< Previous | Next >

Lesson 5: Secure the web service client with the WS-I RSP policy set

You can add security to a web service client by attaching policy sets to the client. Each attachment specifies an endpoint, a policy set, and a binding. Because each configuration is specific to an application and a user, you must configure a binding for some policy types.

Before you begin

Before you begin, you must have completed the steps in Lesson 4: Attach the RSP policy set to the web service.

About this task

For a given web service and a client of that service, the policy sets and bindings configuration must match for the service to function correctly.

Procedure

  1. In the Java™ EE perspective Services view expand the JAX-WS web services node. Select the address book client, right-click, and select Manage Policy Set Attachment.
  2. Ensure that the jwsAddressBookEAR is selected, and click Next.
  3. In the Application section, click Add to attach a policy set to the endpoint and specify the bindings.
    1. Since the service is secured at the service level rather than the endpoint or operation level, the client will be secured at this level as well. Select the AddressBookService from the Service Name drop-down list and leave the Endpoint and Operation Name fields empty.
    2. In the Policy Set field, select WS-I RSP from the list.
    3. In the Binding field, ensure Client Sample is selected. This is a client-side general binding that is packaged with WebSphere® Application Server.
    4. Click OK.
  4. The policy types contained by the policy set you selected are listed in the Bindings Configuration table. The configuration for these policy types are already complete.
  5. Click Finish to complete the wizard.

Results

clientPolicyAttachments.xml is created in the META-INF folder of the jwsAddressBookEAR, as well as the client side bindings.

Screen capture of the Project Explorer showing the client-side bindings contained in the EAR

Testing the secured web service using the TestClient.jsp

About this task

When you ran the TestClient.jsp earlier the web service was not secure. The SOAP traffic contained the information being sent to and from the web service in clear (unencrypted) text.

Procedure

  1. Select the SaveAddress method, enter information in each of the fields and click Invoke.
  2. Select the Find Address method, enter the name used in the previous step and click Invoke. The web service should function in the exact way that it did before it was secured with the information entered in step 1 being displayed in the Results pane.

Lesson Checkpoint

Finish your tutorial by reviewing the materials in the Summary

< Previous | Next >
Icon that indicates the type of topic Tutorial lesson topic
Timestamp icon Last updated: July 17, 2017 21:58

File name: jaxwstd_exercise15.html