Previous
Next


WS-Security Demo  Locate

Overview  Locate

This demo shows several scenarios that are available with WS-Security:

  1. The client sends a message with a UserName token (which consists of user name and password in plain text, without nonce and created elements). The server verifies existence of the user and echoes message back to the client without any security elements.

  2. The client sends a message with an encrypted UserName token (it is encrypted using service identity public key). The server decrypts the token, verifies existence of the user and echoes message back to the client without any security mechanism.

  3. The client signs (using client identity private key) and encrypts the message body (using service identity public key). The client also adds a timestamp header. The server decrypts the body, verifies the signature and echoes message back to the client - the response message body is signed with the service identity private key and then encrypted using the sender's public key.

To enable encryption and signing, both client and service have a private/public key pair and have each other's certificates in their keystores.

WS-Security message configuration may be done persistently with deployment descriptor or using runtime API. This demo shows both persistent configuration and runtime APIs (low-level and hi-level, respectively).

[Note]Note

SOAP 1.2 - If you want to run the demo with SOAP 1.2, you have to change port name in client's deployment descriptor (file dd/client.xml) from "ns0:WsSecurityService" to "ns0:WsSecurityService_SOAP12", and if you have already run the demo with SOAP 1.1, you also have to prune WASP_HOME/app_classpath directory. Runtime configuration is not affected by SOAP version.

Demo Package Description  Locate

In addition to the files described in Files and Directories, this demo contains:

File or directoryDescription
src/demo/security/wssecurity/persistent/server/

Server source code (persistent configuration)

src/demo/security/wssecurity/runtime/lowlevel/server/

Server source code (low-level runtime API)

src/demo/security/wssecurity/runtime/hilevel/server/

Server source code (hi-level runtime API)

src/demo/security/wssecurity/persistent/client/

Client source code (persistent configuration)

src/demo/security/wssecurity/runtime/lowlevel/client/

Client source code (low-level runtime API)

src/demo/security/wssecurity/runtime/hilevel/client/

Client source code (hi-level runtime API)

Prerequisites and Preparatory Steps  Locate

The demo assumes that you have installed SESJ with security and have performed all additional steps described in Product Guide / Security Guide / WS-Security Provider / System Requirements.

Building and Running Demos  Locate

You can run the demo using "run.sh" or "run.bat" scripts. The script on invocation without arguments prints out a help message.

Demo can be run in three different ways. The ways are the same in their concept, but the configuration of WS-Security messaging differs.

  • Hi-level WS-Security runtime API works with predefined objects for WS-Security messaging. The developer instantiates these objects in the code.

  • Low-level WS-Security runtime API is based on construction of WS-Security configuration for further messaging.

  • Persisent configuration is the last choice. WS-Security messaging configuration is written into the deployment descriptor. Such configuration is similar to the Low-level WS-Security runtime API in the structure of classes used. This type of WS-Security configuration is manageable through the SESJ Management Console.

Before you run the demo, you need to issue the following command to generate identities used in this demo: 

run.bat(sh) create_identities ADMIN_NAME ADMIN_PASSWORD

or

runant.bat(sh) create_identities ADMIN_NAME ADMIN_PASSWORD

Where ADMIN_NAME is the name of the administrator (you set it when you were installing security. The default name is "admin"). ADMIN_PASSWORD is the administrator's password (default is "changeit").

Runtime publishing + hi-level runtime API  Locate

  1. Compile server classes ... 

    Windows:       run.bat make_server_hi
Windows + Ant: runant.bat make_server_hi
Linux:         ./run.sh make_server_hi
Linux + Ant:   ./runant.sh make_server_hi

  2. Run the WsSecurityServer (it starts SESJ and publishes WsSecurityService class) ...

    [Note]Note

    If you have previously deployed the service, you have to undeploy it first! 

    Windows:       run.bat run_server_hi
Windows + Ant: runant.bat run_server_hi
Linux:         ./run.sh run_server_hi (use a new terminal)
Linux + Ant:   ./runant.sh run_server_hi (use a new terminal)

  3. Make client classes ... 

    Windows:       run.bat make_client_hi
Windows + Ant: runant.bat make_client_hi
Linux:         ./run.sh make_client_hi
Linux + Ant:   ./runant.sh make_client_hi

  4. Run the WsSecurityClientRuntime ... 

    Windows:       run.bat run_client_hi
Windows + Ant: runant.bat run_client_hi
Linux:         ./run.sh run_client_hi
Linux + Ant:   ./runant.sh run_client_hi

    If you wish to follow the progress of the invocation with SoapSpy, perform the following:

    1. Run server_java60/bin/soapspy.bat or soapspy.sh. This will bring up the SoapSpy GUI.

    2. Start spying by selecting Start Spying from the Spy menu or by clicking the spy icon in the main pane.

    3. Run the client using the run spy_client command instead of run_client.

Runtime publishing + low-level runtime API  Locate

  1. Compile server classes ... 

    Windows:       run.bat make_server_lo
Windows + Ant: runant.bat make_server_lo
Linux:         ./run.sh make_server_lo
Linux + Ant:   ./runant.sh make_server_lo

  2. Run the WsSecurityServer (it starts SESJ and publishes WsSecurityService class) ...

    [Note]Note

    If you have previously deployed the service, you have to undeploy it first! 

    Windows:       run.bat run_server_lo
Windows + Ant: runant.bat run_server_lo
Linux:         ./run.sh run_server_lo (use a new terminal)
Linux + Ant:   ./runant.sh run_server_lo (use a new terminal)

  3. Make client classes ... 

    Windows:       run.bat make_client_lo
Windows + Ant: runant.bat make_client_lo
Linux:         ./run.sh make_client_lo
Linux + Ant:   ./runant.sh make_client_lo

  4. Run the WsSecurityClientRuntime ... 

    Windows:       run.bat run_client_lo
Windows + Ant: runant.bat run_client_lo
Linux:         ./run.sh run_client_lo
Linux + Ant:   ./runant.sh run_client_lo

    If you wish to follow the progress of the invocation with SoapSpy, perform the following:

    1. Run server_java60/bin/soapspy.bat or soapspy.sh. This will bring up the SoapSpy GUI.

    2. Start spying by selecting Start Spying from the Spy menu or by clicking the spy icon in the main pane.

    3. Run the client using the run spy_client command instead of run_client.

Persistent deployment  Locate

  1. Be sure that you've started SESJ.

  2. Create client and service identities. 

    Windows:       run.bat create_identities ADMIN_NAME ADMIN_PASSWORD
Windows + Ant: runant.bat create_identities ADMIN_NAME ADMIN_PASSWORD
Linux:         ./run.sh create_identities ADMIN_NAME ADMIN_PASSWORD
Linux + Ant:   ./runant.sh create_identities ADMIN_NAME ADMIN_PASSWORD

  3. Compile the WsSecurityService ... 

    Windows:       run.bat make_service
Windows + Ant: runant.bat make_service
Linux:         ./run.sh make_service
Linux + Ant:   ./runant.sh make_service

  4. Deploy the WsSecurityService on the SESJ ... 

    Windows:       run.bat deploy_service ADMIN_NAME ADMIN_PASSWORD
Windows + Ant: runant.bat deploy_service ADMIN_NAME ADMIN_PASSWORD
Linux:         ./run.sh deploy_service ADMIN_NAME ADMIN_PASSWORD
Linux + Ant:   ./runant.sh deploy_service ADMIN_NAME ADMIN_PASSWORD

  5. Make client classes ... 

    Windows:       run.bat make_client
Windows + Ant: runant.bat make_client
Linux:         ./run.sh make_client
Linux + Ant:   ./runant.sh make_client

  6. Run the WsSecurityClient (it calls WsSecurityService) ... 

    Windows:       run.bat run_client
Windows + Ant: runant.bat run_client
Linux:         ./run.sh run_client
Linux + Ant:   ./runant.sh run_client

    If you wish to follow the progress of the invocation with SoapSpy, perform the following:

    1. Run server_java60/bin/soapspy.bat or soapspy.sh. This will bring up the SoapSpy GUI.

    2. Start spying by selecting Start Spying from the Spy menu or by clicking the spy icon in the main pane.

    3. Run the client using the run spy_client command instead of run_client.

  7. Undeploy the WsSecurityService from the SESJ ... 

    Windows:       run.bat undeploy_service ADMIN_NAME ADMIN_PASSWORD
Windows + Ant: runant.bat undeploy_service ADMIN_NAME ADMIN_PASSWORD
Linux:         ./run.sh undeploy_service ADMIN_NAME ADMIN_PASSWORD
Linux + Ant:   ./runant.sh undeploy_service ADMIN_NAME ADMIN_PASSWORD


Previous
Next