8 Replies Latest reply on Mar 7, 2007 8:03 PM by meghanai_99

    Regarding JBPM and WS-security

    saleemk
    saleemk Jun 30, 2006 9:59 AM

      Hi All,
      I am new to the JBoss,so I want to ask one
      very basic question.
      I am using JWSDP 2.0.Actually I like to invoke couple of secure services running on seperate server.These services are using WS-security.So I am just wondering Whether Process engine used by JBPM uses JWSDP,as our secure services are using JWSDP so thats the reason we prefer to use the
      BPEL engine which deployed on top of JWSDP or uses the security implementation of JWSDP so that We dont have to confront with compatable issues among different toolkits.

      If yes it is possible,could you please refer to any example or article to find out how it can be achieved?

      I would appreciate your help.


      Kind Regards
      Kashif

      • 4696 Views
      • Tags:
        • 1. Re: Regarding JBPM and WS-security
          aguizar
          aguizar Jun 30, 2006 2:08 PM (in response to saleemk)

          jBPM BPEL uses the standard JSR-109 server deployment model to expose web services, so that you can port it to other app servers and use the same mechanism you'd use to secure "normal" web services.

          However, the JWSDP deployment model does not adhere to JSR-109. I am positive it is possible to introduce the BPEL port provider handler to the handler chain of a JWSDP deployment, which is where the BPEL process behavior is "injected". I am not familiar with the details, tough. I only use wscompile :)

            • Actions
          • 2. Re: Regarding JBPM and WS-security
            aguizar
            aguizar Jun 30, 2006 2:10 PM (in response to saleemk)

            The WSEE configuration for the port provider handler I referenced in my previous post appears in the web services deployment descriptor section of the jBPM BPEL tutorial. That might be a good starting point.

              • Actions
            • 3. Re: Regarding JBPM and WS-security
              qwerty50989 Aug 9, 2006 12:00 PM (in response to saleemk)

              I agree, it is possible to extract WS Security header from incoming messages by replacing the PortHandler with my custom one, but how can I add authentication to outgoing messages?

              Here is your code (PortCaller.java):

              197 // retain only parts specified by soap:body keeping the parameter order
198 parameterOrder = new ArrayList(parameterOrder);
199 parameterOrder.retainAll(partNames);


              So I found no ability to add any soap header to outgoing message, and no ability to add Authorization http header. Does the jbpm-bpel support multiple users at all? Does it plan to?

                • Actions
              • 4. Re: Regarding JBPM and WS-security
                meghanai_99 Mar 6, 2007 7:52 PM (in response to saleemk)

                Has anyone implemented this successfully? Are there new developments around ws-security support since then?

                Thank you,
                Meghana

                  • Actions
                • 5. Re: Regarding JBPM and WS-security
                  meghanai_99 Mar 7, 2007 3:36 PM (in response to saleemk)

                  As I am starting to read on ws-security support in JBossWS 1.2 [I am using trunk I downloaded few days ago] I came accross 2 user guides. One is for JAX-WS http://jbws.dyndns.org/mediawiki/index.php/JAX-WS_User_Guide#Top_Down_.28Java_to_WSDL.29
                  and the other one is for JAX-RPC
                  http://jbws.dyndns.org/mediawiki/index.php/JAX-RPC_User_Guide#WS-BPEL

                  From the documentation it is clear that I need to read JAX-RPC since BPEL is based on that. But out of curiosity, what is the difference between the two? RPC style is supported in both then why there are 2 styles of exposing webservices? Why BPEL is based on one style and not the other?

                  Is there any documentation about JBPM-BPEL that talks about all these internals? it's architecture etc?

                  Thank you,
                  Meghana

                    • Actions
                  • 6. Re: Regarding JBPM and WS-security
                    meghanai_99 Mar 7, 2007 4:09 PM (in response to saleemk)

                    I know the answers now. I asked the question too soon :p

                      • Actions
                    • 7. Re: Regarding JBPM and WS-security
                      aguizar
                      aguizar Mar 7, 2007 6:36 PM (in response to saleemk)

                      Care to share your findings with everyone? :-)

                        • Actions
                      • 8. Re: Regarding JBPM and WS-security
                        meghanai_99 Mar 7, 2007 8:03 PM (in response to saleemk)

                        From the JAX-WS user guide -


                        JAX-WS brings to web services what EJB3 brings to EJB. With its greatly simplified programming model and functional enhancements it is desigend to take the place of previous JAX-RPC web service implementations.


                        and I assume JBPM-BPEL will be ported to this new implementation eventually [That will be great. Lot less config files. I saw only web.xml which is required].
                        The reason why it is on JAX-RPC is because JAX-WS is new. It is introduced in JBossWS 1.2

                        Please correct if my assumptions are wrong.

                        Thanks,
                        Meghana

                          • Actions