Server side
We provide 3 handlers to handle WS Security:
- Method com.WebService.registerWSDLHandler() to modify the wsdl to add WS policy.
- Method com.WebService.registerInputRequestHandler() to handle WS Security in an incoming request
- Method com.WebService.registerOutputRequestHandler() to handle WS Security in an outgoing request
In this demo, a received message is processed:
- Identify the sender and validate the sender (search in keystore)
- Decrypt the symmetric key with the server private key
- Decrypt the body
- Check the signature with the sender public key
- Store the message in the box (thanks to the "To" field, "subject" and "message")
- Create the outgoing message
- Sign the outgoing message
- Encrypt the outgoing message with a generated symmetric key. This symmetric key is then encrypted with the client public key.