Search This Blog

Lets go..


Securing soap web service with Spring-WS using Wss4jSecurityInterceptor (Part-1)

Author: Md Mahfuj Jia

Create Client/Server Keystores using Java Keytool

Run the following commands::

keytool -genkey -alias server -keyalg RSA -keystore server.jks
keytool -genkey -alias client -keyalg RSA -keystore client.jks
keytool -list -v -keystore server.jks -storepass server_public_keypass
keytool -export -file server.cert -keystore server.jks -storepass server_public_keypass -alias server
keytool -export -file client.cert -keystore client.jks -storepass client_public_keypass -alias client
keytool -import -file client.cert -keystore server.jks -storepass server_public_keypass -alias client
keytool -import -file server.cert -keystore client.jks -storepass client_public_keypass -alias server

Java keytool stores the keys and certificates in a keystore, protected by a keystore password. Further, it protects private key again with another password. A Java keystore contains private-public key pair and multiple trusted certificate entries. All entries in a keystore are referred by aliases. Both private key and self signed public key is referred by one alias while any other trusted certificates are referred by different individual aliases.

This is the first part of this tutorial. In second part we discuss about Spring web service server side security configuration and in 3rd part we make a secure client using spring web service client to consume this secure service.

These are some screen shots::


Difference Between Web Service and API

By: Mohammad  Tuaha

A Web service is merely (নিছক) an API wrapped in HTTP. An API doesn’t always need to be web based.
 An API consists of a complete set of rules and specifications for a software program to follow in order to facilitate interaction. A Web service might not contain a complete set of specifications and sometimes might not be able to perform all the tasks that may be possible from a complete API.

API and Web service serve as a means of communication. The only difference is that a Web service facilitates interaction between two machines over a network.
An API acts as an interface between two different applications so that they can communicate with each other.
All Web services are APIs but all APIs are not Web services.

Web service
A Web service always needs a network for its operation.

An API doesn't need a network for its operation.

Web services might not perform all the operations.

API would perform all the operations.

A Web service uses only three styles of use: SOAP, REST and XML-RPC for communication.
API may use any style for communication.
A Web service is designed to have an interface that is depicted (ফোটানো) in a machine- process able format usually specified in Web Service Description Language (WSDL). Typically, “HTTP” is the most commonly used protocol for communication.
An API is a method by which the third-party vendors can write programs that interface easily with other programs.
In case of Web applications, the API used is web based. Desktop applications such as spreadsheets and word documents use VBA and COM-based APIs which don’t involve Web service. A server application such as Joomla may use a PHP-based API present within the server which doesn’t require Web service.
A web service typically offers a WSDL from which you can create client stubs automatically.
Web API can also be used to create OData services.
·         Web Services are based on the SOAP Protocol.

      Web services are based on standard defined by W3C.
·         Web API can be used to create any type of web service, most commonly RESTful services.
·         Web API can present the data in nearly any format not just JSON, or XML. (Csv, protobuf, streams etc.)
·         Web API is hosted in an OWIN framework.
·         Web API is easy to extend.