Listing 1: ClientRequestSigningHandler

public class ClientRequestSigningHandler extends BasicHandler {
static {
// Initialize the xml-security library
org.apache.xml.security.Init.init(); 
} 

public void invoke(MessageContext msgContext) throws AxisFault { 
try {
msgContext.getService(); 
Message requestMessage = msgContext.getRequestMessage();
SOAPEnvelope unsignedEnvelope = requestMessage.getSOAPEnvelope();
SOAPEnvelope signedEnvelope = 
signTheEnvelope(msgContext,unsignedEnvelope); 
requestMessage = new Message(signedEnvelope); 
msgContext.setCurrentMessage(requestMessage); 
} catch (Exception e) { 
e.printStackTrace();
throw AxisFault.makeFault(e);
}
}
}

Listing 2: SupplierServiceClient

String endpointURL = "http://localhost:8080/axis/services/AcmeSupplier"; 
// Set up the call to the service
Service service = new Service();
Call call = (Call) service.createCall();
call.setTargetEndpointAddress(new URL(endpointURL));
SOAPBodyElement[] reqSOAPBodyElements = new SOAPBodyElement[1];
// Fill out the SOAP body here

// Create and set the client request handler
ClientRequestSigningHandler clientReqHandler =
new ClientRequestSigningHandler();
clientReqHandler.setOption("keystore","acmekeystore.jks");
call.setClientHandlers(clientReqHandler,null);
// Invoke the service
Vector resSOAPBodyElements =
(Vector) call.invoke(reqSOAPBodyElements);

Listing 3:ServerRequestSigningHandler 

public class ServerRequestSigningHandler extends BasicHandler {
static {
org.apache.xml.security.Init.init();
}

public void invoke(MessageContext msgContext) throws AxisFault {
try {
Message inMsg = msgContext.getRequestMessage();
Message outMsg = msgContext.getResponseMessage();

// verify signed message
Document doc = inMsg.getSOAPEnvelope().getAsDocument();
CachedXPathAPI xpathAPI = new CachedXPathAPI();
Element nsctx = doc.createElement("nsctx");
nsctx.setAttribute("xmlns:ds", Constants.SignatureSpecNS);

Element signatureElem = 
(Element) xpathAPI.selectSingleNode(doc,"//ds:Signature", nsctx);

XMLSignature sig = 
new XMLSignature(signatureElem,"http://acmesupplier.com");

boolean valid =
sig.checkSignatureValue(sig.getKeyInfo().getPublicKey());

if (! valid) {
System.out.println("The signature is invalid");
throw AxisFault.makeFault(new Exception("Validation Failed"));
}
System.out.println("Signature validation succeeded");
} catch (Exception e) {
System.out.println("Exception caught: " + e);
throw AxisFault.makeFault(e);
}
}
}

Listing 4: Axis server deployment file

<deployment
xmlns="http://xml.apache.org/axis/wsdd/"
xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">

<!-- Define the Signature Handler for the request -->
<handler name="requestHandler" type="ServerRequestSigningHandler">
<parameter name="filename" value="MyService.log"/>
</handler>

<!-- Services from SupplierService WSDL service -->
<service name="AcmeSupplier" provider="java:RPC" style="document">
<operation name="getQuote" qname="operNS:QuoteRequest" />
<parameter name="allowedMethods" value="getQuote"/>

<requestFlow>
<handler type="requestHandler"/>
</requestFlow>
</service>
</deployment>