The WSIT Tutorial

ProcedureTo Secure the Example Service Application (STS)

The following example application starts with the example provided in Chapter 3, WSIT Example Using a Web Container and NetBeans IDE and demonstrates adding security to both the web service and to the web service client.

For this example, the security mechanism of STS Issued Token is used to secure the application. The steps are similar to the ones described in Example: Username Authentication with Symmetric Keys (UA), with the addition of creating and securing an STS.

To add security to the service part of the example, follow these steps.

  1. Create a user on GlassFish if you haven’t already done so. (see Adding Users to GlassFish).

  2. Create the CalculatorApplication example by following the steps described in the following sections of Chapter 3, WSIT Example Using a Web Container and NetBeans IDE.

    1. Creating a Web Service

    2. Skip the section on adding Reliable Messaging.

    3. Deploying and Testing a Web Service (first two steps only, do not run the project yet).

  3. Expand CalculatorApplication->Web Services, then right-click the node for the web service, CalculatorWS, and select Edit Web Service Attributes.

  4. Deselect the Reliable Messaging option if it is selected.

  5. Select Secure Service.

  6. From the drop-down list for Security Mechanism, select STS Issued Token.

  7. Select the Configure button. For Algorithm Suite, select Basic128 bit. For Key Size, select 128. Select OK to close the configuration dialog (the algorithm suite value of the service must match the algorithm suite value of the STS.)

    Note –

    If you have configured Unlimited Strength Encryption as described in To Create a Third-Party STS, you can leave the key size at 256. Otherwise, you must set it to 128.

  8. Click OK to exit the WSIT Configuration editor.

    A new file is added to the project. To view the WSIT configuration file, expand Web Pages->WEB-INF, then double-click the file

  9. Right-click the CalculatorApplication node and select Run Project. This step compiles the application and deploys it onto GlassFish. A browser will open and display the WSDL file for the application.

Next Steps

Follow the steps for creating and securing the Security Token Service as described in To Create and Secure the STS (STS).