How to handle WS security

The Genero Web Services engine does not entirely manage WS-Security; however, Genero BDL provides XML APIs to help the development of Web Services with security. Exploring the demo Web Service included with the FGLGWS installation will help you handle security in your own SOAP Web service.

These topics describe how to handle Web Services security using the wssecuritymessage demo, located in $FGLDIR/demo/WebServices. See the readme.txt file provided with the demo for information and instructions on how to run the service.

You are encouraged to treat the demo as an example that you can adapt to your needs. It is based on the WS-Security (WSS) standard. For more information, refer to the WS-Security Policy documentation.

The demo demonstrates a secure messaging service using a WS-Security policy to exchange messages. It involves three clients exchanging secured messages. Those clients post and retrieve messages on a secured server. Each client is identified by a certificate that signs its messages.

The demo assumes that all the clients have sent their public keys to the other clients and to the server. Those keys are kept in each host's (server or clients) keystore.

As a prerequisite, we recommend that you become familiar with security concepts described in the Encryption and Authentication Concepts page.

Important:

The certificates included in this package are provided for demonstration purposes only. As they are distributed with this package, anybody using this product can decrypt the messages exchanged. Do NOT use them in production.