12.1. Configuring Security Using NetBeans IDE

This section describes the following tasks:

To Secure the Service

To use the IDE to configure security for a web service and/or a web service operation, perform the following steps.

  1. Create or open your web service.

    If you need an example of how to create a web service, refer to Developing with NetBeans.

    When creating an application using the wizards in NetBeans IDE and running on GlassFish, the Java EE Version defaults to Java EE 5. This results in an application compliant with JSR-109, Implementing Enterprise Web Services, which can be read at http://jcp.org/en/jsr/detail?id=109. If you select a value other than the default, for example, J2EE 1.4, the application that is created is not JSR-109 compliant, which means that the application is not JAX-WS, but is JAX-RPC.

  2. In the Projects window, expand the Web Services node.
  3. Right-click the node for the web service you want to secure.
  4. Select Edit Web Service Attributes.

    When the Web Service Attributes Editor is opened, the Quality of Service options appear (see Web Service Attributes Editor Page).

    Web Service Attributes Editor Page
    Screen shot of web service attributes editor page
  5. Select Secure Service.

    This option enables WSIT security for all of the operations of a web service.

    For information on how to secure selected operations, refer to Securing Operations and Messages.

  6. Choose a Security Mechanism from the list.

    Most of the mechanisms are fully functional without further configuration, however, if you'd like to customize the mechanism, click Configure to specify the configuration for that mechanism.

    Options in the Configure dialog are discussed in Security Mechanism Configuration Options.

  7. Select Use Development Defaults.

    Select this option to import certificates into the GlassFish keystore and truststore so that they can be used immediately for development. The WSIT message security mechanisms require the use of v3 certificates. The default GlassFish keystore and truststore do not contain v3 certificates at this time. In order to use message security mechanisms with GlassFish, it is necessary to obtain keystore and truststore files that contain v3 certificates and import the appropriate certificates into the default GlassFish stores.

    In addition to importing certificates, when this option is selected a default user is created in the file realm with username wsitUser.

    In a production environment, you should provide your own certificates and user settings, however, in a development environment you may find these defaults useful.

  8. Specify Keystore, Truststore, STS, SSL, and/or user information as required for the selected security mechanism.

    Refer to the entry for the selected security mechanism in Summary of Service-Side Configuration Requirements . This table summarizes the information that needs to be set up for each of the security mechanisms.

  9. Click OK to save your changes.
  10. Run the web application by right-clicking the project node and selecting Run.
  11. Verify the URL of the WSDL file before proceeding with the creation of the web service client.

    The client will be created from this WSDL file, and will get the service's security policies through the web service reference URL when the client is built or refreshed.

To Secure the Client

All of the steps in To Secure the Service need to be completed before you create your web service client. The service's security policies are defined in its WSDL. You specify this WSDL file when you create the client application so that the client is configured to work with the service's security mechanism through the web service reference URL when the client is built or refreshed.

To use the IDE to configure security for a web service client, perform the following steps.

  1. Create a client for your web service.

    If you need an example of how to do this, see Creating a Client to Consume a WSIT-Enabled Web Service .

    If you are creating a client for a mechanism that will use SSL, specify the secure port for running the client when completing the New Web Service Client step. To do this, type https://fully_qualified_hostname:8181/rest_of_url in the WSDL URL field of the New Web Service Client wizard. For the example, this is the way to specify the secure URL for CalculatorWSService web service:

                        https://fully_qualified_hostname:8181/CalculatorApplication/CalculatorWSService?wsdl
                    

    If you prefer to use localhost in place of the fully-qualified hostname when specifying the URL for the service WSDL, you must follow the workaround described in Transport Security (SSL) Workaround.

  2. In the Projects window, expand the client node.
  3. Expand the Web Service References node.
  4. Right-click the node for the web service reference you want to secure.
  5. Select Edit Web Service Attributes.

    When the Web Service References Attributes Editor is opened, select the Quality of Service tab to display the security options (see Web Service References Attributes Editor Page for Web Service Clients ).

    Web Service References Attributes Editor Page for Web Service Clients
    Screen shot of web service references attributes editor page for web service clients
  6. Select Use Development Defaults.

    Refer to Summary of Client-Side Configuration Requirements for a summary of what options are required on the client side. The configuration requirements for the client are dependent upon which security mechanism is specified on the server side.

  7. Click OK to save your changes.

    The security configuration information is saved in two files under Source Packages/META-INF. For more information on the format and runtime usage of these files, see Client-Side WSIT Configuration Files .


Terms of Use; Privacy Policy; Copyright ©2013-2014 (revision 20131025.e7cbc9d)
 
 
Close
loading
Please Confirm
Close