336
Message Level Web Service Security
response messages. You can use the JAX RPC handler to interpose on the
message exchange at the points in the interaction where handlers are invoked.
These points are:
  On the client side:
I
after parameters are marshalled into the request
I
before unmarshalling values returned in the response
  On the server side:
I
before unmarshalling parameters for dispatch
I
after marshalling return values into the response
Handlers intercept all requests and responses that pass through a Web service
endpoint, providing access to the actual SOAP message exchanged as part of the
Web service request and response. Handlers let you apply different logic for
service requests, responses, and faults. To do so, you add the appropriate code to
the handler methods 
handleRequest
, 
handleResponse
, and 
handleFault
. You can
use handlers to apply message level security to messages exchanged as part of
your service. Since they are configurable on both the client and the endpoint, you
can customize handlers to apply security services at both the client and service
sides. 
You use the SAAJ API to inspect and manipulate raw SOAP messages. SAAJ
also gives you a compound message view capability that lets you examine MIME 
based attachments. With SAAJ, you can also embed the digital signature informa 
tion into the XML document and add the necessary security information to the
header and message. Also consider using existing implementations of message 
level security functionality, such as the digital signature capability. 
For portability, you must include the message level security implementations
in the application's 
.ear
 file. At this early stage, it is also recommended that you
create a library of actions that wrap security tasks and the functionality of existing
implementations of message level security. This library of actions should provide
a higher level interface to these security functions. When providing a security
library around existing message level security implementations, it is also a good
idea to provide multiple defaults for common use cases, such as for obtaining
X.509 certificates, handling verification faults, and so forth. Once the library is in
place, you can use the SAAJ API from within the handler logic to access the
SOAP message. Then, apply the message level security with your security library.
Figure 7.7 shows the main participants in this process.






footer




 

 

 

 

 Home | About Us | Network | Services | Support | FAQ | Control Panel | Order Online | Sitemap | Contact

 

Our web partners: Inexpensive Web Hosting Java Web Hosting personal webspace webspace php  linux webhost

 html web templates DreamweaverQuality Web Templates PSD Web Templates

cheap webhost j2ee web Hosting buy webspace ftp webspace adult webspace

frontpage WebHosting webspace hosting cheap webhost

Visionwebhosting.net Business web hosting division of Vision Web Hosting Inc.. All rights reserved

aol web hosting