Skip to main content

skip to main content

developerWorks  >  WebSphere | SOA and Web services | Rational  >

Message-level security with JAX-WS on WebSphere Application Server v7

Using Rational Application Developer 7.5.2 to build secure JAX-WS Web services

developerWorks
Go to the previous pagePage 7 of 12 Go to the next page

Document options
PDF format - Fits A4 and Letter

PDF - Fits A4 and Letter
2742 KB (58 pages)

Get Adobe® Reader®

Sample code


My developerWorks needs you!

Connect to your technical community


Rate this tutorial

Help us improve this content


Section 7. Testing secure JAX-WS

In section 3 of this tutorial, you tested the service provider and consumer and viewed the SOAP messages as they traveled between the client and server. In section 3, you had not yet enabled message-level security through the attachment of policy sets, and thus the SOAP messages were sent in clear text (i.e. not encrypted) as shown in Figure 17. As one of the goals with message- level security is to ensure confidentiality (i.e. only the intended recipient can see the data inside the SOAP message), you now need to rerun the test and verify that the SOAP messages contain encrypted data that isn’t visible to anyone except the intended recipient (not even the TCP/IP Monitor that is acting as an intermediary).

  1. Ensure the TCP/IP Monitor is started as shown in Figure 15, then right-click the ClientTest.java file of the HelloWorldConsumer project and choose Run As > Run Configurations. This should present a Run Configurations dialog box as shown in Figure 46.

    Figure 46. Setting ClientTest arguments (see enlarged Figure 46)
    Screen shot of Run Configuration window

  2. Since the consumer needs to use a Java Authentication and Authorization Service (JAAS) to pass in the Username credentials, you need to specify the following VM argument: 
    -Djava.security.auth.login.config=
”C:\Program Files\IBM\SDP\runtimes\base_v7
\profiles\was70profile1\properties\wsjaas_client.conf”

  3. Next click the Run button and view the results in the TCP/IP Monitor view, which looks something like Figure 47.

    Figure 47. Viewing the SOAP messages with XML encryption (see enlarged Figure 47)
    Screen shot SOAP messages

    Notice that the Console shows the output from the consumer after unencrypting the message. If you view the WebSphere Application Server console log, you see a similar message, which demonstrates that the service provider received the message.



Back to top



Go to the previous pagePage 7 of 12 Go to the next page