-
1. Re: using jbossws for ws security
hbraun Mar 28, 2006 3:12 PM (in response to brianshields)There is a 'standard-jbossws-endpoint-config.xml' within jbossws.sar/META-INF. The security handler is configured there.
What jbossws version are you using? -
2. Re: using jbossws for ws security
brianshields Mar 29, 2006 5:28 AM (in response to brianshields)I am using the version of jbossws that is packaged in the docs/examples/jbossws folder of jboss-4.0.4RC1.
What do I have to alter (or add) to the standard-jbossws-endpoint-config.xml file? I presume I have to add the endpoint I want secured and somehow point to the security configuration file for that service (or is that done automatically?) -
3. Re: using jbossws for ws security
brianshields Mar 30, 2006 4:40 AM (in response to brianshields)The standard-jbossws-endpoint-config.xml file defines two types of endpoints, a standard endpoint and a standard secure endpoint. Is there anything that needs to appear in the config.xml or the webservice.xml files of the service to define the service as a secure service and therefore use the org.jboss.ws.wsse.WSSecurityHandlerInbound handler to process the jboss-wsse-server.xml file?
This doesnt seem to be that clear in the wiki, it suggests that by the bjoss-wsse-server.xml file simply being present the relevant security mechanisms within it will be applied! -
4. Re: using jbossws for ws security
brianshields Mar 31, 2006 3:23 AM (in response to brianshields)Still no response to this....
Is there no documentation which shows all the steps involved in using WS-Security with JBossWS??? -
6. Re: using jbossws for ws security
brianshields Mar 31, 2006 3:56 AM (in response to brianshields)I have followed the instructions on that page and the service is still operating without security, although the appropriate files are present in the appropriate directories. Its as if the appropriate handler for security is not being envoked!
-
7. Re: using jbossws for ws security
jason.greene Apr 2, 2006 7:02 PM (in response to brianshields)Your jboss*.xml needs to refer to the security handler config that is defined here:
standard-jbossws-endpoint-config.xm
Example jboss-client.xml config:<jboss-client> <jndi-name>jbossws-client</jndi-name> <service-ref> <service-ref-name>service/HelloService</service-ref-name> <config-name>Standard Secure Client</config-name> <wsdl-override>http://@jbosstest.host.name@:8080/jbossws-samples-wssecurity-encrypt?wsdl</wsdl-override> </service-ref> </jboss-client>
Example jboss-web.xml (server side) config:
<jboss-web>
<webservice-description>
<webservice-description-name>HelloService</webservice-description-name>
<config-name>Standard Secure Endpoint</config-name>
</webservice-description>
</jboss-web>
The official jbossws 1.0 release will include a user guide that explains the in more detail
-Jason -
8. Re: using jbossws for ws security
brianshields Apr 4, 2006 1:39 PM (in response to brianshields)I presume the jboss-client.xml file is used for the configuration of SOAP requests from JBoss to external WS endpoints. Where do I configure the response for the service configured in the jboss-web.xml file. At the moment the request to the service is being encrypted and the response is in plain text.
-
9. Re: using jbossws for ws security
hbraun Apr 5, 2006 12:11 PM (in response to brianshields)Please check the userguide chapter and the examples:
- http://labs.jboss.com/portal/jbossws/user-guide/en/html/wssecurity.html
- http://labs.jboss.com/portal/index.html?ctrl:id=page.default.downloads&project=jbossws -
10. Re: using jbossws for ws security
vlada.chroust Apr 11, 2006 4:36 AM (in response to brianshields)Mentioned userguide chapter and examples describe how use WS-security for webservice endpoint (server side, use jboss-web.xml,...) and client-app (client side, use jboss-client.xml).
I would like use ws-security with EJB component (as client-side), there are only ejb-jar.xml, jboss.xml. So, which config file i have to edit and append <config-name>Standard Secure Client</config-name>? -
11. Re: using jbossws for ws security
ramachennupati Apr 19, 2006 5:32 PM (in response to brianshields)I am looking for a example to configure the jboss-wsse-server.xml with Username Token Profile rather than X.509 Token Profile 1.0. The X.509 Token Profile works fine, but i want to use the Username Token Profile. I looked at the xsd and didn't find much information. Did any one tried this before?
If I use the X.509 Token Profile, how do i send the required signed request from the client wss4j Axis. I really appreciate any kind of feedback.