How to secure a J2SE Web Service
843833May 29 2009 — edited May 29 2009Hi,
I have created a J2SE Web Service using JAX-WS and I now wish to secure it but I can't seem to work out how to do it in an automated manner.
I have used the simple Java-First method, writing an annotated java class and then running wsgen to generate the WSDL and required artifacts.
WSIT seems to be the solution, placing a WSIT config file in a META-INF directory on the classpath. However, in the examples that I have there seems to be a huge amount of overlap between the WSDL and the WSIT config file. Moreover, the content of the WSIT config seems to be dependent on the contents of the WSDL. This means that should I update the implementation class I would have to manually update the WSIT config (unlike the WSDL which would be autogenerated from the Java class).
Ideally I would like to create two files:
- myserviceImpl.java
- wsit-config.xml (using the correct naming convention)
Then run WSGEN and, hey presto, a full WSDL is generated complete ith security policy information. However, it seems that this is not the way it works.
I'd be grateful for any advice you can give on how to automate this process. My current idea is to generate the WSDL and then use an XSLT step in the build process to drag the WSIT config into the WSDL.
I'd also be interested in hearing how other people have created secure J2SE web services.
I am using Eclipse (not NetBeans) and Maven.
Thanks