Developing Secure JAX-WS Web Services with WSO2 AS

WSO2 AS supports Apache CXF as the JAX-WS framework from next release on-wards. Applying WS-Security on JAX-WS services is an important use case when developing web services. CXF supports two ways to configure WS-Security on JAX-WS services.

  1. By using custom configurations in the cxf-servlet.xml file. This is the old way and it’s documented here. When a service is secured using this method, there won’t be a Policy on the WSDL and the clients can’t get needed Policy information to invoke the service just by looking at the contract. Therefore this is not a standard way of securing a service. A useful post on using this method can be found here. On WSO2 AS trunk, you can find a this type of sample here.
  2. By using WS-SecurityPolicy language. It’s documented here. This is the standard way of securing a service. Here, the service author has to include the Policy in the WSDL and engage it with needed bindings. Only the configurations like key store locations, callback handlers etc. should be done through the cxf-servlet.xml. A nice article which this kind of samples can be found here. And on WSO2 AS trunk, there’s a UT sample of this type here.

Both these methods are still supported. But the second one is the recommended way of doing it.

4 years at WSO2

Yesterday morning, accidentally I realized that I’ve been with WSO2 for 4 years. Joined the company on the 12th of May 2008 just after completing my CSE degree. Supun, Milinda, Saliya, Kalani and Rajika were the other batch mates who joined with me and Sameera joined a week later. Looking back, it has been a wonderful period of my life. I’ve learned a lot, gathered so much experience specially at customer sites and made lots of friends.

Just after joining the company I was assigned into WSO2 WSAS team and Azeez was my very first product manager. I still remember how we worked for our very first Carbon release. It was my first release experience and we had to put in lot of effort to get the release out. However I never felt tired and it was fun. I’ve written this post on the 31st of December 2008 with all my feelings about the company and the start of my career.

In addition to the technical experiences that I’ve gathered, I’ve made lots of friends at WSO2 who contributed a lot to make these 4 years unforgettable. Specially the annual “Adyapana Charikawa” 🙂 organized by Charitha, has added loads of fun memories. In addition to that I always enjoyed playing Carrom, Table Tennis and Basket Ball with our guys whenever we get a chance.

Having spent such a wonderful time, most probably I’ll be leaving the company for my studies in August. It’s little sad to think about leaving all my WSO2 friends. But still I don’t think about that too much as I’ve got 3 more months to enjoy with them :).