Configuring Security Using NetBeans IDE

This section describes the following tasks:

• To Secure the Service

• To Secure the Client

To Secure the Service

To use the IDE to configure security for a web service and/or a web service operation, perform the following steps.

1. Create or open your web service.

   If you need an example of how to create a web service, refer to Chapter 3, WSIT Example Using a Web Container and NetBeans IDE.

   ---

   Note –

   When creating an application using the wizards in NetBeans IDE and running on GlassFish, the Java EE Version defaults to Java EE 5. This results in an application compliant with JSR-109, Implementing Enterprise Web Services, which can be read at http://jcp.org/en/jsr/detail?id=109. If you select a value other than the default, for example, J2EE 1.4, the application that is created is not JSR-109 compliant, which means that the application is not JAX-WS, but is JAX-RPC.

   ---

2. In the Projects window, expand the Web Services node.

3. Right-click the node for the web service you want to secure.

4. Select Edit Web Service Attributes.

   When the Web Service Attributes Editor is opened, the WSIT Configuration options appear (see Figure 7–1).

   Figure 7–1 Web Service Attributes Editor Page

   
   

5. Select Secure Service.

   This option enables WSIT security for all of the operations of a web service.

   For information on how to secure selected operations, refer to Securing Operations and Messages.

6. Select a Security Mechanism from the list.

   Most of the mechanisms are fully functional without further configuration, however, if you’d like to customize the mechanism, click Configure to specify the configuration for that mechanism.

   Options in the Configure dialog are discussed in Security Mechanism Configuration Options.

7. Specify Keystore, Truststore, STS, SSL, and/or user information as required for the selected security mechanism.

   Refer to the entry for the selected security mechanism in Table 7–1. This table summarizes the information that needs to be set up for each of the security mechanisms.

8. Click OK to save your changes.

9. Run the web application by right-clicking the project node and selecting Run Project.

10. Verify the URL of the WSDL file before proceeding with the creation of the web service client.

    The client will be created from this WSDL file, and will get the service’s security policies through the web service reference URL when the client is built or refreshed.

Next Steps

The WSIT Configuration file that is used when the web service is deployed can be viewed by expanding the Web Pages->WEB-INF elements of the application in the tree, and then double-clicking the wsit-package.service.xml file to open it in the editor. The full contents of an example service-side WSIT configuration file can be viewed at Service-Side WSIT Configuration Files.

Steps for configuring an example application are provided for several of the mechanisms. See the following sections for a complete example of how to configure a web service and a web service client to use these security mechanisms:

• Example: Username Authentication with Symmetric Keys (UA)

• Example: Mutual Certificates Security (MCS)

• Example: Transport Security (SSL)

• Example: SAML Authorization over SSL (SA)

• Example: SAML Sender Vouches with Certificates (SV)

• Example: STS Issued Token (STS)

To Secure the Client

All of the steps in To Secure the Service need to be completed before you create your web service client. The service’s security policies are defined in its WSDL. You specify this WSDL file when you create the client application so that the client is configured to work with the service’s security mechanism through the web service reference URL when the client is built or refreshed.

To use the IDE to configure security for a web service client, perform the following steps.

1. Create a client for your web service.

   If you need an example of how to do this, see Creating a Client to Consume a WSIT-Enabled Web Service.

   If you are creating a client for a mechanism that will use SSL, specify the secure port for running the client when completing the New Web Service Client step. To do this, type https:// fully_qualified_hostname:8181/rest_of_url in the WSDL URL field of the New Web Service Client wizard. For the example, this is the way to specify the secure URL for CalculatorWS web service:

   https://fully_qualified_hostname:8181/CalculatorApplication/CalculatorWSService?wsdl

   ---

   Note –

   If you prefer to use localhost in place of the fully-qualified hostname when specifying the URL for the service WSDL, you must follow the workaround described in Transport Security (SSL) Workaround.

   ---

2. In the Projects window, expand the client node.

3. Expand the Web Service References node.

4. Right-click the node for the web service reference you want to secure.

5. Select Edit Web Service Attributes.

   When the Web Service References Attributes Editor is opened, select the WSIT tab to display the WSIT options (see Figure 7–2).

   Figure 7–2 Web Service References Attributes Editor Page for Web Service Clients

   
   

6. Refer to Table 7–2 for a summary of what options are required on the client side. The configuration requirements for the client are dependent upon which security mechanism is specified on the server side.

7. Click OK to save your changes.

   The WSIT configuration information is saved in two files under Source Packages->META-INF.

Next Steps

To view the WSIT configuration files, in the tree, drill down from the project to Source Packages->META-INF. Double-click on serviceService.xml or wsit-client.xml to view the contents. The full contents of example client WSIT configuration files can be viewed at Client-Side WSIT Configuration Files.