Testing WS-Security UsernameToken, Timestamp, and TransportBinding
WS-Security is able to support equivalents of the security measures that we have seen so far via WS-SecurityPolicy. In this recipe, we will see how to test a web service that requires client certificate authenticated transport layer security (TransportBinding), a username and password (UsernameToken), and a valid timestamp (Timestamp element). More about these policies will be covered later.
Most of the apparent complexity is in the service implementation provided by an Apache CXF sample. You should not have to deal with this complexity directly, although it may help your overall understanding if you do take a look at the code. You will need to be happy with certificate handling and java keystores though, so please refer to the HTTPS and client certificate recipes again if you need any help with these topics.
Getting ready
The web service under test is the ut_policy Apache CXF (3.01) ws_security sample.
This sample is included...
