. To view the WSIT configuration file, expand Web Pages->WEB-INF, then double-click the file wsit-org.me.calculator.CalculatorWS.xml.
For Transport Security, the keystore and truststore files are configured outside of NetBeans IDE, in GlassFish. The keystore and truststore files for basic SSL come pre-configured with GlassFish, so there are no additional steps required for this configuration.
To require the service to use the HTTPS protocol, you have to specify the security requirements in the service’s application deployment descriptor, which is web.xml for a web service implemented as a servlet.
To specify the security information, follow these steps:
From your web service application, expand Web Pages->WEB-INF.
Double-click web.xml to open it in the editor.
Select the Security tab.
On the Security Constraints line, click Add Security Constraint.
Under Web Resource Collection, click Add.
Type a Name for the Resource, CalcWebResource. Type the URL Pattern to be protected, /*. Select which HTTP Methods to protect, for example, POST. Click OK to close this dialog.
Check the Enable User Data Constraint box. Select CONFIDENTIAL as the Transport Guarantee to specify that the application uses SSL.
Click the XML tab to view the resulting deployment descriptor additions.
Right-click the CalculatorApplication node and select Run Project. If the server presents its certificate, s1as, accept this certificate. A browser will open and display the WSDL file for the application.
Follow the steps to secure the client application as described in To Secure the Example Web Service Client Application (SSL).