Sun Java Solaris Communities My SDN Account
» search tips 
Sun Developer Network

Article

Enabling Web Service Security With OpenSSO WSS Agent: Part 1, Introduction

By Mrudul Uchil, Kamna Jain, and Rick Palkovic, September 2009  

Contents

Part 1 – Introduction
Part 2 – Writing a Web Service With JAX-WS
Part 3 – Deploying a Web Service on Tomcat, JBoss, WebLogic, GlassFish, and WebSphere
Part 4 – Securing a Web Service With OpenSSO WSS Agents
Part 5 – Conclusion and Resources

Service-oriented architecture (SOA) is one of the more promising concepts to emerge in enterprise architecture recently. SOA involves the use of loosely coupled, independent application services made available across a network. These services communicate through a standardized, platform-independent protocol that hides the underlying implementation details of each service. For example, a .NET client can access a service that is implemented in Java. By using a standardized interface language, the application that publishes a service need not know anything about the calling application. This modularization makes SOA particularly useful for enterprise and inter-enterprise architectures.

SOA can be implemented using several technologies; however, the most common choice today is Web Services. Web Services are published in a standard XML format called WSDL (Web Services Description Language), which describes the services available on a given server. A client invokes a web service by sending a request to the server using the XML-based SOAP or REST protocols. Messages are typically sent over an HTTP or HTTPS connection, so services can easily be published over the internet (hence the name web services).

Part 2 of this article explains how to write a web service with JAX-WS and view the requests and responses of the unsecured web service. Part 3 explains how to deploy it in several popular Java EE server containers. Part 4 explains how to secure the web service with OpenSSO Web Service Security (WSS) Agent.

About JAX-WS

JAX-WS (Java API for XML Web Services) is a technology designed to simplify the construction of web services and web service clients in Java. The latest version, JAX-WS 2.1, is part of the Java EE 5 platform. The platform provides powerful tools and techniques to facilitate web service development.

JAX-WS 2.1 provides a library of annotations and a toolkit of Ant tasks and command-line utilities that hide the complexity of the underlying XML message protocol. This release supports various protocols, including SOAP 1.1, SOAP 1.2, and REST. It uses JAXB 2.0 for XML data binding. When writing a JAX-WS 2.0/2.1 web service, you use annotations to define methods either in an interface or directly in an implementation class. The interface can be automatically generated. On the client side, the web service client creates a proxy object, then invokes methods on the proxy. Neither the server nor the client needs to generate or parse SOAP or REST messages; the JAX-WS 2.0/2.1 API takes care of these tedious low-level tasks.

[Next] [Part 1] [Part 2] [Part 3] [Part 4] [Part 5]

Rate This Article
 
Comments
Do you have advice about how to write better code? While we welcome all comments, we especially encourage developers who take issue with the ideas in this article to voice their disagreements. We welcome your participation in our community. Please keep your comments civil and on point. You may optionally provide your email address to be notified of replies - your information is not used for any other purpose. By submitting a comment, you agree to these Terms of Use.
Mrudul UchilMrudul Uchil a staff engineer and technical lead of the OpenSSO Enterprise engineering team at Sun, currently leads the development efforts on identity-related Web-Service Security Agents and works on the Core Services team. Previously at Sun, she led Security Token Service (STS) design and development efforts, Metro (WSIT) integration for WS-Security & WS-Trust, Java EE SDK-NetBeans IDE integration, and the Authentication service team in the OpenSSO product line. She blogs on Sun's identity products and Web services technologies.
 
Kamna JainKamna Jain a Software Engineer in the OpenSSO team at Sun since February 2009, holds an MS in Computer Engineering from Iowa State University. She blogs on web services security and OpenSSO technologies.
 
Rick PalkovicRick Palkovic is a staff writer for Sun Developer Network. He has written about the Solaris OS and Java technologies for longer than he likes to admit, composing everything from man pages to technical white papers.
 

Oracle is reviewing the Sun product roadmap and will provide guidance to customers in accordance with Oracle's standard product communication policies. Any resulting features and timing of release of such features as determined by Oracle's review of roadmaps, are at the sole discretion of Oracle. All product roadmap information, whether communicated by Sun Microsystems or by Oracle, does not represent a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. It is intended for information purposes only, and may not be incorporated into any contract.
About Sun  |  About This Site  |  Newsletters  |  Contact Us  |  Employment  |  How to Buy  |  Licensing  |  Terms of Use  |  Privacy  |  Trademarks
 

 
© 2010, Oracle Corporation and/or its affiliates
A Sun Developer Network Site

Unless otherwise licensed, code in all technical manuals herein (including articles, FAQs, samples) is provided under this License.
 
XML Sun Developer RSS Feeds