Enabling Web Service Security With OpenSSO WSS Agent: Part 1, Introduction

By Mrudul Uchil, Kamna Jain, and Rick Palkovic, September 2009    


Part 1 – Introduction
Part 2 – Writing a Web Service With JAX-WS
Part 3 – Deploying a Web Service on Tomcat, JBoss, WebLogic, GlassFish, and WebSphere
Part 4 – Securing a Web Service With OpenSSO WSS Agents
Part 5 – Conclusion and Resources

Service-oriented architecture (SOA) is one of the more promising concepts to emerge in enterprise architecture recently. SOA involves the use of loosely coupled, independent application services made available across a network. These services communicate through a standardized, platform-independent protocol that hides the underlying implementation details of each service. For example, a .NET client can access a service that is implemented in Java. By using a standardized interface language, the application that publishes a service need not know anything about the calling application. This modularization makes SOA particularly useful for enterprise and inter-enterprise architectures.

SOA can be implemented using several technologies; however, the most common choice today is Web Services. Web Services are published in a standard XML format called WSDL (Web Services Description Language), which describes the services available on a given server. A client invokes a web service by sending a request to the server using the XML-based SOAP or REST protocols. Messages are typically sent over an HTTP or HTTPS connection, so services can easily be published over the internet (hence the name web services).

Part 2 of this article explains how to write a web service with JAX-WS and view the requests and responses of the unsecured web service. Part 3 explains how to deploy it in several popular Java EE server containers. Part 4 explains how to secure the web service with OpenSSO Web Service Security (WSS) Agent.

About JAX-WS

JAX-WS (Java API for XML Web Services) is a technology designed to simplify the construction of web services and web service clients in Java. The latest version, JAX-WS 2.1, is part of the Java EE 5 platform. The platform provides powerful tools and techniques to facilitate web service development.

JAX-WS 2.1 provides a library of annotations and a toolkit of Ant tasks and command-line utilities that hide the complexity of the underlying XML message protocol. This release supports various protocols, including SOAP 1.1, SOAP 1.2, and REST. It uses JAXB 2.0 for XML data binding. When writing a JAX-WS 2.0/2.1 web service, you use annotations to define methods either in an interface or directly in an implementation class. The interface can be automatically generated. On the client side, the web service client creates a proxy object, then invokes methods on the proxy. Neither the server nor the client needs to generate or parse SOAP or REST messages; the JAX-WS 2.0/2.1 API takes care of these tedious low-level tasks.

[ Next] [Part 1] [ Part 2] [ Part 3] [ Part 4] [ Part 5]

Rate This Article
Left Curve
Java SDKs and Tools
Right Curve
Left Curve
Java Resources
Right Curve
Java 8 banner (182)