Building a secure SOAP client for J2ME, Part 1: Exploring Web Services APIs (WSA) for J2ME

Before you start

About this tutorial series

This series demonstrates how to incorporate security in Java™ 2, Micro edition (J2ME)-based wireless access to Web services. We use the following components and technologies together in a J2ME MIDlet:

1. Web Services APIs (WSA) for J2ME
2. Cryptography
3. XML Digital Signature
4. Java Card

First you'll see several application scenarios where you will need to incorporate security in wireless access for your Web services.

WSA uses the idea of stub classes, so other technology components such as cryptography, XML signatures and Java Card technology have to fit into WSA stub classes. Therefore, we will explore how WSA stub classes work and demonstrate how other technology components cooperate with WSA.

This tutorial series also demonstrates various testing and debugging arrangements that you can use to integrate different technology components. The series concludes by putting together all the concepts into a "stub enhancer tool". This tool will enhance functionality of WSA stub classes by incorporating security features.

Back to top

About this tutorial

This first part of the series introduces the concept of integrating various Internet technologies to build secure client-side Web service applications in J2ME.

We provide sample application scenarios and a comprehensive architectural discussion on how different technology components work together to build a secure Web service client.

We also present a graphical image of different modules in the security architecture, and identify the role of each module.

The architectural discussion follows an analysis of WSA stub classes. This is incremental; we first explore stub classes for a simple Web service and move to more comprehensive Web services.

This tutorial concludes by introducing the interface of a secure Web service. In forthcoming parts of this series we implement security features.

Back to top

Prerequisites

As this tutorial is all about integrating various technology components, it's important for you to have a basic understanding of the components. Specifically, it is assumed readers have the following background:

1. You should be a Java programmer and also have a basic understanding of J2ME MIDlets.
2. WSA uses Web Services Definition Language (WSDL) and Simple Object Access Protocol (SOAP). Therefore, you need to know how WSDL interfaces are mapped to SOAP method invocation calls.
3. You also need to know the basics of W3C's XML Schema, especially the use of xsd:element and xsd:complexType.

Moreover, some background on XML signatures will be useful.

IBM developerWorks has many excellent articles and tutorials about these topics. The Resources section lists some for ready reference.

Back to top

Should I take this tutorial?

This tutorial will guide you in planning to securely enable wireless access to your Web services.

This tutorial also contains value for you if you wish to implement security in non-wireless access to your Web services.

Back to top

Tutorial topics

Part 1 is organized in the following seven sections:

1. Tutorial introduction
2. Sample application scenarios that require wireless access to Web services. This section also introduces WSA architecture and stub classes
3. Explanation of why you need to secure wireless access to your Web services. This section also includes a demonstration of how different technology components work together to provide security
4. Detailed analysis of a simple client-side WSA application
5. More analysis of a simple client-side WSA application
6. Discussion of a more comprehensive WSA application. This discussion provides all details about the working of WSA stub and other classes, which you need to know in order to start incorporating security into WSA
7. Wrap-up

Back to top

Code samples and installation requirements

We used J2ME Wireless Toolkit version 2.2, to generate and try the code for Part 1.

Later sections of this tutorial will also need the following software tools, which are all free downloads (see Resources).

1. Sun Java Wireless Toolkit version 2.3 Beta. We use version 2.2 in Part 1, primarily because version 2.3 is in beta at the time of writing Part 1. But we will try the code presented in later parts of the tutorial on both versions 2.2 and 2.3.
2. XML Security Suite for Java (XSS4J) from IBM alphaWorks.
3. Java Card Development Kit from the Sun Web site.

1 of 10 | Next

Comments

Back to top

Table of contents

• Before you start
• Wireless access to Web services
• Securing wireless access to Web services
• Exploring stub classes
• Configuring and using WSA
• Extending and securing the email service
• Summary
• Download
• Resources
• About the author

---

1 of 10 | Next

Next steps from IBM

WebSphere Application Server can leverage its built in Web Services support to expose services to remote consumers in an industry-standard way.

---

• Try: The no-charge WebSphere Application Server Community Edition is a pre-integrated, lightweight Java 5 application server built on Apache Tomcat and includes built in Web Services support.
• Article: Learn how to use of the JAX-WS programming model to create dispatch and dynamic proxy clients and how to create an asynchronous Web service client.
• Tutorial: This tutorial takes you through the steps to deploy Data Web Services to the WebSphere Application Server Community Edition.
• Demo: This demo shows how to extract and install the IBM Java Platform, Java EE 5 SDK with WebSphere Application Server.
• Buy: WebSphere Application Server - Express

Dig deeper into SOA and Web services on developerWorks

IBM SmartCloud trial. No charge.

Unleash the power of hybrid cloud computing today!

---

Public and private solutions in one trial.

Special offers