This chapter rounded out the coverage of SOAP-based services by focusing on the JAX-WS handler APIs, which provide fine-grained control, on either the client side or the service side, over incoming and outgoing SOAP messages. Such control is required in the SOAP message architecture, with its distinctions among sender, receiver, and intermediary nodes; this control allows any SOAP message to be inspected and manipulated as needed along the route from the message sender to the ultimate receiver. The chapter also examined SOAP faults at the handler and the application level. SOAP attachments are yet another relatively low-level part of JAX-WS. Although SOAP is not ideally suited for dealing with binary payloads, SOAP can do so efficiently with MTOM. The chapter also covered the JAX-WS transport-level API, which provides access to the (usually) HTTP messages that carry SOAP messages. Finally, this chapter introduced Axis2, a JAX-WS implementation that is an alternative to Metro.

Web services, whether REST-style or SOAP-based, typically require security. The term security is vague. In general, however, there are two broad security challenges. One challenge involves wire-level security; technologies such as HTTPS address this multi-faceted challenge. A second challenge involves users/roles security—user authentication and authorization. Java has various ways to address this challenge. The next chapter clarifies various security challenges through a series of examples, thereby ...