Download
FAQ
History
PrevHomeNext API
Search
Feedback
Divider

Securing JAX-RPC Applications with XML and Web Services Security

This addendum discusses using XML and Web Services Security (XWS-Security) for message-level security. In message-level security, security information is contained within the SOAP message, which allows security information to travel along with the message. For example, a portion of the message may be signed by a sender and encrypted for a particular receiver. When the message is sent from the initial sender, it may pass through intermediate nodes before reaching its intended receiver. In this scenario, the encrypted portions continue to be opaque to any intermediate nodes and can only be decrypted by the intended receiver. For this reason, message-level security is also sometimes referred to as end-to-end security.

This release includes the following XWS-Security features:

The XWS-Security release contents are arranged in the structure shown in Table 3-1 within the Java WSDP release:

Table 3-1  XWS-Security directory structure
Directory Name
Contents
<JWSDP_HOME>/
xws-security/etc/
Keystore files used for the examples.
<JWSDP_HOME>/
xws-security/docs/
Release documentation for the XWS-Security framework.
<JWSDP_HOME>/
xws-security/lib/
JAR files containing the XWS-Security framework implementation and dependent libraries.
<JWSDP_HOME>/
xws-security/samples/
Example code. This release includes sample applications. For more information on the samples, read Understanding and Running the Simple Sample Application.
<JWSDP_HOME>/
xws-security/bin/
Command-line tools that provide specialized utilities for keystore management. For more information on these, read Useful XWS-Security Command-Line Tools.

This implementation of XWS-Security is based on the Oasis Web Services Security (WSS) specification, which can be viewed at the following URL:

http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0.pdf 

Some of the material in this chapter assumes that you understand basic security concepts. To learn more about these concepts, we recommend that you explore the following resources before you begin this chapter.

Divider
Download
FAQ
History
PrevHomeNext API
Search
Feedback
Divider

All of the material in The Java(TM) Web Services Tutorial is copyright-protected and may not be published in other works without express written permission from Sun Microsystems.