Server side

We provide 3 handlers to handle WS Security:

• Method com.WebService.registerWSDLHandler() to modify the wsdl to add WS policy.

• Method com.WebService.registerInputRequestHandler() to handle WS Security in an incoming request

• Method com.WebService.registerOutputRequestHandler() to handle WS Security in an outgoing request

In this demo, a received message is processed:

1. Identify the sender and validate the sender (search in keystore)

2. Decrypt the symmetric key with the server private key

3. Decrypt the body

4. Check the signature with the sender public key

5. Store the message in the box (thanks to the "To" field, "subject" and "message")

6. Create the outgoing message

7. Sign the outgoing message

8. Encrypt the outgoing message with a generated symmetric key. This symmetric key is then encrypted with the client public key.