Message-level security with JAX-WS on WebSphere Application Server v7

Page 1 of 12  Document options PDF - Fits A4 and Letter 2742 KB (58 pages) Get Adobe® Reader® Sample code My developerWorks needs you! Connect to your technical community Rate this tutorial Help us improve this content

Level: Intermediate

Hyen-Vui (Henry) Chung (hychung@us.ibm.com), Web Services Architect, IBM
William Griffith (wgriffith@us.ibm.com), SOA Architect, IBM

13 May 2009

This tutorial demonstrates how to build a JAX-WS client and server Web service that runs on WebSphere® Application Server v7. Additionally, it teaches you how to configure message-level security for the SOAP message by configuring policy sets through Rational® Application Developer v7.5.2.

Section 1. Before you begin

Objectives

The objective of this tutorial is to teach you how to configure Web service message-level security of Java API for XML Web Services 2.1 (JAX-WS) running on WebSphere Application Server 7 using the Rational Application Developer 7.5.2 integrated development environment (IDE). To achieve that objective, we will teach you the following tasks:

• How to create a JAX-WS service provider using annotations.
• How to create a standalone JAX-WS client.
• How to monitor the SOAP messages using the TCP/IP Monitor.
• How to customize a WS-Security policy set in the WebSphere Application Server Administration Console.
• How to customize a policy set binding in the Administration Console.
• How to export policy sets and bindings from the Administration Console.
• How to generate X509 asymmetric keys and use them with your customized policy set bindings.
• How to import policy sets and bindings into the Rational Application Developer IDE.
• How to attach policy sets to Web service clients and servers using the Rational Application Developer IDE.
• How to customize a client-side policy set binding using the Rational Application Developer IDE.
• How to use the UsernameToken (UNT) profile to add credentials to the SOAP header.
• How to use the UNT to authenticate against the WebSphere Application Server user repository.

Back to top

About the example code

Our objective with this tutorial is to demonstrate message-level security, so we use a simple “HelloWorld” example so that you are not distracted from that main objective.

Back to top

Prerequisites

While the tutorial is written in a very meticulous, step-by-step fashion to ensure that you can follow along, we assume that you are a Java programmer that is conceptually aware of Web services. We have written the article in a fashion that allows you to follow along visually without downloading any code or missing any magical steps hidden in prebuilt files. If you want to follow along programmatically by working through the example code that is provided, you will need a copy of Rational Application Developer for WebSphere Software V7.5.2. Additionally, you will need to install the WebSphere Application Server V7.0 test environment that comes packaged with Rational Application Developer 7.5.2.

Since there is a great deal of literature on JAX-WS and Web services in general, we will not cover that ground in order to reduce the size of this tutorial. However, we do recommend the following literature to learn about Web services and using JAX-WS:

• Web services hints and tips: JAX-RPC versus JAX-WS series
• JAX-WS client APIs in the Web Services Feature Pack for WebSphere Application Server V6.1 series

Back to top

	Page 1 of 12