Chapter 2. Getting started with web services
Listing 2.1. A sample XML document
Listing 2.3. Locating a named child element under a given DOM element
Listing 2.4. A SOAP RPC request sent over HTTP
Listing 2.5. Example illustrating the use of multiRef in SOAP encoding
Listing 2.6. Example of a SOAP 1.1 Fault
Listing 2.7. Example of a SOAP 1.2 Fault
Listing 2.8. WSDL binding in action
Listing 2.9. Declaring a port type
Listing 2.10. Sample brokerage service
Listing 2.11. Service invocation using pregenerated stubs
Listing 2.12. Service invocation using dynamic proxy
Listing 2.13. Service invocation using DII
Chapter 3. Extending SOAP for security
Listing 3.1. Simple SOAP header entry example to add sender information
Listing 3.2. SOAP Header element attributes
Listing 3.7. Configuring handlers on the client-side for clients using DLL
Listing 3.8. Configuring handlers on the client-side for clients using Axis-generated stubs
Chapter 4. Claiming and verifying identity with passwords
Listing 4.1. Example of a security header with username and password
Listing 4.2. Client code adding username/password to context before invoking the service
Listing 4.4. Logging in using JAAS API
Listing 4.5. JAAS CallbackHandler implementation to read username and password from MessageContext
Listing 4.6. Extract from a JAAS configuration file
Listing 4.7. Code extract from a JAAS login module
Listing 4.9. Example of a security header with a username and password digest
Listing 4.10. Initialization code in ClientSideWSSecurityHandler
Listing 4.11. Generating nonce
Listing 4.12. Generating the timestamp
Listing 4.13. Generating the transformed password
Listing 4.14. Generating the digest
Listing 4.15. Reading the nonce from the security header
Listing 4.16. Handling the callbacks for digest authentication
Listing 4.17. JAAS configuration for digest mechanism
Listing 4.18. NonceCheckJAASModule initialization
Chapter 5. Secure authentication with Kerberos
Listing 5.1. Identifying the target service
Listing 5.2. Creating client credentials
Listing 5.4. ServiceTicketGrabber implementation
Listing 5.5. Validation of a service ticket received from a client
Listing 5.6. Use of BinarySecurityToken to carry a Kerberos service ticket.
Listing 5.7. Extract from init method of ClientSideWSSecurityHandler
Listing 5.8. Adding a Kerberos service ticket as a BinarySecurityToken in the Security header
Listing 5.9. Code to copy a Kerberos service ticket in Security header to message context
Listing 5.10. Code to populate subject information post-login in GSSContextAcceptanceJAASModule
Chapter 6. Protecting confidentiality of messages using encryption
Listing 6.1. Creating a key pair and storing it in a key store using Java keytool
Listing 6.2. Inspecting the contents of a key store using Java keytool
Listing 6.3. Generating a CSR with Java keytool
Listing 6.4. SSL/TLS connector configuration in Tomcat
Listing 6.7. Header of a sample SOAP message using username/password–based authentication
Listing 6.9. A sample EncryptedData element
Listing 6.10. A sample EncryptedKey element
Listing 6.11. Replacing nodes to encrypt with EncryptedData elements
Listing 6.12. (Step 4a) Looking up the decrypting side’s certificate in the key store
Listing 6.13. (Step 4b) Encrypting the symmetric key used for encryption in step 3
Listing 6.14. (Step 4c) Instantiating the EncryptedKey class using the result of step 4b
Listing 6.15. (Step 4d) Adding ReferenceList to EncryptedKey
Listing 6.16. (Step 4e) Adding a reference to the recipient’s certificate to EncryptedKey
Listing 6.18. (Step 1) Locating the relevant Security header entry
Listing 6.19. (Steps 3-7) Code for processing an EncryptedKey element
Chapter 7. Using digital signatures
Listing 7.1. Example of a signed SOAP message
Listing 7.2. Outline of a Signature entry in the WS-Security header
Listing 7.3. Example of SignedInfo element in a signature
Listing 7.4. Example of KeyInfo element in a signature
Listing 7.5. Encoding a certification path for use in a signature element
Listing 7.8. Populating KeyInfo in the Signature element
Listing 7.9. Adding a reference to each of the elements that need to be protected using signatures
Listing 7.13. Code to validate a certificate or a certificate chain
Chapter 8. Implementing security as a service
Listing 8.1. A sample SAML assertion
Listing 8.2. A sample SAML assertion making an authentication statement
Listing 8.3. A sample SAML assertion making an attribute statement
Listing 8.4. A sample SAML assertion making an authorization decision statement
Listing 8.5. Code snippet from SAMLCreationHandler
Listing 8.6. Deployment descriptor for the ProxyService
Listing 8.7. Four possible signatures for methods that implement a message-style service in Axis
Listing 8.8. Code snippet from the ProxyService implementation
Listing 8.10. Structure of a request to an STS
Listing 8.11. Example of an RST element
Listing 8.12. Example of an RSTR element
Listing 8.13. Example of a request using SAML protocol over SOAP
Listing 8.14. Example of a response from a security service supporting the SAML protocol
Chapter 9. Codifying security policies
Listing 9.1. Makeup of a WS-Policy
Listing 9.2. Sample GetMetaData request
Listing 9.3. Sample response to a GetMetadata requests
Listing 9.4. Attaching a policy to WSDL
Listing 9.5. Example of TransportBinding in WS-SecurityPolicy describing endpoint-level requirements
Listing 9.6. Example of SymmetricBinding in WS-SecurityPolicy describing endpoint-level requirements
Listing 9.8. Example of WS-SecurityPolicy assertions that describe message-level requirements
Appendix B. WS-SecureConversation
Appendix C. Attaching and securing binary data in SOAP
Listing C.1. Example of an SwA message
Listing C.2. An example SOAP message serialized as a MIME message, in accordance with MTOM
Appendix D. Securing SAML assertions
Listing D.1. Example of a signature over a SAML assertion
Listing D.2. Example of AudienceRestrictionCondition
Listing D.3. Example of a subject with sender-vouches subject confirmation method
Listing D.4. Example of a subject with holder-of-key subject confirmation method
Listing D.5. Example of a signature whose KeyInfo points to a SAML assertion
13.58.51.36