The WSIT Tutorial

ProcedureTo Secure the Example Service Application (SA)

The following example application starts with the example provided in Chapter 3, WSIT Example Using a Web Container and NetBeans IDE and demonstrates adding security to both the web service and to the web service client.

For this example, the security mechanism of SAML Authorization over SSL is used to secure the application. The steps are similar to the ones described in Example: Username Authentication with Symmetric Keys (UA), with the addition of the writing of a client-side SAML callback handler to populate the client’s request with a SAML assertion.

To add security to the service part of the example, follow these steps.

  1. If you haven’t already completed these steps, complete them now:

    1. Update the GlassFish keystore and truststore files as described in To Update GlassFish Certificates.

    2. Create a user on GlassFish as described in Adding Users to GlassFish.

  2. Create the CalculatorApplication example by following the steps described in the following sections of Chapter 3, WSIT Example Using a Web Container and NetBeans IDE:

    1. Creating a Web Service

    2. Skip the section on adding Reliable Messaging.

    3. Deploying and Testing a Web Service (first two steps only, do not run the project yet)

  3. Expand CalculatorApplication->Web Services, right-click the node for the web service, CalculatorWS, and select Edit Web Service Attributes.

  4. Deselect the Reliable Messaging option if it is selected.

  5. Select Secure Service.

  6. From the drop-down list for Security Mechanism, select SAML Authorization over SSL.

  7. Click the Keystore button to provide your keystore with the alias identifying the service certificate and private key. To do this, click the Load Aliases button and select xws-security-server, then click OK to close the dialog.

  8. For this example, the Truststore information that you need is specified by default, so there is no need to change these settings.

  9. Click OK to exit the WSIT Configuration editor.

    A new file is added to the project. To view the WSIT configuration file, expand Web Pages->WEB-INF, then double-click the file wsit-org.me.calculator.CalculatorWS.xml. This file contains the sc:KeyStore and sc:Truststore elements.

  10. To require the service to use SSL, you have to specify the security requirements in the service’s application deployment descriptor, which is web.xml for a web service implemented as a servlet. To specify the security information, follow these steps:

    1. From your web service application expand Web Pages->WEB-INF.

    2. Double-click web.xml to open it in the editor.

    3. Select the Security tab.

    4. On the Security Constraints line, click Add Security Constraint.

    5. Under Web Resource Collection, click Add.

    6. Type a Name for the Resource, CalcWebResource. Type the URL Pattern to be protected, /*. Select which HTTP Methods to protect, for example, POST. Click OK to close this dialog.

    7. Check the Enable User Data Constraint box. Select CONFIDENTIAL as the Transport Guarantee to specify that the application uses SSL.

    8. Click the XML tab to view the resulting deployment descriptor additions.

  11. Right-click the CalculatorApplication node and select Run Project. Accept the s1as certificate if you are prompted to. A browser will open and display the WSDL file for the application.

  12. Verify that the WSDL file contains the TransportBinding and SignedSupportingTokens element, which in turn contains a SamlToken element.

  13. Follow the steps to secure the client application as described in To Secure the Example Web Service Client Application (SA).