XML and Web Services Security
Sample Applications

Implementation Version:  2.0 EA2

Building and Running the Sample Applications With ASant

You can build and run the XML and Web Services Security sample applications using the supplied asant and/or ant build files. This document assumes the user is deploying the sample applications to the Sun Java Systems Application Server, and thus asant is used for demonstration purposes. If you are deploying to a different application server, use the ant tool instead. To build, package, deploy, and run the sample applications, follow the correct steps for your platform:

For Solaris/Linux, follow these steps. On some shells, you would use setenv in place of export. When using setenv, replace the = with a space.

  1. Set the following variables as appropriate for your system:
    1. % export JAVA_HOME=<your J2SE installation directory>
    2. % export JWSDP_HOME=<your JWSDP 2.0 installation directory>
    3. % export SJSAS_HOME=<your Application Server installation directory> (or use SJSWS_HOME or TOMCAT_HOME) as applicable)
    4. % export ANT_HOME=$SJSAS_HOME (or the location of your Ant installation)
    5. % export PATH=$JWSDP_HOME/jwsdp-shared/bin;$SJSAS_HOME/bin:$PATH
  2. Edit the sample build.properties file, following these instructions:
    1. % cd $JWSDP_HOME/xws-security/samples
    2. % cp build.properties.sample build.properties
    3. Edit build.properties as shown in Editing the build.properties file.
  3. Follow the instructions provided in %JWSDP_HOME%/xws-security/samples/<sample-name>/README.txt for setting up and running the sample on each of the supported containers.

For Windows NT/2000/XP:

  1. Set the following variables as appropriate for your system:
    1. > set JAVA_HOME=<your J2SE installation directory>
    2. > set JWSDP_HOME=<your JWSDP 2.0 installation directory>
    3. > set SJSAS_HOME=<your Application Server installation directory> (or use SJSWS_HOME or TOMCAT_HOME) as applicable)
    4. > set ANT_HOME=%SJSAS_HOME% (or the location of your Ant installation)
    5. > set PATH=%JWSDP_HOME%\jwsdp-shared\bin;%SJSAS_HOME%\bin;%PATH%
  2. Edit the sample build.properties file, following these instructions:
    1. > cd %JWSDP_HOME%\xws-security\samples
    2. > copy build.properties.sample build.properties
    3. Edit build.properties as shown in Editing the build.properties file.
  3. Follow the instructions provided in %JWSDP_HOME%\xws-security\samples\<sample-name>\README.txt for setting up and running the example on each of the supported  containers.

Editing the build.properties file

Copy the file %JWSDP_HOME%\xws-security\samples\build.properties.sample to build.properties. The following is a list of the configurable properties with a description of what needs to be modified in the build.properties file:

List of Sample Applications

samples/simple
This sample application lets you plug in different client and server-side configurations describing security settings. This sample has support for digital signatures, XML encryption/decryption, and username token verification. This example allows and demonstrates combinations of these basic security mechanisms through configuration files. See the application's README.txt file for more information on running this sample.
 
samples/jaas-sample
This sample demonstrates how to plugin a JAAS LoginModule for authentication. This sample allows and demonstrates the following functionality:
  • Obtaining a username and password from the user at runtime. Sending the username and password in a WSS UsernameToken to the server.
  • Configuring the server application to use JAAS authentication to authenticate the username-password it received.
  • Using the SubjectAccessor API from within the endpoint implementation methods to access the sender's subject after authentication.
 
samples/api-sample
This sample application shows how to use the XWS-Security 2.0 APIs in a stand alone mode. This sample uses the com.sun.xml.wss. XWSSProcessor interface. The Client.java file uses the XWSSProcessor APIs to secure a SOAP message.

This sample does not require a container and uses configuration files that have the simpler structure starting with <xwss:SecurityConfiguration> as the root element. Other XWS-Security samples, such as the simple sample, that are based on JAX-RPC use <xwss:JAXRPCSecurity> as the root element. See the application's README.txt file for more information on running this sample.

 
samples/swainterop
This sample application demonstrates the SwA interoperability scenarios. See the application's README.txt file for more information on running this sample.
 
samples/samlinterop
This sample application demonstrates support for OASIS WSS SAML Token Profile 1.0 in XWS-Security. See the application's README.txt file for more information on running this sample.
 
samples/dynamicpolicy
This sample application demonstrates how the request and response security policies can be set at runtime from the SecurityEnvironmentHandler callback.

See the application's README.txt file for more information on  this sample.

 
samples/dynamic-response
This sample application demonstrates using the certificate that arrived in a signed request to encrypt the response back to the requester. See the application's README.txt file for more information on running this sample.

samples/saajsecurity
 This sample application shows how to use the XWS-Security 2.0 APIs in a stand alone mode. This sample uses the 
 com.sun.xml.wss.XWSSProcessor API.  This sample is a client-server sample where the client is a pure SAAJ Application and the Server is a Servlet also making use SAAJ.  See the application's README.txt file for more information on running this sample.

samples/jaxws2.0/
 This directory contains a set of  7 samples named simple,  asynch,  dispatch,  fromwsdl-soap12,  mime,  simple-doclit, and provider. These samples demonstrate  how to secure JAXWS applications. See the application's README.txt file for more information on running this sample. The details of each sample are as follows
 1. simple : This sample shows how to secure a JAXWS (synchronous request-response) application. The WSDL for the application uses rpc-literal binding style.
 2. asynch : This sample shows how to secure a JAXWS application that uses the JAXWS Asynchronous invocation feature.
 3. dispatch: This sample shows how to secure a JAXWS application that uses the JAXWS Dispatch mechanism on the client side
 4. fromwsdl-soap12 : This sample is a variant of simple sample (1) where the SOAP Protocol in use is SOAP 1.2
 5. mime : This sample demonstrates how to secure a JAXWS application containing Attachments. The Attachments are also secured in this sample
 6. simple-doclit : This sample is a variant of simple sample (1) above but uses document-literal-wrapped  as the binding style.
 7. provider : This samples shows how to secure a JAXWS application where the Server Endpoint is modeled as a JAXWS Provider.