LAB-3410: Learn to Build Reliable and Secure Web Services...

LAB-3410: Learn to Build Reliable and Secure Web Services using JAX-WS and WSIT

Carol McDonald

Learn how to develop reliable, secure, interoperable Web Services and clients using Metro and Netbeans

Sun’s Web Services Stack

Metro: JAX-WS + WSIT

JAXB = Java Architecture for XML Binding | JAX-WS = Java APIs for XML Web Services

NetBeans JAX-WS Tooling

TransactionsReliable-Messaging

Security

MetadataWSDLPolicy

Core Web Services

HTTP TCP SMTP

JAXB, JAXP, StaX

JAX-WS

transport

How Hands-on Labs Work

• We will give a brief explanation of each lab exercise and a demo

• You will do the lab exercises on your own by reading the lab document > In the browser , or paper

• Feel free to ask questions, proctors are here to help

Lab Format

• “Free form” lab• This lab is for 120 mins• Lab setup• 4 Lab exercises:

> Exercise 1: Creating a Web Service > Exercise 2: Creating a Web Service Client> Exercise 3: Configuring WSIT Reliability in a Web Service> Exercise 4: Configuring WSIT Security in a Web Service

Exercise 0: Lab Setup

1. Install Java SE 6

2. Install NetBeans 6 w/ GlassFish

3. Copy 3410_metro.zip and unzip! Will create metro directory = <lab_root>! It contains the following:

! lab document index.html (same as paper)! Exercises, solutions directory

4.Create the database tables

5.Install Security Certificates in GlassFish

Agenda

• Exercise 1: Creating a Web Service• Exercise 2: Creating a Web Service Client• Exercise 3: Configuring WSIT Reliability in a Web

Service• Exercise 4: Configuring WSIT Security in a Web

Service

Developing a Web Service Starting with a Java class

war or ear

@WebServicePOJO Implementation classServlet-based or Stateless Session EJBOptional handler classes

Packaged application (war/ear file)

You develop

Service contractWSDL

Deploymentcreates JAXB and JAX-WS files needed for the service

Example: Servlet-Based Endpoint

@WebService

public class Catalog { public List<Item> getItems(int firstItem, int batchSize) { .... return q.getResultList(); }}

• All public methods become web service operations

• WSDL/Schema generated at deploy time automatically

• Default values for WSDL service name, etc.

Service Description default mapping Java mapping -> WSDL:

public class Catalog{ public List<Item> getItems(int firstItem,

int batchSize){ ... }}

<portType name="Catalog"> <operation name="getItems"> <input message="tns:getItems"/> <output message="tns:getItemsResponse"/> </operation></portType> PORT TYPE = ABSTRACT INTERFACE

OPERATION = METHOD

MESSAGE = PARAMETERS AND RETURN VALUES

Demo Creating a Web Service

Agenda

Service

Client-Side Programming

wsimport tool

@WebService

Dynamic Proxy

Service contractWSDL

Generates

You develop Client which calls proxy

Example: JSF Managed Bean WS Client

No Java Naming and Directory Interface™ API !

public class ItemController {

@WebServiceRef(wsdlLocation = "http://.../CatalogService?wsdl")

private CatalogService service;

public DataModel getNextItems() {

Catalog port = service.getCatalogPort();

List<Item> result = port.getItems(arg0, arg1);

Get Proxy Class

Business Interface

Factory Class

WSDL Elements/Java Mapping

Service

PortType Binding

Catalog

Method

Parameters

Operation

Message

Factory ClassCatalogService

CatalogPort

Business Interface

Demo Creating a Web Service Client

Agenda

Service

WS-ReliableMessaging

Client Endpoint

RMSource RMDestination

JAX-WS/WCF ServerRuntime

JAX-WS/WCF Client Runtime

Application Message

Ack Protocol Message

bufferbuffer

> RMSource handles sending and re-sending> RMDestination handles reconstructing the stream of messages

Configuration with NetBeans

Demo Configuring WSIT Reliability in a Web Service

Agenda

Service

Digital Certificate Identity data signed by a Certification Authority. Provides a

Trusted source of identification.

Version #

Serial #

Signature Algorithm

Issuer Name

Validity Period

Subject Name

Subject Public Key

Issuer Unique ID

Subject Unique ID

Extensions

Digital Signature

X.509 Certificate

Digital ID

• Electronic Proof of Identity

• Issued and signed by Certifying Authority

• Public, Private keys

• Makes security protocols work

•SSL

CA Authorized

Encryption

Public

Encryption

Original

DocumentEncrypted

DocumentPrivate

Decryption

Original

DocumentSender Receiver

Receiver

PublicKey

ReceiverPrivateKey

• XML Encryption (data confidentiality)• Only the private key can decrypt

Asymmetric keys

Digital Signature

Private

Encryption

dataSignature Public

Decryption

Receiver

Transform Transform

Sender

Sender's PrivateKey

Sender's PublicKey

• XML Signature (data integrity)• Bind the sender’s identity to an XML document

WS-Security: SOAP Message Security

• WS-Security defines:• Encrypting and signing message

parts: • XML Signature and XML

Encryption in SOAP Header

• How to pass security tokens

• (token=security information identifies the msg sender)• UserName/Password token

• X.509 certificates

• SAML

• Kerberos tickets

SOAP Envelope

SOAP Envelope Header

SOAP Envelope Body

WS-Security Header

SecurityToken

Business Payload

WS-security example<?xml version="1.0" encoding="utf-8"?>

<SOAP:Envelope xmlns:SOAP="http://schemas.xmlsoap.org/soap/envelope/"

xmlns:xsd="http://www.w3.org/2001/XMLSchema"

xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

<SOAP:Header>

<wssec:credentials xmlns:wssec="http://schemas.xmlsoap.org/ws/2001/10/security">

<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="SigningCertificate">

<ds:X509Data>

<ds:X509Certificate>MIIH1zCCBr+gAwIBA...</ds:X509Certificate>

</ds:X509Data>

</ds:KeyInfo>

</wssec:credentials>

<wssec:integrity xmlns:wssec="http://schemas.xmlsoap.org/ws/2001/10/security">

<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">

<ds:SignedInfo>

<ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/xml-exc-c14n#"/>

<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>

<ds:Reference URI=""/>

<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>

<ds:DigestValue>j6lwx3rvEPO0vKtMup4NbeVu8nk=</DigestValue>

</ds:Reference>

</ds:SignedInfo>

<ds:SignatureValue>aiYECAxNqK2PivQaRweWajXup5zJa...</ds:SignatureValue>

<ds:KeyInfo> <wsse:SecurityTokenReference>

<wsse:Reference URI="#wssecurity_binary_security_token_id_1603"/>

</wsse:SecurityTokenReference>

</ds:KeyInfo>

</ds:Signature>

</wssec:integrity>

</SOAP:Header>

web services client

SOAPclient

signed &encrypted

web services server

SOAPserver

SOAPservice

request data

response data

security serversignature validation

authentication authorization

authorization

https/ssl(optional)

dataencryption

digitalcertificate

digitalcertificatetoken

requestdata

datadecryption/encryption

validation

Mutual Certificates Security

authentication

• WS-Trust framework for:> Issue, Validate, security tokens used by WS-Security

> Establish and broker trust relationships

• How to Establish a Secure SESSION> For multiple message exchanges

> Create shared symmetric session key

> Optimizes processing

WS-SecureConversationOptimized Security

security context token

Use generated symmetric session key

Configuration with NetBeans

Demo Configuring WSIT Security in a Web Service

Summary

• Metro Integrated with GlassFish Application Server> JAX-WS

!easier to use and more powerful than JAX-RPC

!part of the Java EE 5 and Java SE 6 platforms

!Layered design hides the complexity– Extensible at the protocol and transport level

> WSIT!Makes Metro interoperable with other WS-*

stacks

!No new APIs , easy with NetBeans plugin

For More Information

! METRO! http://metro.dev.java.net

! JAX-WS! http://jax-ws.dev.java.net! http://www.netbeans.org/kb/60/websvc/jax-ws.html

! WSIT! http://wsit.dev.java.net! https://wsit-docs.dev.java.net/releases/1-0-

FCS/index.html

! Glassfish! http://glassfish.dev.java.net! http://blogs.sun.com/theaquarium/

! Carol McDonald's blog! http://weblogs.java.net/blog/caroljmcdonald/

LAB-3410: Learn to Build Reliable and Secure Web Services using JAX-WS and WSIT

Carol McDonald, Fabian Ritzmann, Martin Grebac

LAB-3410: Learn to Build Reliable and Secure Web Services...

Documents

A Step-by-Step Exercise for Creating a Mission Statement

FOR Creating an Exercise Routine an Exercise Routine.pdfYou might have tried to start an exercise program in the past. But instead of just exercising, let us help you make lifestyle

Creating Exercise Habits Using Incentives: The Tradeoff between Flexibility … · 2017-10-03 · Creating Exercise Habits Using Incentives Beshears et al. 4 each day a participant

REM1 datasheet 20170524 - RECOM Power REV.: 5/2018 MED-3 DC/DC Converter Speciﬁ cations (measured @ Ta= 25 C, nominal input voltage, full load and after warm-up)REM1 Series REGULATIONS

Creating Sustainable Communities - Harvard University · policy analysis exercise submission for the taubman center urban prize green zoning: creating sustainable communities through

FEMA - Creating a Unified Exercise Strategy

Exercise 2.1: Creating a LabVIEW FPGA VI - web.eecs.utk.edu

Table of Contents - Aristides S. Bouras...Exercise 8.1-4 Creating a Trace Table 85 Exercise 8.1-5 Creating a Trace Table 86

Microsoft Access Creating Queries Expression Exercise- Criteria and Calculated Fields

Creating a Well-Rounded Online Learning Experience...Exam Doc Comm ents Se nt Tim e Object Grade--87% Lecture Exercise Listen Exercise Reading Exercise Assignment Exam 89% 91% 94%

Creating Situational Understanding at Echelon Corps and Below · 2018-01-18 · Creating Situational Understanding at Echelon Corps and Below Intelligence is not an academic exercise,

Exercise 4: Digitizing New Data - wvview.org · Exercise 4: Digitizing New Data . In this exercise, you will learn the process of creating and editing spatial datasets using on-screen,

FInal Manual Represión Emocional Test REM1 Fianal de Los Finales 28-11-14

Exercise: Creating and editing solid geometry - … · Exercise: Creating and editing solid geometry In this exercise, you will learn: • What solid geometry is • What topology

: exercise-2-creating-the-splash-scene.html

A Step-by-Step Exercise for Creating a Mission · PDF fileA Step-by-Step Exercise for Creating a Mission Statement ... Now you’ve got several strong, simple mission statement possibilities

Hadoop Exercise to Create an Inverted Index Objectivescsci572.com/2021Spring/hw3/HadoopExercise.pdf · 2021. 3. 15. · 1 Hadoop Exercise to Create an Inverted Index Objectives: Creating

Creating a Local Competitive Advantage for Ilembe: Agriculture Results of the PACA Exercise 20 - 28 October 2003

Create Web Experiences - adobe.com€¢ Exercise 5.3: Publish and Unpublish a Page 6. Creating and Managing Templates • Templates Console and Template Editor • Creating and Modifying

Marketing exercise _ Creating a Product