Introduction

This topic describes how to handle Web Services security using the demo, "wssecuritymessage", located in $FGLDIR/demo/WebServices. It is a sample that you can adapt to your needs. The demo will be enhanced to illustrate new features that will be introduced to fully support WS Security.

The demo involves three clients exchanging secured messages. Those clients post and retrieve messages on a secured server. Each client is identified by a certificate that signs their messages.

We assume that you are familiar with security concepts described in topic Encryption and Authentication Concepts.

The demo assumes that all the clients have sent their public keys to the other clients and to the server. Those keys are kept in each host's (server or clients) keystore.
Important: The certificates included in this package are provided for demonstration purposes only. As they are distributed with this package, anybody using this product can decrypt the messages exchanged. Do NOT use them in production.