Configuring Message Security Using XWSS
248
S
ECURING
W
EB
S
ERVICES
claim is the identity of the sender, identified by a user name and pass-
word.
· Support for SAML Tokens and the WSS SAML Token Profile (partial).
· Support for securing attachments based on the WSS SwA Profile Draft.
· Partial support for sending and receiving WS-I Basic Security Profile
(BSP) 1.0 compliant messages.
· Sample programs that demonstrate using the framework.
· Command-line tools that provide specialized utilities for keystore manage-
ment, including
pkcs12import
and
keyexport
.
XWSS supports deployment onto any of the following containers:
· Sun Java System Application Server
· Sun Java System Web Server
· Apache Tomcat servlet container
Samples for using XWS-Security are included with Java WSDP in the directory
<JWSDP_HOME>/xws-security/samples/
or can be viewed online at
.
Configuring Message Security Using XWSS
The Application Server contains all of the JAR files necessary to use XWS-Secu-
rity for securing JAX-WS applications, however, in order to view the sample
applications, you must download and install the standalone Java WSDP bundle.
You can download the Java WSDP from
To add message security to an existing JAX-WS application using XWSS, fol-
low these steps on the client side:
1. Create a client security configuration. The client security configuration file
specifies the order and type of message security operations that will be
used for the client application. For example, a simple security configura-
tion to perform a digital signature operation looks like this:
<?xml version="1.0" encoding="UTF-8"?><xwss:JAXRPCSecurity
xmlns:xwss="http://java.sun.com/xml/ns/xwss/config">
<xwss:Service conformance= "bsp">
<xwss:SecurityConfiguration dumpMessages="true" >
<xwss:Sign id="s" includeTimestamp="true">
