Implementing MLS in web service using XWSS.

Hi All,

I started learning web services and implementing security into it. So i thought of sharing my experience with you.

I created a contract first web service, based on spring web service (more detail can be found on spring website) and implemented  a simple client using spring integration. When we do not have security implemented with WS then it is quiet easy to create and use, but once security comes then ohh my god. ewww..  what a rock ………….!!!!!!!!!!!!!!

We can implement security into web service 3 ways. Here I am trying to explain XWSS (XML web service security) implementation with spring web service. To implement xwss we need seciryt policy configuration, one interceptor which intercepts each incoming soap request and key store file if you are encrypting and decrypting soap request and response. Here i have taken example of key store files because in in this sample i am encrypting soap request at client side, decrypting soap incoming request using security policy and private key, processing the request, encrypting response, sending encrypted response back to client and decrypting response to see actual response at client end.

Basically security policy files are responsible for soap message encryption and decryption. <xwss: sign /> tag signs your message and <xwss:encrypt /> tag encrypts the message and <xwss:requiresEncryption /> tag decrypts encrypted message.

key store files can be generated using keytool utility. please see attached txt file for help.

I am attaching source code for client and web server.

Source code

Advertisements
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: