test

The WSIT Tutorial

ProcedureTo Secure the Example Service Application (UA)

The following example application starts with the example provided in Chapter 3, WSIT Example Using a Web Container and NetBeans IDE and demonstrates adding security to both the web service and to the web service client.

For this example, the security mechanism of Username Authentication with Symmetric Keys is used to secure the application. To add security to the service part of the example, follow these steps.

  1. If you haven’t already completed these steps, complete them now:

    1. Update the GlassFish keystore and truststore files as described in To Update GlassFish Certificates.

    2. Create a user on GlassFish as described in Adding Users to GlassFish.

  2. Create the CalculatorApplication example by following the steps described in the following sections of Chapter 3, WSIT Example Using a Web Container and NetBeans IDE.

    1. Creating a Web Service

    2. Skip the section on adding Reliable Messaging.

    3. Deploying and Testing a Web Service (first two steps only, do not run the project yet)

  3. Expand CalculatorApplication->Web Services, then right-click the node for the web service (CalculatorWS) and select Edit Web Service Attributes.

  4. Deselect Reliable Messaging if it is selected.

  5. In the CalculatorWSPortBinding section, select Secure Service.

  6. From the drop-down list for Security Mechanism, select Username Authentication with Symmetric Keys.

  7. Click the Keystore button to provide your keystore with the alias identifying the service certificate. To do this, click the Load Aliases button and select xws-security-server, then click OK to close the dialog.

  8. Click OK to close the WSIT Configuration dialog.

    A new file is added to the project. To view the WSIT configuration file, expand Web Pages->WEB-INF, then double-click the file wsit-org.me.calculator.CalculatorWS.xml. This file contains the sc:KeyStore element.

    An example of this file can be viewed in the tutorial by clicking this link: Service-Side WSIT Configuration Files.

  9. Right-click the CalculatorApplication node and select Run Project. A browser will open and display the WSDL file for the application.

  10. Verify that the WSDL file contains the following elements: SymmetricBinding and UsernameToken.

  11. Follow the steps to secure the client application as described in To Secure the Example Web Service Client Application (UA).