Dynamic Response Sample Application
The
dynamic-response
sample application demonstrates using the certificate that arrived in a signed request to encrypt the response back to the requester using the XWS-Security APIs. To accomplish this task,The application prints out both the client and server request and response SOAP messages. The output from the server may be viewed in the appropriate container's log file. The output from the client is sent to
stdout
or to whichever stream is used by the configured log handler. Messages are logged at theINFO
level.In this example, server-side code is found in the
/dynamic-response/server/src/sample/
directory. Client-side code is found in the/dynamic-response/client/src/sample/
directory. Theasant
(orant
) targets build objects under the/build/server/
and/build/client/
directories.Security Configuration Files for Enabling Dynamic Response
For this sample application, the security configuration files are fairly simple. The security configuration files are used to sign the request and encrypt the response, but the work of using the requester certificate to encrypt the response back to the requester is accomplished using the
SecurityEnvironmentHandler
, which is discussed in Using the CallbackHandler to Enable Dynamic Response.The client security configuration file for this example,
sign-client.xml
, looks like this:<xwss:JAXRPCSecurity xmlns:xwss="http://java.sun.com/xml/ns/ xwss/config"> <xwss:Service> <xwss:SecurityConfiguration dumpMessages="true"> <!-- Note that in the <Sign> operation, a Timestamp is exported in the security header and signed by default. --> <xwss:Sign> <xwss:X509Token certificateAlias="xws-security- client"/> </xwss:Sign> <xwss:RequireEncryption/> </xwss:SecurityConfiguration> </xwss:Service> <xwss:SecurityEnvironmentHandler> sample.SecurityEnvironmentHandler </xwss:SecurityEnvironmentHandler> </xwss:JAXRPCSecurity>The server security configuration file for this example,
encrypt-server.xml
, looks like this:<xwss:JAXRPCSecurity xmlns:xwss="http://java.sun.com/xml/ns/ xwss/config"> <xwss:Service> <xwss:SecurityConfiguration dumpMessages="true"> <xwss:RequireSignature/> <xwss:Encrypt/> </xwss:SecurityConfiguration> </xwss:Service> <xwss:SecurityEnvironmentHandler> sample.SecurityEnvironmentHandler </xwss:SecurityEnvironmentHandler> </xwss:JAXRPCSecurity>Using the CallbackHandler to Enable Dynamic Response
In this sample application, the security configuration files sign the request and encrypt the response, however the work of using the requester certificate to encrypt the response back to the requester is done in the
SecurityEnvironmentHandler
. The full source code for theSecurityEnvironmentHandler
is located in the directorydynamic-response/src/sample
. This snippet from that file demonstrates how to use aCallbackHandler
to generate the response dynamically:if (cb.getRequest() instanceof EncryptionKeyCallback.AliasX509CertificateRequest) { EncryptionKeyCallback.AliasX509CertificateRequest request = (EncryptionKeyCallback.AliasX509CertificateRequest) cb.getRequest(); String alias = request.getAlias(); if ((alias == null) || "".equals(alias)) { Subject currentSubject = SubjectAccessor.getRequesterSubject(); Set publicCredentials = currentSubject.getPublicCredentials(); for (Iterator it = publicCredentials.iterator(); it.hasNext();) { Object cred = it.next(); if(cred instanceof java.security.cert.X509Certificate){ java.security.cert.X509Certificate cert = (java.security.cert.X509 Certificate)cred; request.setX509Certificate(cert) ;Running the Dynamic Response Sample Application
To run the
dynamic-response
sample application, follow these steps:
Note: To run the sample against a remote server containing the deployed endpoint, use the
run-remote-sample
target in place of therun-sample
target. In this situation, make sure that theendpoint.host
,endpoint.port
,http.proxyHost
,http.proxyPort
, andservice.url
properties are set correctly in thebuild.properties
file (as discussed in Setting Build Properties) before running the sample.
If the application runs successfully, you will see a message similar to the following:
[echo] Running the client program.... [java] ==== Sending Message Start ==== ... [java] ==== Sending Message End ==== [java] ==== Received Message Start ==== ... [java] ==== Received Message End ====You can view similar messages in the server logs: