336


Message Level Web Service Security


response messages. You can use the JAX RPC handler to interpose on the


message exchange at the points in the interaction where handlers are invoked.


These points are:


  On the client side:


I


after parameters are marshalled into the request


I


before unmarshalling values returned in the response


  On the server side:


I


before unmarshalling parameters for dispatch


I


after marshalling return values into the response


Handlers intercept all requests and responses that pass through a Web service


endpoint, providing access to the actual SOAP message exchanged as part of the


Web service request and response. Handlers let you apply different logic for


service requests, responses, and faults. To do so, you add the appropriate code to


the handler methods 


handleRequest


, 


handleResponse


, and 


handleFault


. You can


use handlers to apply message level security to messages exchanged as part of


your service. Since they are configurable on both the client and the endpoint, you


can customize handlers to apply security services at both the client and service


sides. 


You use the SAAJ API to inspect and manipulate raw SOAP messages. SAAJ


also gives you a compound message view capability that lets you examine MIME 


based attachments. With SAAJ, you can also embed the digital signature informa 


tion into the XML document and add the necessary security information to the


header and message. Also consider using existing implementations of message 


level security functionality, such as the digital signature capability. 


For portability, you must include the message level security implementations


in the application's 


.ear


 file. At this early stage, it is also recommended that you


create a library of actions that wrap security tasks and the functionality of existing


implementations of message level security. This library of actions should provide


a higher level interface to these security functions. When providing a security


library around existing message level security implementations, it is also a good


idea to provide multiple defaults for common use cases, such as for obtaining


X.509 certificates, handling verification faults, and so forth. Once the library is in


place, you can use the SAAJ API from within the handler logic to access the


SOAP message. Then, apply the message level security with your security library.


Figure 7.7 shows the main participants in this process.








footer






  


 


 


        

 


 

  

    

      
      
 Home 
      | About Us | Network 
      | Services | Support 
      | FAQ | Control Panel 
      | Order Online |
      Sitemap | Contact

      
 

    

  

  




Our web partners:
Inexpensive 
Web Hosting 



Java Web Hosting


personal webspace


webspace php 


linux webhost
 




 html web templates




DreamweaverQuality Web Templates


PSD Web Templates
 





cheap webhost


j2ee web Hosting


buy webspace


ftp webspace


adult webspace
 





frontpage WebHosting


webspace hosting


cheap webhost


Visionwebhosting.net Business web hosting division of Vision Web Hosting Inc.. All rights reserved



aol web hosting