2 Replies Latest reply on Aug 18, 2006 12:45 PM by Kristof Taveirne

    Ws-Security and Authentication

    Kristof Taveirne Newbie


      I'm starting out doing some experimenting with WS-Security and i'm running into a few problems/questions.

      I want 2 things.
      First I want to do some authentication.
      And second I want to sign the message i've send to the server.

      For authentication I was thinking about Jaas. So I did the following on the client side:

      ((Stub)port)._setProperty(javax.xml.rpc.Stub.USERNAME_PROPERTY, "me"); ((Stub)port)._setProperty(javax.xml.rpc.Stub.PASSWORD_PROPERTY, "myPassword");

      I've configured my ejb based web service by configuring the ejb-jar.xml file.

      This works great.

      Now, I also want to sign my message using ws-security by adding

      to the jboss-wsse-server.xml file.

      This also works.

      But now:
      - How do I know that the signature belongs to the person that logs in using the username/password properties?

      - I've seen there is no in the schema for the jboss-wsse-server.xml config file that could also do this instead of using the Basic Auth in the HTTP header. Howcome?

      I in fact want to do some authentication using a x509 certificate in the sense that the user is able to use the web service if it is known in the truststore of the server. Can somebody give me some directions on how I could do this?

      I have some experience using xws-security from Sun's JWSDP, but I would like to learn how I can transform some things to JBoss.

      All help/directions are welcome!