Before you start
This series demonstrates how to incorporate security in Java™ 2, Micro edition (J2ME)-based wireless access to Web services. We use the following components and technologies together in a J2ME MIDlet:
- Web Services APIs (WSA) for J2ME
- XML Digital Signature
- Java Card
First you'll see several application scenarios where you will need to incorporate security in wireless access for your Web services.
WSA uses the idea of stub classes, so other technology components such as cryptography, XML signatures and Java Card technology have to fit into WSA stub classes. Therefore, we will explore how WSA stub classes work and demonstrate how other technology components cooperate with WSA.
This tutorial series also demonstrates various testing and debugging arrangements that you can use to integrate different technology components. The series concludes by putting together all the concepts into a "stub enhancer tool". This tool will enhance functionality of WSA stub classes by incorporating security features.
This first part of the series introduces the concept of integrating various Internet technologies to build secure client-side Web service applications in J2ME.
We provide sample application scenarios and a comprehensive architectural discussion on how different technology components work together to build a secure Web service client.
We also present a graphical image of different modules in the security architecture, and identify the role of each module.
The architectural discussion follows an analysis of WSA stub classes. This is incremental; we first explore stub classes for a simple Web service and move to more comprehensive Web services.
This tutorial concludes by introducing the interface of a secure Web service. In forthcoming parts of this series we implement security features.
As this tutorial is all about integrating various technology components, it's important for you to have a basic understanding of the components. Specifically, it is assumed readers have the following background:
- You should be a Java programmer and also have a basic understanding of J2ME MIDlets.
- WSA uses Web Services Definition Language (WSDL) and Simple Object Access Protocol (SOAP). Therefore, you need to know how WSDL interfaces are mapped to SOAP method invocation calls.
- You also need to know the basics of W3C's XML Schema, especially the use of
Moreover, some background on XML signatures will be useful.
IBM developerWorks has many excellent articles and tutorials about these topics. The Resources section lists some for ready reference.
This tutorial will guide you in planning to securely enable wireless access to your Web services.
This tutorial also contains value for you if you wish to implement security in non-wireless access to your Web services.
Part 1 is organized in the following seven sections:
- Tutorial introduction
- Sample application scenarios that require wireless access to Web services. This section also introduces WSA architecture and stub classes
- Explanation of why you need to secure wireless access to your Web services. This section also includes a demonstration of how different technology components work together to provide security
- Detailed analysis of a simple client-side WSA application
- More analysis of a simple client-side WSA application
- Discussion of a more comprehensive WSA application. This discussion provides all details about the working of WSA stub and other classes, which you need to know in order to start incorporating security into WSA
We used J2ME Wireless Toolkit version 2.2, to generate and try the code for Part 1.
Later sections of this tutorial will also need the following software tools, which are all free downloads (see Resources).
- Sun Java Wireless Toolkit version 2.3 Beta. We use version 2.2 in Part 1, primarily because version 2.3 is in beta at the time of writing Part 1. But we will try the code presented in later parts of the tutorial on both versions 2.2 and 2.3.
- XML Security Suite for Java (XSS4J) from IBM alphaWorks.
- Java Card Development Kit from the Sun Web site.