3 Replies Latest reply on Jan 19, 2009 6:20 PM by sander

    Seam WS encryption

    chuaky
    chuaky Jan 15, 2009 10:54 AM

      hi any1,


      I was browsing through the seam user guide on web services and the example seambay.  Seambay uses the test.js to format and send out the web service request in soap.


      Is there any sort of encryption of the ws payload that can be configured in seam ?   Appreciate some advice on this, i couldn't figure out the answer.


      Many thanks.




      • 216 Views
      • Tags:
        • 1. Re: Seam WS encryption
          sander
          sander Jan 15, 2009 11:33 AM (in response to chuaky)

          What kind of encryption do you mean ?
          The most simple thing to do is use ssl so that everything is encrypted.


          Furthermore the WS familiy has some specs that covers how to encrypt things (can't remember which one) but I think it would then be a matter of the app server (or ws lib) to deal with that and not seam

            • Actions
          • 2. Re: Seam WS encryption
            chuaky
            chuaky Jan 19, 2009 3:05 AM (in response to chuaky)

            hi Sander,


            To secure the the WS endpoint, one could secure the http transport or use WS-Security.  I was thinking that WS-Security is easily to use, so i was browsing the seam documentation to do that.


            The Seam configuration for web service consists of a part on configuring the endpoint:


            Seam WS config



            <jaxws-config xmlns="urn:jboss:jaxws-config:2.0" 
              xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
              xmlns:javaee="http://java.sun.com/xml/ns/javaee"
              xsi:schemaLocation="urn:jboss:jaxws-config:2.0 jaxws-config_2_0.xsd">
   <endpoint-config>
      <config-name>Seam WebService Endpoint</config-name>
      <pre-handler-chains>
         <javaee:handler-chain>
            <javaee:protocol-bindings>##SOAP11_HTTP</javaee:protocol-bindings>
            <javaee:handler>
               <javaee:handler-name>SOAP Request Handler</javaee:handler-name>
               <javaee:handler-class>org.jboss.seam.webservice.SOAPRequestHandler</javaee:handler-class>
            </javaee:handler>
         </javaee:handler-chain>
      </pre-handler-chains>
   </endpoint-config>
</jaxws-config>




            To secure using WS-Security, i am not sure if the current javaee:handler in seam can do it.


            The jboss ws endpoint configuration info is Here



            See also Steps for implementing WS-Security in JBoss using Username token Authentica


            Best regards.

              • Actions
            • 3. Re: Seam WS encryption
              sander
              sander Jan 19, 2009 6:20 PM (in response to chuaky)

              It's an handler chain so you should be able to chain them. The Seam SoapRequestHandler does not do much, just starting and closing the session context so that shouldn't be a problem.


              Try making some test setups as I have no experience with this. For the WSS stuff you'd probably need to be in the AS forum if that doesn't work.


              Good luck

                • Actions