When a web service or a web service client are configured for WSIT features, this information is saved in WSIT Configuration files. The following sections discuss the WSIT configuration files for the service and for the client:
WSIT features are configured on a web service in the following way:
Right-click the web service in NetBeans IDE.
Select Edit Web Service Attributes.
Select and/or configure the appropriate WSIT features on the WSIT Configuration tab for the web service. Many of the WSIT features are discussed in Chapter 7, Using WSIT Security.
Select OK to close the dialog.
Run the web application by right-clicking the project node and selecting Run Project.
The service-side WSIT Configuration file that is used when the web service is deployed can be viewed by expanding the Web Pages->WEB-INF elements of the application in the tree, and then double-clicking the wsit-package.service.xml file to open it in the editor.
For the example application Example: Username Authentication with Symmetric Keys (UA), the WSIT configuration file for the service is named wsit-org.me.calculator.CalculatorWS.xml, and looks like this:
<?xml version="1.0" encoding="UTF-8"?> <definitions xmlns="http://schemas.xmlsoap.org/wsdl/" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" name="CalculatorWSService" targetNamespace="http://calculator.me.org/" xmlns:tns="http://calculator.me.org/" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsu= "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsaws="http://www.w3.org/2005/08/addressing" xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy" xmlns:sc="http://schemas.sun.com/2006/03/wss/server" xmlns:wspp="http://java.sun.com/xml/ns/wsit/policy" xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust" xmlns:wsrm="http://schemas.xmlsoap.org/ws/2005/02/rm/policy" > <message name="add"/> <message name="addResponse"/> <portType name="CalculatorWS"> <wsdl:operation name="add"> <wsdl:input message="tns:add"/> <wsdl:output message="tns:addResponse"/> </wsdl:operation> </portType> <binding name="CalculatorWSPortBinding" type="tns:CalculatorWS"> <wsp:PolicyReference URI="#CalculatorWSPortBindingPolicy"/> <wsdl:operation name="add"> <wsdl:input> <wsp:PolicyReference URI="#CalculatorWSPortBinding_add_Input_Policy"/> </wsdl:input> <wsdl:output> <wsp:PolicyReference URI="#CalculatorWSPortBinding_add_Output_Policy"/> </wsdl:output> </wsdl:operation> </binding> <service name="CalculatorWSService"> <wsdl:port name="CalculatorWSPort" binding="tns:CalculatorWSPortBinding"/> </service> <wsp:Policy wsu:Id="CalculatorWSPortBindingPolicy"> <wsp:ExactlyOne> <wsp:All> <wsaws:UsingAddressing xmlns:wsaws="http://www.w3.org/2006/05/addressing/wsdl"/> <sp:SymmetricBinding> <wsp:Policy> <sp:ProtectionToken> <wsp:Policy> <sp:X509Token sp:IncludeToken= "http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never"> <wsp:Policy> <sp:WssX509V3Token10/> </wsp:Policy> </sp:X509Token> </wsp:Policy> </sp:ProtectionToken> <sp:Layout> <wsp:Policy> <sp:Strict/> </wsp:Policy> </sp:Layout> <sp:IncludeTimestamp/> <sp:OnlySignEntireHeadersAndBody/> <sp:AlgorithmSuite> <wsp:Policy> <sp:Basic128/> </wsp:Policy> </sp:AlgorithmSuite> </wsp:Policy> </sp:SymmetricBinding> <sp:Wss11> <wsp:Policy> <sp:MustSupportRefKeyIdentifier/> <sp:MustSupportRefIssuerSerial/> <sp:MustSupportRefThumbprint/> <sp:MustSupportRefEncryptedKey/> </wsp:Policy> </sp:Wss11> <sp:SignedSupportingTokens> <wsp:Policy> <sp:UsernameToken sp:IncludeToken= "http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"> <wsp:Policy> <sp:WssUsernameToken10/> </wsp:Policy> </sp:UsernameToken> </wsp:Policy> </sp:SignedSupportingTokens> <sc:KeyStore wspp:visibility="private" alias="xws-security-server" storepass="changeit" type="JKS" location="C:\Sun\glassfish\domains\domain1\config\keystore.jks"/> </wsp:All> </wsp:ExactlyOne> </wsp:Policy> <wsp:Policy wsu:Id="CalculatorWSPortBinding_add_Input_Policy"> <wsp:ExactlyOne> <wsp:All> <sp:EncryptedParts> <sp:Body/> </sp:EncryptedParts> <sp:SignedParts> <sp:Body/> <sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"/> <sp:Header Name="From" Namespace="http://www.w3.org/2005/08/addressing"/> <sp:Header Name="FaultTo" Namespace="http://www.w3.org/2005/08/addressing"/> <sp:Header Name="ReplyTo" Namespace="http://www.w3.org/2005/08/addressing"/> <sp:Header Name="MessageID" Namespace="http://www.w3.org/2005/08/addressing"/> <sp:Header Name="RelatesTo" Namespace="http://www.w3.org/2005/08/addressing"/> <sp:Header Name="Action" Namespace="http://www.w3.org/2005/08/addressing"/> <sp:Header Name="AckRequested" Namespace="http://schemas.xmlsoap.org/ws/2005/02/rm"/> <sp:Header Name="SequenceAcknowledgement" Namespace="http://schemas.xmlsoap.org/ws/2005/02/rm"/> <sp:Header Name="Sequence" Namespace="http://schemas.xmlsoap.org/ws/2005/02/rm"/> </sp:SignedParts> </wsp:All> </wsp:ExactlyOne> </wsp:Policy> <wsp:Policy wsu:Id="CalculatorWSPortBinding_add_Output_Policy"> <wsp:ExactlyOne> <wsp:All> <sp:EncryptedParts> <sp:Body/> </sp:EncryptedParts> <sp:SignedParts> <sp:Body/> <sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"/> <sp:Header Name="From" Namespace="http://www.w3.org/2005/08/addressing"/> <sp:Header Name="FaultTo" Namespace="http://www.w3.org/2005/08/addressing"/> <sp:Header Name="ReplyTo" Namespace="http://www.w3.org/2005/08/addressing"/> <sp:Header Name="MessageID" Namespace="http://www.w3.org/2005/08/addressing"/> <sp:Header Name="RelatesTo" Namespace="http://www.w3.org/2005/08/addressing"/> <sp:Header Name="Action" Namespace="http://www.w3.org/2005/08/addressing"/> <sp:Header Name="AckRequested" Namespace="http://schemas.xmlsoap.org/ws/2005/02/rm"/> <sp:Header Name="SequenceAcknowledgement" Namespace="http://schemas.xmlsoap.org/ws/2005/02/rm"/> <sp:Header Name="Sequence" Namespace="http://schemas.xmlsoap.org/ws/2005/02/rm"/> </sp:SignedParts> </wsp:All> </wsp:ExactlyOne > </wsp:Policy> </definitions>
WSIT features are configured on the client in the following way:
Expand the Web Service Reference node for the web service client in NetBeans IDE.
Select Edit Web Service Attributes.
Select and/or configure the appropriate WSIT features on the WSIT Configuration tab for the web service client. Many of the WSIT features are discussed in Chapter 7, Using WSIT Security.
Select OK to close the dialog.
Run the web service client by right-clicking the project node and selecting Run Project.
The WSIT Configuration information can be viewed by expanding Source Packages->META-INF in NetBeans IDE for the client project. This directory contains two files: serviceService.xml and wsit-client.xml.
The serviceService.xml file is an XML file that must conform to the WSDL specification. The WSIT configuration is written to this file. For the example application Example: Username Authentication with Symmetric Keys (UA), the WSIT configuration file for the client is named CalculatorWSService.xml, and looks like this:
<?xml version="1.0" encoding="UTF-8"?> <!-- Published by JAX-WS RI at http://jax-ws.dev.java.net. RI’s version is JAX-WS RI 2.1.2-hudson-132-M1. --> <!-- Generated by JAX-WS RI at http://jax-ws.dev.java.net. RI’s version is JAX-WS RI 2.1.2-hudson-132-M1. --> <definitions xmlns:wsu= "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:tns="http://calculator.me.org/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://schemas.xmlsoap.org/wsdl/" targetNamespace="http://calculator.me.org/" name="CalculatorWSService" xmlns:tc="http://schemas.sun.com/ws/2006/05/trust/client" xmlns:wspp="http://java.sun.com/xml/ns/wsit/policy" xmlns:sc="http://schemas.sun.com/2006/03/wss/client"> <types> <xsd:schema> <xsd:import namespace="http://calculator.me.org/" schemaLocation= "http://localhost:8080/CalculatorApplication/CalculatorWSService?xsd=1"> </xsd:import> </xsd:schema> </types> <message name="add"> <part name="parameters" element="tns:add"></part> </message> <message name="addResponse"> <part name="parameters" element="tns:addResponse"></part> </message> <portType name="CalculatorWS"> <operation name="add"> <input message="tns:add"></input> <output message="tns:addResponse"></output> </operation> </portType> <binding name="CalculatorWSPortBinding" type="tns:CalculatorWS"> <wsp:PolicyReference URI="#CalculatorWSPortBindingPolicy"/> <soap:binding transport="http://schemas.xmlsoap.org/soap/http" style="document"> </soap:binding> <operation name="add"> <soap:operation soapAction=""></soap:operation> <input> <soap:body use="literal"></soap:body> </input> <output> <soap:body use="literal"></soap:body> </output> </operation> </binding> <service name="CalculatorWSService"> <port name="CalculatorWSPort" binding="tns:CalculatorWSPortBinding"> <soap:address location="http://localhost:8080/CalculatorApplication/CalculatorWSService"> </soap:address> </port> </service> <wsp:Policy wsu:Id="CalculatorWSPortBindingPolicy"> <wsp:ExactlyOne> <wsp:All> <tc:PreconfiguredSTS wspp:visibility="private"/> <sc:CallbackHandlerConfiguration wspp:visibility="private"> <sc:CallbackHandler default="wsitUser" name="usernameHandler"/> <sc:CallbackHandler default="changeit" name="passwordHandler"/> </sc:CallbackHandlerConfiguration> <sc:KeyStore wspp:visibility="private" storepass="changeit" type="JKS" location="C:\Sun\glassfish\domains\domain1\config\keystore.jks"/> <sc:TrustStore wspp:visibility="private" storepass="changeit" type="JKS" location="C:\Sun\glassfish\domains\domain1\config\cacerts.jks" peeralias="xws-security-server"/> </wsp:All> </wsp:ExactlyOne> </wsp:Policy> </definitions>
The wsit-client.xml file imports the serviceService.xml file. For the example shown about, the wsit-client.xml file looks like this:
<?xml version="1.0" encoding="UTF-8"?> <definitions xmlns="http://schemas.xmlsoap.org/wsdl/" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" name="mainclientconfig"> <import location="CalculatorWSService.xml" namespace="http://calculator.me.org/"/> </definitions>