Child pages
  • JAX-WS - WS-Security Sample on UsernameToken and Timestamp

This documentation is for WSO2 Application Server version 5.0.0. View documentation for the latest release.

Skip to end of metadata
Go to start of metadata

Introducing the Sample

This sample demonstrates how WS-Security support in JAX-WS services is enabled.
WS-Security can be configured to the client and server endpoints by adding WSS4JInterceptors. Both server and client can be configured for outgoing and incoming interceptors. Various actions like, Timestamp, UsernameToken, Signature, Encryption, etc., can be applied to the interceptors by passing appropriate configuration properties.
The logging feature is used to log the inbound and outbound SOAP messages and display these to the console. In all other respects, this sample is based on the basic hello_world sample.
The samples in this directory use STRONG encryption. The default encryption algorithms included in a JRE are not adequate for these samples.


For the sample, the Java Cryptography Extension (JCE), Unlimited Strength Jurisdiction Policy Files available on Oracle's JDK download page must be installed from here: ( Else, there will be errors on invalid key lengths.

Building and Running the Sample 

Using Maven

1. Install and run the WSO2 Application Server. Refer to the  Installation Guide for instructions.

2. From the base directory of this sample (<CARBON_HOME>\samples\Jaxws-Jaxrs\ws_security\ut), the maven pom.xml file can be used to build and run the sample using either UNIX or Windows.

3. To build the sample and create a WAR file, run mvn clean install command.

4. Start the Application Server (run bin/

  • mvn -Pdeploy (deploys the generated WAR file on WSO2 AS with related logs on the console) 

Using Apache Ant 

1. Run "ant" on <CARBON_HOME>\samples\Jaxws-Jaxrs\ws_security\ut directory to deploy the relevant service on the server.

2. Start the application server and access its Management Console at https://localhost:9443/carbon.

3. Go to "Services -> List" menu to find the deployed service listed on the "Deployed Services" window.

4. Execute "sh" or "run-client.bat" to run the client.

5. Try the sample with different QoS options which appear on its dashboard. Run "sh -help" for different options.

  • No labels