Server side
Learn the steps the server uses to process messages it sends and receives. Identify the Genero handlers that help implement the security policy on the server side.
We provide 3 handlers to handle WS Security:
- Method com.WebService.registerWSDLHandler() to modify the WSDL to add WS policy.
- Method com.WebService.registerInputRequestHandler() to handle WS Security in an incoming request
- Method com.WebService.registerOutputRequestHandler() to handle WS Security in an outgoing request
In this demo (located in $FGLDIR/demo/WebServices/wssecuritymessage), a received message is processed:
- Identify the sender and validate the sender (search in keystore)
- Decrypt the symmetric key with the server private key
- Decrypt the body
- Check the signature with the sender public key
- Store the message in the box (thanks to the "To" field, "subject" and "message")
- Create the outgoing message
- Sign the outgoing message
- Encrypt the outgoing message with a generated symmetric key. This symmetric key is then encrypted with the client public key.