test

The WSIT Tutorial

Example: Mutual Certificates Security (MCS)

The section describes the following tasks:

ProcedureTo Secure the Example Service Application (MCS)

The following example application starts with the example provided in Chapter 3, WSIT Example Using a Web Container and NetBeans IDE and demonstrates adding security to both the web service and to the web service client.

For this example, the security mechanism of Mutual Certificates Security is used to secure the application. To add security to the service part of the example, follow these steps.

  1. If you haven’t already done so, update the GlassFish keystore and truststore files as described in To Update GlassFish Certificates.

  2. Create the CalculatorApplication example by following the steps described in the following sections of Chapter 3, WSIT Example Using a Web Container and NetBeans IDE.

    1. Creating a Web Service

    2. Skip the section on adding Reliable Messaging.

    3. Deploying and Testing a Web Service (first two steps only, do not run the project yet)

  3. Expand CalculatorApplication->Web Services, then right-click the node for the web service, CalculatorWS, and select Edit Web Service Attributes.

  4. Deselect Reliable Messaging if it is selected.

  5. Select Secure Service.

  6. From the drop-down list for Security Mechanism, select Mutual Certificates Security.

  7. Click the Keystore button, then click the Load Aliases button and select xws-security-server. Click OK to close the dialog.

  8. Click OK to close the WSIT Configuration dialog.

    A new file is added to the project. To view the WSIT configuration file, expand Web Pages->WEB-INF, then double-click the file wsit-org.me.calculator.CalculatorWS.xml. This file contains the sc:KeyStore element.

  9. Right-click the CalculatorApplication node and select Run Project.

    A browser will open and display the WSDL file for the application.

  10. Verify that the WSDL file contains the AsymmetricBinding element.

  11. Follow the steps to secure the client application as described in To Secure the Example Web Service Client Application (MCS).

ProcedureTo Secure the Example Web Service Client Application (MCS)

This section demonstrates adding security to the web service client that references the web service created in the previous section. This web service is secured using the security mechanism described in Mutual Certificates Security.

To add security to the client that references this web service, complete the following steps.

  1. Create the client application following the steps described in Creating a Client to Consume a WSIT-Enabled Web Service.

    Note –

    Whenever you make changes on the service, refresh the client so that the client will pick up the change. To refresh the client, right-click the node for the Web Service Reference for the client, and select Refresh Client.

  2. Expand the node for the web service client, CalculatorWSServletClient.

  3. Expand the node for Web Service References.

  4. Right-click CalculatorWSService and select Edit Web Service Attributes.

  5. Select the WSIT Configuration tab of the CalculatorWSService dialog.

  6. Provide the client’s private key by pointing to an alias in the keystore. To do this, expand the Certificates node, click the Load Aliases button for the keystore, then select xws-security-client from the Alias list.

  7. Provide the server’s certificate by pointing to an alias in the client truststore. To do this, from the Certificates node, click the Load Aliases button for the truststore and select xws-security-server from the Alias list. Click OK to close this dialog.

  8. In the tree, drill down from the project to Source Packages->META-INF. Double-click on CalculatorWSService.xml, and verify that lines similar to the following are present:

    <wsp:All>
  <wsaws:UsingAddressing xmlns:wsaws="http://www.w3.org/2006/05/addressing/wsdl"/>
  <sc:KeyStore wspp:visibility="private" 
    location="C:\Sun\glassfish\domains\domain1\config\keystore.jks"
    storepass="changeit" alias="xws-security-server" keypass="changeit"/>
  <sc:TrustStore wspp:visibility="private" 
    location="C:\Sun\glassfish\domains\domain1\config\cacerts.jks"
    storepass="changeit" peeralias="xws-security-server"/>
</wsp:All>

  9. Compile and run this application by right-clicking the CalculatorWSServletClient node and selecting Run Project.