Secure Services: Using Message-Level and Transport-Level Security (WSRF only)

In this section you will learn how to switch on message-level or transport-level security in order to communicate with a secure service. Please note that these features are only supported on the OGSA-DAI WSRF platform.

Prerequisites

In order to run the examples below, you must have:

Transport-Level Security

The following steps show you how to write a Java client that contacts a secure data service. For this example, we assume a secure data service is available at https://myComputer.myCompany.com:8443/wsrf/services/ogsadai/SecureDataService with data resource MySQLResource.

  1. First of all, register the secure transport using a static method of the uk.org.ogsadai.client.CogUtil class. This should be called from within a static initialiser block, for example: 
    static
{
    CogUtil.registerTransport();
}
  2. Now you can interact with the service as usual. By connecting to the secure service via the https protocol, data integrity is guaranteed (i.e. it cannot be altered by third parties) but it is not encrypted. For example, get a new service object from the ServiceFetcher: 
    String handle = "https://myComputer.myCompany.com:8443/wsrf/services/ogsadai/SecureDataService";
String id = "MySQLResource";
DataService secureService = GenericServiceFetcher.getInstance().getWSRFDataService(handle, id);
  3. To use encryption configure your data service with a new uk.org.ogsadai.client.toolkit.security.wsrf.GSITransportEncryptionProperty object. All subsequent messages to this service will now be encrypted. 
    GSITransportEncryptionProperty securityProperty = new
GSITransportEncryptionProperty();
service.setConnectionProperty(securityProperty);
  4. For example, query a database. 
    String sql = "select * from littleblackbook where id = 10";
SQLQuery query = new SQLQuery(sql);
WebRowSet rowset = new WebRowSet(query.getOutput());

ActivityRequest request = new ActivityRequest();
request.add(query);
request.add(rowset);

service.perform(request);

See OGSA-DAI/examples/src/uk/org/ogsadai/examples/clienttoolkit/WSRFTransportLevelSecurityExample.java for an example solution.

Message-Level Security

The following steps show you how to write a Java client that contacts a secure data service using message-level security. For this example, we assume a secure data service is available at http://myComputer.myCompany.com:8999/wsrf/services/ogsadai/SecureDataService with data resource MySQLResource. Note that the http protocol and not the https protocol is used for message-level security.

  1. Fetch a data service: 
    String handle = "http://myComputer.myCompany.com:8999/wsrf/services/ogsadai/SecureDataService";
String id = "MySQLResource";
DataService secureService = GenericServiceFetcher.getInstance().getWSRFDataService(handle, id);
    Make sure you specify the correct protocol and port number in the handle because they will be different from the previous example!
  2. Configure the calls to the service with message-level security: 
    SecurityConfigProperty securityProperty = new SecurityConfigProperty(
    new File("examples/src/uk/org/ogsadai/examples/clienttoolkit/MLSecurityDescriptor.xml"));
secureService.setConnectionProperty(securityProperty);
    The provided security descriptor specifies that GSI secure conversation is to be used with privacy (encryption) and full delegation. Host authorization ensures that the server's host credential matches the hostname of the URL used to access the server.
  3. Interact with the service as usual.

See OGSA-DAI/examples/src/uk/org/ogsadai/examples/clienttoolkit/WSRFMessageLevelSecurityExample.java for an example solution.

Up: Using the Client Toolkit
© International Business Machines Corporation, 2002-2006 © The University of Edinburgh, 2002-2006