Refresh Your Java - Before Java Interview
We are Agile, believe in less Documentation - Only Quick notes (Java Interview Questions) of Java/J2ee Read more....
WS-Security :
WS-Security is a standard for adding security to SOAP Web
service
message exchanges (see Resources). It uses a
SOAP message-header
element to attach the security
information to messages, in the
form of tokens conveying
different types of claims (which can
include names,
identities, keys, groups, privileges,
capabilities, and
so on) along with encryption
and digital-signature
information.
Security Header Block :
<S:Envelope
xmlns:S="http://www.w3.org/2001/12/soap-envelope"
xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/xx/secext">
<S:Header>
<wsse:Security>
<wsse:UsernameToken
xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/xx/secext"
xmlns:wsu="http://schemas.xmlsoap.org/ws/2002/xx/utility">
<wsse:Username>
NNK </wsse:Username>
<wsse:Password
Type="wsse:PasswordDigest">
D2A12DFE8D9F0C6BB82C89B091DF5C8A872F94DC
</wsse:Password>
<wsse:Nonce>
EFD89F06CCB28C89 </wsse:Nonce>
<wsu:Created>
2001-10-13T09:00:00Z </wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
...
</S:Header>
...
</S:Envelope>
Server Side Changes :
<deployment
xmlns="http://xml.apache.org/axis/wsdd/"
xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
<service name="stock-wss-01"
provider="java:RPC"
style="document"
use="literal">
<requestFlow>
<handler
type="java:org.apache.ws.axis.security.WSDoAllReceiver">
<parameter
name="passwordCallbackClass"
value="PWCallback"/>
<parameter name="action"
value="UsernameToken"/>
</handler>
</requestFlow>
<parameter name="className"
value="samples.stock.StockQuoteService"/>
<parameter
name="allowedMethods"
value="getQuote"/>
<parameter name="scope"
value="application"/
</service>
</deployment>
Create a Callback :
import
java.io.IOException;
import
javax.security.auth.callback.Callback;
import
javax.security.auth.callback.CallbackHandler;
import
javax.security.auth.callback.UnsupportedCallbackException;
import org.apache.ws.security.WSPasswordCallback
public class PWCallback implements CallbackHandler {
public void handle(Callback[] callbacks) throws
IOException,
UnsupportedCallbackException {
for (int i =
0; i < callbacks.length; i++) {
if
(callbacks[i] instanceof WSPasswordCallback) {
WSPasswordCallback pc =
(WSPasswordCallback)callbacks[i];
// set the
password given a username
if
("wss4j".equals(pc.getIdentifier())) {
pc.setPassword("security");
}
}
}
}
}
Client Side Changes :
Remote remote =
locator.getPort(StockQuoteService.class);
Stub axisPort
= (Stub)remote;
axisPort._setProperty(UsernaeToken.PASSWORD_TYPE,
WSConstants.PASSWORD_DIGEST);
axisPort._setProperty(WSHandlerConstants.USER,
"wss4j");
axisPort._setProperty(WSHandlerConstants.PW_CALLBACK_REF,
pwCallback);
This Portal is intended to put all Java/J2ee related topics at one single place for quick referance, not only Technical , but also the Project Management Related thing such as Development Process methodoogies build process, unit testing etc.,
This Portal has More than 500 Java Interview Questions (also could be Considered as Quick Notes) very neatly separated topic by topic with simple diagrams which makes you easily understandable. Importantly these are from our Realtime expericance.