There is a 'standard-jbossws-endpoint-config.xml' within jbossws.sar/META-INF. The security handler is configured there.
What jbossws version are you using?
I am using the version of jbossws that is packaged in the docs/examples/jbossws folder of jboss-4.0.4RC1.
What do I have to alter (or add) to the standard-jbossws-endpoint-config.xml file? I presume I have to add the endpoint I want secured and somehow point to the security configuration file for that service (or is that done automatically?)
The standard-jbossws-endpoint-config.xml file defines two types of endpoints, a standard endpoint and a standard secure endpoint. Is there anything that needs to appear in the config.xml or the webservice.xml files of the service to define the service as a secure service and therefore use the org.jboss.ws.wsse.WSSecurityHandlerInbound handler to process the jboss-wsse-server.xml file?
This doesnt seem to be that clear in the wiki, it suggests that by the bjoss-wsse-server.xml file simply being present the relevant security mechanisms within it will be applied!
Still no response to this....
Is there no documentation which shows all the steps involved in using WS-Security with JBossWS???
I have followed the instructions on that page and the service is still operating without security, although the appropriate files are present in the appropriate directories. Its as if the appropriate handler for security is not being envoked!
Your jboss*.xml needs to refer to the security handler config that is defined here:
Example jboss-client.xml config:
<jboss-client> <jndi-name>jbossws-client</jndi-name> <service-ref> <service-ref-name>service/HelloService</service-ref-name> <config-name>Standard Secure Client</config-name> <wsdl-override>http://@jbosstest.host.name@:8080/jbossws-samples-wssecurity-encrypt?wsdl</wsdl-override> </service-ref> </jboss-client>
Example jboss-web.xml (server side) config:
<config-name>Standard Secure Endpoint</config-name>
The official jbossws 1.0 release will include a user guide that explains the in more detail
I presume the jboss-client.xml file is used for the configuration of SOAP requests from JBoss to external WS endpoints. Where do I configure the response for the service configured in the jboss-web.xml file. At the moment the request to the service is being encrypted and the response is in plain text.
Please check the userguide chapter and the examples:
Mentioned userguide chapter and examples describe how use WS-security for webservice endpoint (server side, use jboss-web.xml,...) and client-app (client side, use jboss-client.xml).
I would like use ws-security with EJB component (as client-side), there are only ejb-jar.xml, jboss.xml. So, which config file i have to edit and append <config-name>Standard Secure Client</config-name>?
I am looking for a example to configure the jboss-wsse-server.xml with Username Token Profile rather than X.509 Token Profile 1.0. The X.509 Token Profile works fine, but i want to use the Username Token Profile. I looked at the xsd and didn't find much information. Did any one tried this before?
If I use the X.509 Token Profile, how do i send the required signed request from the client wss4j Axis. I really appreciate any kind of feedback.