How To's / How to handle WS security |
This topic describes how to handle WS Security using the demo wssecuritymessage. It is a sample that you can adapt to your needs. The demo will be enhanced to illustrate new features that will be introduced to fully support WS-Security.
The demo involves three clients exchanging secured messages. Those clients post and retrieve messages on a secured server. Each client is identified by a certificate and sign their messages.
We assume that you are familiar with security concepts described in topic " Encryption and Authentication Concepts".
The demo assumes that all the clients have sent their public keys to the other clients and to the server. Those keys are kept in each host's (server or clients) keystore. The certificates included in this package are provided for demonstration purposes only. As they are distributed with this package, anybody using this product can decrypt the messages exchanged. Do NOT use them in production.