Dynamic Response Sample Application

The dynamic-response sample application demonstrates using the certificate that arrived in a signed request to encrypt the response back to the requester using the XWS-Security APIs. To accomplish this task,

The application prints out both the client and server request and response SOAP messages. The output from the server may be viewed in the appropriate container's log file. The output from the client is sent to stdout or to whichever stream is used by the configured log handler. Messages are logged at the INFO level.

In this example, server-side code is found in the /dynamic-response/server/src/sample/ directory. Client-side code is found in the /dynamic-response/client/src/sample/ directory. The asant (or ant) targets build objects under the /build/server/ and /build/client/ directories.

Security Configuration Files for Enabling Dynamic Response

For this sample application, the security configuration files are fairly simple. The security configuration files are used to sign the request and encrypt the response, but the work of using the requester certificate to encrypt the response back to the requester is accomplished using the SecurityEnvironmentHandler, which is discussed in Using the CallbackHandler to Enable Dynamic Response.

The client security configuration file for this example, sign-client.xml, looks like this:

<xwss:JAXRPCSecurity xmlns:xwss="http://java.sun.com/xml/ns/
xwss/config">

    <xwss:Service>
        <xwss:SecurityConfiguration dumpMessages="true">
            <!--
              Note that in the <Sign> operation, a Timestamp is 
exported
              in the security header and signed by default.
            -->
            <xwss:Sign>
                <xwss:X509Token certificateAlias="xws-security-
client"/>
            </xwss:Sign>
            <xwss:RequireEncryption/>
        </xwss:SecurityConfiguration>
   </xwss:Service>

    <xwss:SecurityEnvironmentHandler>
        sample.SecurityEnvironmentHandler
    </xwss:SecurityEnvironmentHandler>

</xwss:JAXRPCSecurity> 

The server security configuration file for this example, encrypt-server.xml, looks like this:

<xwss:JAXRPCSecurity xmlns:xwss="http://java.sun.com/xml/ns/
xwss/config">

    <xwss:Service>
        <xwss:SecurityConfiguration dumpMessages="true">
            <xwss:RequireSignature/>
            <xwss:Encrypt/>
        </xwss:SecurityConfiguration>
    </xwss:Service>

    <xwss:SecurityEnvironmentHandler>
        sample.SecurityEnvironmentHandler
    </xwss:SecurityEnvironmentHandler>

</xwss:JAXRPCSecurity> 

Using the CallbackHandler to Enable Dynamic Response

In this sample application, the security configuration files sign the request and encrypt the response, however the work of using the requester certificate to encrypt the response back to the requester is done in the SecurityEnvironmentHandler. The full source code for the SecurityEnvironmentHandler is located in the directory dynamic-response/src/sample. This snippet from that file demonstrates how to use a CallbackHandler to generate the response dynamically:

if (cb.getRequest() instanceof 
EncryptionKeyCallback.AliasX509CertificateRequest) {
                    
EncryptionKeyCallback.AliasX509CertificateRequest request =
                    
(EncryptionKeyCallback.AliasX509CertificateRequest) 
cb.getRequest();
                    String alias = request.getAlias();
                    if ((alias == null) || "".equals(alias)) {
                        Subject currentSubject = 
SubjectAccessor.getRequesterSubject();
                        Set publicCredentials = 
currentSubject.getPublicCredentials();
                        for (Iterator it = 
publicCredentials.iterator(); it.hasNext();) {
                            Object cred = it.next();
                            if(cred instanceof 
java.security.cert.X509Certificate){
                                java.security.cert.X509Certificate  
cert =
                                      (java.security.cert.X509
Certificate)cred;                                
                              request.setX509Certificate(cert)
; 

Running the Dynamic Response Sample Application

To run the dynamic-response sample application, follow these steps:

  1. Complete the tasks defined in the following sections of this addendum:
  2. Start the selected container and make sure the server is running. To start the Application Server,
    1. From a Unix machine, enter the following command from a terminal window: asadmin start-domain domain1
    2. From a Windows machine, choose StartRight ArrowProgramsRight ArrowSun MicrosystemsRight ArrowJ2EE 1.4Right ArrowStart Default Server.
  3. Build and run the application from a terminal window or command prompt.
    • On the Application Server, the command to build and run the application is: asant run-sample
    • On the other containers, the command to build and run the application is: ant run-sample

Note: To run the sample against a remote server containing the deployed endpoint, use the run-remote-sample target in place of the run-sample target. In this situation, make sure that the endpoint.host, endpoint.port, http.proxyHost, http.proxyPort, and service.url properties are set correctly in the build.properties file (as discussed in Setting Build Properties) before running the sample.


If the application runs successfully, you will see a message similar to the following:

[echo] Running the client program....
[java] ==== Sending Message Start ====
...
[java] ==== Sending Message End ====
[java] ==== Received Message Start ====
...
[java] ==== Received Message End ==== 

You can view similar messages in the server logs:

<SJSAS_HOME>/domains/<domain-name>/logs/server.log 
<TOMCAT_HOME>/logs/launcher.server.log 
<SJSWS_HOME>/<Virtual-Server-Dir>/logs/errors