Advanced Customization > Info*Engine User’s Guide > Web Services Framework > Writing a Java-based Web Service Client > Portable Web Service Clients > Using Security Policies
  
Using Security Policies
When securing a web service with one of the supported security policies (other than web server authentication), a Java client needs access to its own keystore and truststore. Paths to these files (keystore and truststore) are configured for use by the build framework in the following:
<Windchill>/bin/adminTools/WebServices/client/security.properties
The paths to the keystore and truststore are absolute, and must be compiled into deployment descriptors packaged with your client JAR file in its META-INF directory.
If you compile a web service client from the same host where Windchill is running with the standard configuration, then these files are available to your client, but only on that host. Before redistributing your web service client to another host, you must do one of the following:
Update the client/security.properties file (or make a copy of it in your src_client directory and then update it) to contain paths to the location where these files exist on the new client host, and then rebuild your client.
Reconfigure the client JAR file for every host from which it is run. For more information, see Reconfiguring the Client JAR File.
Compile a copy of the client for every host on which it is intended to run, with each containing the appropriate paths for the specific host. For more information, see Compiling a Copy of Your Client for Every Host.
Reconfiguring the Client JAR File
After compiling and packaging your client, the dist_client directory of your project includes two JAR files: one containing your compiled client, and the webservices-support.jar file. This JAR file is executable and can be used to reconfigure your client as follows:
% java -jar webservices-support.jar
-clientJar <jar file> [-targetJar <jar file>] [-securityProperties
<properties file>] [-wsdl <service wsdl>]
If -targetJar is not specified, then -clientJar is overwritten. You must also specify -wsdl or -securityProperties, or both.
To reconfigure the paths to the truststore and keystore locations on your client, copy the security.properties file to the client host and run the utility with the -securityProperties argument. This can also be used to reconfigure the default URL to your web service. Alternatively, you can supply the URL to your web service using a system property, or write your own JAX-WS handler to provide the URL.
* 
The file paths to the truststore and keystore locations within the property file must be absolute and cannot contain other property references.
When reconfiguring a client JAR in this way, you also need to supply additional information about what callback handlers your client should to use. If you do not supply this information, then your reconfigured client cannot function unless it is programmatically supplying the information normally supplied by callback handlers. Specifically, this includes the classes required to gather user credentials or perform other general processing through the JAX-WS handler chain.
Additional properties you might want to set are:
handler.config
handler.chain.authentication
handler.chain.extras
handler.chain.url
handler.chain.authentication
* 
For descriptions of these properties, run the ant usage command from within your src_client project directory.
For an existing client JAR, the configuration is supplied in the security.properties file. At build time this configuration is typically found within your src_client/build.xml Ant script.
If you are reconfiguring only the paths to truststores and keystores, then you should check the value of the handler.config property in your src_client/build.xml script. Supply this property in the security.properties file when reconfiguring your client JAR.
If you are reconfiguring your client JAR because your web service security policy has changed, then you might need to change the handler configuration of your client. For example:
#web service security.policy=userNameAuthSymmetricKeys
handler.config=usernameHandler:com.ptc.jws.client.handler.
UsernamePasswordCallbackHandler,passwordHandler:com.ptc.jws.client.handler.
UsernamePasswordCallbackHandler
#web service security.policy=samlsv
handler.config=samlHandler:com.ptc.jws.client.handler.SamlCallbackHandler
* 
These properties would be in addition to the com.ptc.jws.client. handler package.
If you are reconfiguring a client to a web service that is secured by web server authentication (security.policy=webServerAuthenticated) then you must supply the system property requires.authentication=true when running the command. A security.properties file is only necessary if you want to specify your own JAX-WS handler chain configuration. For example:
% java -D requires.authentication=true -clientJar <client jar> -wsdl <service wsdl>
In this case the default value for handler.chain.authentication is automatically used.
Compiling a Copy of Your Client for Every Host
Another option is to compile a copy of your client for every host it is intended to run on, with each containing the appropriate paths for the specific host.
For example:
% cd <Windchill>/prog_examples/jws/MathService/src_client
% cp <Windchill>/bin/adminTools/WebServices/client/security.properties .
Update the local copy of security.properties as necessary for the individual client. This ensures that these security properties take precedence over the common properties found in <Windchill>/bin/adminTools/WebServices/ client/security.properties.