Developing Secure JAX-WS Web Services with WSO2 AS

WSO2 AS supports Apache CXF as the JAX-WS framework from next release on-wards. Applying WS-Security on JAX-WS services is an important use case when developing web services. CXF supports two ways to configure WS-Security on JAX-WS services.

  1. By using custom configurations in the cxf-servlet.xml file. This is the old way and it’s documented here. When a service is secured using this method, there won’t be a Policy on the WSDL and the clients can’t get needed Policy information to invoke the service just by looking at the contract. Therefore this is not a standard way of securing a service. A useful post on using this method can be found here. On WSO2 AS trunk, you can find a this type of sample here.
  2. By using WS-SecurityPolicy language. It’s documented here. This is the standard way of securing a service. Here, the service author has to include the Policy in the WSDL and engage it with needed bindings. Only the configurations like key store locations, callback handlers etc. should be done through the cxf-servlet.xml. A nice article which this kind of samples can be found here. And on WSO2 AS trunk, there’s a UT sample of this type here.

Both these methods are still supported. But the second one is the recommended way of doing it.


About isurues
Age : 24 Date of Birth : 05.11.1984 Country : Sri Lanka

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: