This week's book giveaway is in the Servlets forum.
We're giving away four copies of Murach's Java Servlets and JSP and have Joel Murach on-line!
See this thread for details.
The moose likes Web Services and the fly likes web service security Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Java » Web Services
Bookmark "web service security" Watch "web service security" New topic

web service security

Goran Markovic
Ranch Hand

Joined: Sep 26, 2008
Posts: 399
Hi. I have tried some examples using WSIT tutorial. Genesis of either server and client, occurs in the NetBeans IDE. And everything works fine when I try any sort of ws security, explained in the examples.
But, I don't get hoe to deploy service on the tomcat server, independently of NetBeans IDE? As much I saw for a client, in the NetBeans, when create Web Service Client, Web Service Reference file which is a wsdl file with embedded WS Security Policy. in the NetBeans it's all somehow "hiddenly performed behind", and I have a a problem if I want to deploy service/client application in the standalone tomcat server, because I will not use deployemtn from NetBeans in the production,where service is exposed as a WSServlet. But I do not know what to do with a client because, if try to engage a client just as I did, but before engaging a ws security policy, I get an exception contains that my SOAP message, client request, doesn't contains a security headers.
So, how to refine and what to do with my deployment ? I hope I was clear about my problem.
Ulf Dittmer

Joined: Mar 22, 2005
Posts: 41060
Yep, the Sun-affiliated people sure make it hard to do much of anything these days without using NetBeans. Which sucks because plenty of people don't use it.

Check out #14 in the Metro user's guide:

Ping & DNS - my free Android networking tools app
Goran Markovic
Ranch Hand

Joined: Sep 26, 2008
Posts: 399
Thanks. I am going to try it now.
Goran Markovic
Ranch Hand

Joined: Sep 26, 2008
Posts: 399
Hi. I have a few doubts about using WSIT outside a NetBeans. I will be little more verbose just to make my self clear. I have a Web Service made outside of NetBeans IDE :

This is the wsit-org.sler.ue.UEServer.xml file :

and web service client :

Where in the package authC are stored classes for service invocation, and these classes are generated using wsimport command on the deployed address of service, also using custom client files for bindings (using -b command). I invoke a service, it perform calculation and everything works fine. Here I am using just stand alone Tomcat server.
What doubts me is a dump message. As you can see here I introduce a handler which purpose is only to print a SOAP on the screen, and this is the content of such a message. this is the request:

As you can see there is no any security header added to the SOAP Headers printed?
When I using a NetBeans, I set in the Glassfish configuration file to perform dump message in order to see SOAP. And it display to me next, which is entire SoAP messages with Security Headers and encryption/signature:

My question is why are messages different if the same wsit is performed (In the NetBeans I use - "Username Authentication with Symmetric Key" option, and configured wsit file is later used for stand alone deployed service)? Or in the case of stand alone deploying WSIT features are NOT applied to the service?
please some one make me this clear. Thanks
Goran Markovic
Ranch Hand

Joined: Sep 26, 2008
Posts: 399
Hi. can anyone give a hint about my issue? Thanks
I agree. Here's the link:
subject: web service security
Similar Threads
WS and tomcat
JAX-WS @WebServiceRef injection NullPointerException solution in NetBeans
JAX-WS web service client - unmarshalling is not working on stand alone server (Tomcat or OC4J)
Problems with a project with Netbeans
Basic doubts regarding ssl with tomcat 5.5 ?