The WSIT Tutorial

ProcedureTo Create and Secure the STS (STS)

To create and secure a Security Token Service for this example, follow these steps.

  1. Create a new project for the STS by selecting File->New Project.

  2. Select Web, then Web Application, then Next.

  3. Type MySTSProject for the Project Name, then click Finish.

  4. Right-click the MySTSProject node, select New, then click File/Folder at the top.

  5. Select Web Services from the Categories list.

  6. Select Secure Token Service (STS) from the File Type(s) list, then click Next.

  7. Type the name MySTS for the Web Service Class Name.

  8. Select from the Package list, then click Finish.

    The IDE takes a while to create the STS. When created, it appears under the project’s Web Services node as MySTSService, and appears in the right pane.

  9. The STS wizard creates an empty implementation of the provider class. Implement the provider implementation class by copying the following code into the file.

    1. Add these import statements to the list of imports:

          import javax.annotation.Resource;
          import javax.xml.transform.Source;
    2. Add the following Resource annotation after the line public class MySTS implements<Source> {:

          @Resource protected WebServiceContext context;
    3. Change the following line of code:

          public class MySTS implements


          public class MySTS extends BaseSTSImpl implements
    4. For the invoke method, replace the return null line with the following return statement:

          return super.invoke(source);
    5. Add the following method after the invoke method:

          protected MessageContext getMessageContext() {
               MessageContext msgCtx = context.getMessageContext();
               return msgCtx;
  10. Back in the Projects window, expand the MySTSProject node, then expand the Web Services node. Right-click the MySTSService[IMySTSService_Port] node and select Edit Web Service Attributes to configure the STS.

  11. Select Secure Service if it’s not already selected.

  12. Verify that the Security Mechanism of Username Authentication with Symmetric Keys is selected.

  13. Select the Configure button. For Algorithm Suite, verify that Basic128 bit is selected (so that it matches the value selected for the service.) For the Key Size, verify that 128 is selected. Select OK to close the configuration dialog.

  14. Select Act as Secure Token Service (STS), then click OK to close the Select STS Service Provider dialog.

  15. Click the Keystore button to provide your keystore with the alias identifying the service certificate and private key. To do this, click the Load Aliases button, select wssip, then click OK to close the dialog.

  16. Click OK to close the WSIT Configuration dialog.

    A new file is added to the project. To view the WSIT configuration file, expand Web Pages->WEB-INF->wsdl->MySTS, then double-click the file MySTSService.wsdl. This file contains the sc:KeyStore element.

  17. Right-click the MySTSProject tab, select Properties. Select the Run category, and type the following in the Relative URL field: /MySTSService?wsdl.

  18. Run the Project (right-click the project and select Run Project).

    The STS WSDL appears in the browser.

Next Steps

Follow the steps to secure the client application as described in To Secure the Example Web Service Client Application (STS).