6 Replies Latest reply on Oct 10, 2007 8:29 AM by nickarls

WS config

nickarls Oct 4, 2007 3:19 AM

I'm trying to secure my existing web service, I added

@EndpointConfig(configName = "Standard WSSecurity Endpoint")

and it is picked up (garbling => error)

and put an

<?xml version="1.0" encoding="UTF-8"?>
<jboss-ws-security xmlns="http://www.jboss.com/ws-security/config"
 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 xsi:schemaLocation="http://www.jboss.com/ws-security/config
 http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">
 <key-store-file>META-INF/wsse.keystore</key-store-file>
 <key-store-password>jbossws</key-store-password>
 <trust-store-file>META-INF/wsse.truststore</trust-store-file>
 <trust-store-password>jbossws</trust-store-password>
 <config>
 <sign type="x509v3" alias="wsse" />
 <encrypt type="x509v3" alias="wsse" />
 <requires>
 <signature />
 <encryption />
 </requires>
 </config>
</jboss-ws-security>

and it is picked up (garbling => error)

since it is an EAR with the WS class in an JAR, I put all the ws-related files in the META-INF directory of the jar (following the wiki).

But still my wsdl shows no sign of encryption tags. Suggestions?

1. Re: WS config

nickarls Oct 5, 2007 8:48 AM (in response to nickarls)

Any help would be...helpful.
Actions
2. Re: WS config

nickarls Oct 9, 2007 3:46 AM (in response to nickarls)

A starting point?
A working sample to reverse-engineer?
A bone?
Actions
3. Re: WS config

peterj Oct 9, 2007 11:08 AM (in response to nickarls)

Have you seen http://jbws.dyndns.org/mediawiki/index.php?title=JAX-WS_User_Guide#WS-Security?

What do you mean by "(garbling => error)"?

Have you also set up the client to use WSSecurity?
Actions
4. Re: WS config

nickarls Oct 9, 2007 2:47 PM (in response to nickarls)

"PeterJ" wrote:
Have you seen http://jbws.dyndns.org/mediawiki/index.php?title=JAX-WS_User_Guide#WS-Security?

Yep, I used that as a starting point

"PeterJ" wrote:

What do you mean by "(garbling => error)"?

I mean that if I introduce an error into the file then the config stops working and from that I conclude that the file is found and being used.

"PeterJ" wrote:

Have you also set up the client to use WSSecurity?

Well, I haven't got as far as the client yet, I started at the server-end assuming that the wsdl would show some security tags if it was properly configured.
Actions
5. Re: WS config

peterj Oct 9, 2007 2:58 PM (in response to nickarls)

That's a negative. There are no artifacts in the WSDL that indicate WSSecurity is required. All you get is an error is the client doesn't supply the credentials (see my travails at http://www.jboss.com/index.html?module=bb&op=viewtopic&t=120672).

This makes sense because you can then easily layer security on top of an existing web service without modifying it or the client (just add the necessary config files).
Actions
6. Re: WS config

nickarls Oct 10, 2007 8:29 AM (in response to nickarls)

Whoa! Worked. Thanks. I've been staring too much at the wsdl.
Actions

Go to original post