The first time you sign into developerWorks, a profile is created for you. Select information in your profile (name, country/region, and company) is displayed to the public and will accompany any content you post. You may update your IBM account at any time.

All information submitted is secure.

The first time you sign in to developerWorks, a profile is created for you, so you need to choose a display name. Your display name accompanies the content you post on developerworks.

Please choose a display name between 3-31 characters. Your display name must be unique in the developerWorks community and should not be your email address for privacy reasons.

All information submitted is secure.

My developerWorks:

My notifications:

Sign out

Select a language:

Message-level security with JAX-WS on WebSphere Application Server V7, Part 1: Using Rational Application Developer V7.5.2 to build secure JAX-WS Web services

Hyen-Vui (Henry) Chung, Senior Web Services Architect, IBM

Henry Chung is an architect on the WebSphere Web Services development team. Prior to this role, Henry was the architect and lead developer of Web services security on the WebSphere platform. Henry has been in middleware development for over eight years and has developed many security features for the WebSphere platform. His current focus is leading the development of the latest WebSphere Web services specifications. He also helps customers and other IBM teams apply Web services solutions. His primary goal is to deliver WebSphere Web services technology to meet real-world needs.

William Griffith, SOA Architect, IBM

Bill Griffith is an SOA Architect at IBM. Bill has developed dozens of J2EE applications for clients. His current focus is architecting Service-Oriented Architecture solutions using IBM middleware.
(An IBM developerWorks Contributing Author)

Summary: This tutorial demonstrates how to build a JAX-WS client and server Web service that runs on WebSphere® Application Server V7. Additionally, it teaches you how to configure message-level security for the SOAP message by configuring policy sets through Rational® Application Developer V7.5.2.

View more content in this series

Date: 13 May 2009
Level: Intermediate
PDF: A4 and Letter (3245 KB | 51 pages)Get Adobe® Reader®

Activity: 90771 views
Comments:

Section 1. Before you begin

Objectives

The objective of this tutorial is to teach you how to configure Web service message-level security of Java API for XML Web Services 2.1 (JAX-WS) running on WebSphere Application Server 7 using the Rational Application Developer 7.5.2 integrated development environment (IDE). To achieve that objective, we will teach you the following tasks:

How to create a JAX-WS service provider using annotations.
How to create a standalone JAX-WS client.
How to monitor the SOAP messages using the TCP/IP Monitor.
How to customize a WS-Security policy set in the WebSphere Application Server Administration Console.
How to customize a policy set binding in the Administration Console.
How to export policy sets and bindings from the Administration Console.
How to generate X509 asymmetric keys and use them with your customized policy set bindings.
How to import policy sets and bindings into the Rational Application Developer IDE.
How to attach policy sets to Web service clients and servers using the Rational Application Developer IDE.
How to customize a client-side policy set binding using the Rational Application Developer IDE.
How to use the UsernameToken (UNT) profile to add credentials to the SOAP header.
How to use the UNT to authenticate against the WebSphere Application Server user repository.

About the example code

Our objective with this tutorial is to demonstrate message-level security, so we use a simple “HelloWorld” example so that you are not distracted from that main objective.

Prerequisites

While the tutorial is written in a very meticulous, step-by-step fashion to ensure that you can follow along, we assume that you are a Java programmer that is conceptually aware of Web services. We have written the article in a fashion that allows you to follow along visually without downloading any code or missing any magical steps hidden in prebuilt files. If you want to follow along programmatically by working through the example code that is provided, you will need a copy of Rational Application Developer for WebSphere Software V7.5.2. Additionally, you will need to install the WebSphere Application Server V7.0 test environment that comes packaged with Rational Application Developer 7.5.2.

Since there is a great deal of literature on JAX-WS and Web services in general, we will not cover that ground in order to reduce the size of this tutorial. However, we do recommend the following literature to learn about Web services and using JAX-WS:

Comments

static.content.url=http://www.ibm.com/developerworks/js/artrating/

SITE_ID=1

Zone=WebSphere, SOA and web services, Rational

ArticleID=388669

TutorialTitle=Message-level security with JAX-WS on WebSphere Application Server V7, Part 1: Using Rational Application Developer V7.5.2 to build secure JAX-WS Web services

publish-date=05132009

author1-email=hychung@us.ibm.com

author1-email-cc=

author2-email=wgriffith@us.ibm.com

author2-email-cc=