InfoCenter Home >
4: Developing applications >
4.8: Web services - an overview >
4.8.4: Securing SOAP services >
4.8.4.1: Running the security samples
4.8.4.1: Running the security samples
The process for running the SOAP signed samples is identical to the process for
running the non-signed samples. The soapsamples.ear must be installed, and
the server must be started before these samples are invoked.
See article SOAP samples for information
on installing the SOAP samples.
SOAP Signature
The client samples are included in the soapsamples.ear file.
Do the following to locate and execute the samples:
- Change your directory (cd) to
product_installation_root/installedApps/soapsamples.ear/ClientCode
A set of batch files or script files (on UNIX platforms) have been
included to facilitate running the client samples.
These batch or script files are located in
the nt_bat subdirectory on Windows NT, or in the unix_scripts
subdirectory on UNIX platforms. These scripts set
the classpath and supply
parameters.
- Invoke the samples using the following scripts:
DSigAddressSample localhost "c:\WebSphere\AppServer\installedApps\soapsamples.ear"
"John B. Good"
DSigMessageSample localhost "c:\WebSphere\AppServer\installedApps\soapsamples.ear"
..\data\msg1.xml
If you run the script with no arguments,
as for example DSigAddressSample, you will be provided with help on how to use the
sample, and you will receive a description of the command line arguments that the script requires.
- View the output.
For each sample, at the server, you should see that the signature of
the request is validated. At the client,
you should see that the signature of the response
is validated.
The validation results for both the
client and server are logged to the
following files that are created in the
product_installation_root/InstalledApps/soapsamples.ear/soapsec.war/logs directory
- SOAPVHH-all-cl.log
- SOAPVHH-fail-cl.log
- SOAPVHH-all-sv.log
- SOAPVHH-fail-sv.log
Soap signature with SSL connection
Ensuring that a connection is over SSL is
not specific to Web services. You must configure
the Web server to ensure that the client
to Web server connection is over SSL. You must also
configure WebSphere Application Server to ensure that
the Web server to WebSphere Application Server connection is
over SSL.
Article Configuring SSL in WebSphere Application Server
discusses how to configure SSL in WebSphere.
See your Web server documentation for information on configuring the SSL server.
For testing purposes, sample client and server keystore
databases are shipped with the SOAP samples.
You must use the IBM Key Management
Tool to extract the certificates located in files:
Import the certificates
into your key databases.
See article, Tools for managing certificates and keys
for more information on the IBM Key Management tool.
The test keystores are described in article
Keystore files.
Export the client certificates from the test
keystore file
Perform the following steps to export the client cerificates:
- Invoke the Key Management Tool (IKeyman)
- From the file menu, select open
- Change directory (CD) to
product_installation_root/InstalledApps/soapsamples.ear/soapsec.war/key/
- Select the SOAPClient keystore file.
(The keystore password is "client".)
- Change the key database content type to "Signer
Certificates".
- Highlight the soapca
certificate.
- Click the Export button.
- Change the exported file name to "soapca.arm".
- Highlight the "intca1" certificate
- Click the Export button.
- Change the exported
file name to "intca1.arm".
Import the certificates into the web server
key database
- Invoke the Key Management Tool (IKeyman)
- From the file menu, select open (or new if
you are creating a new keystore)
- Change directory (CD) to
the directory where the keystore
file is located.
- Select the file.
- For Signer Certificates, add the "intca1.arm"
and the "soapca.arm" you exported in the
previous section.
- For Personal Certificates, click Import.
- Specify a key type of PKCS12
- Browse the sslserver.p12 file located in:
product_installation_root/InstalledApps/soapsamples.ear/soapsec.war/key/
- Click OK
.
- Enter "server" when prompted for a password.
- Select "sslserver" from the
key list and press OK.
- Save the updated keystore file
|
Related topics |
|
| Home (Getting started page) |
|
|
| Simple Object Access Protocol (SOAP) 1.1 - W3C NOTE. |
|
| XML-Signature Syntax and Processing - W3C CR. |
|
| XML Security Suite - XML digital signature, encryption, access control. |
Peer topics |
|
| 4.8.4.2: SOAP signature components |
|
InfoCenter |
|
To launch the full documentation set in a separate browser window, click: |
| Display InfoCenter |
| |
PDF library |
|
To browse the PDF library for this product, containing this article and others, click: |
| PDF versions |
| |
Using this documentation |
|
Become an InfoCenter super user! To find out more about navigation, numbering, search, downloads, and more, click: |
| Using this documentation |
| |
|