//new to java /
Introduction to Web Service Security
from Server to Client
MAX BONBHEL
Secure your Web services with Metro, GlassFish, and the NetBeans IDE.
JAVA IN ACTION
Web services are the best way to integrate new or
extend existing functionality into
an application, but this causes
new problems for the security of
data transiting between the client
and the server. This article is the
first in a three-part series that
will focus on the different aspects
of SOAP Web services, such as
security, reliability, and transactions. The goal of this series is to
highlight methods for increasing
the security of applications within
the context of increasingly complex systems.
In this article, I will demonstrate how to secure Web services
efficiently both on the server and
the client using Metro, GlassFish,
and the NetBeans IDE.
Note: The complete source code
for the application designed in this
article can be downloaded here.
Web service to reliable, secured,
and transacted Web services that
involve .NET services. The Metro
platform provides, in one place,
all we need to build production-quality Web services.
What Is Metro?
Metro (included in the NetBeans
IDE) is a high-performance,
extensible, easy-to-use Web service stack. It is a one-stop shop
for all your Web service needs,
from the simplest “hello world”
What Is WSIT?
Web Services Interoperability
Technology (WSIT) is a part of
the Metro Web service stack
along with the Java API for
XML Web Services Reference
Implementation (JAX-WS RI). It
provides a complete architec-
ture and tools for developing the
next generation of Web service
technologies. WSIT consists of
Java APIs that enable advanced
Web service features to facilitate
interoperability with .NET.
■ ■ GlassFish 3. 1. 2 (available for
download here)
■ ■ Metro 1. 3 or higher (included in
NetBeans)
■ ■ The AuctionApp project from
Part 3 of “Introduction to
RESTful Web Services” (
available for download here)
Note: This article was tested
with the latest version of the
NetBeans IDE (version 7. 1. 2, as of
this writing).
ABOUT US
blog
PHOTOGRAPH BY
ALLEN MCINNIS/GETTY IMAGES
Author Max Bonbhel demonstrates how to
secure your Web services.
Prerequisites
Download the following software, which was used to develop
the application described in this
article:
■ ■ NetBeans IDE 7. 1. 2 (available
for download here)
Overview of Adding Security
Options to the Web Service
What we are going to do is secure
the service and the client of the
AuctionApp project we created
in the previous series of articles
(“Introduction to RESTful Web
Services”) by performing the following tasks:
■ ■ Secure the Web service:
■ ■ Add a security mechanism called Username
Authentication with
Symmetric Key.
■ ■ Import the certificates into
the GlassFish application
