-
1. Re: How to specify WS-Security with SOAPClient ?
tfennelly Jun 5, 2008 7:36 AM (in response to stlecho)You can't specify anything like this (on the SOAPClient) at the moment.
You can however specify a transformation to be applied to the SOAP message, in which you could add the WS-Security headers. Would this work for you? Depending on the version of the ESB you're using, you may or may not be able to get dynamic values into this transformation. -
2. Re: How to specify WS-Security with SOAPClient ?
stlecho Jun 5, 2008 8:03 AM (in response to stlecho)In order to add the WS-Security headers I should be able to provide the following information: keystore file, keystore pwd, alias, ...
I would be glad if you could provide me an example - or some guidelines - for such a transformation :o).
PS: I'm using v4.3.GA. -
3. Re: How to specify WS-Security with SOAPClient ?
tfennelly Jun 5, 2008 9:31 AM (in response to stlecho)Can you illustrate the format of the data you need to add to the SOAP header?
-
4. Re: How to specify WS-Security with SOAPClient ?
stlecho Jun 5, 2008 10:26 AM (in response to stlecho)I do not know if you have knowledge of the principles of "WS-Security Signature". Brief explanation: when applying "WS Security Signature" we can verify that the contents of the SOAP Body have not been changed between the sender and the receiver of the SOAP Request. In order to guarantee this, a certificate (usually stored in a keystore) could be used.
In order to implement this functionality, Axis2 uses the Rampart Module: http://ws.apache.org/axis2/modules/rampart/1_3/security-module.html<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1"> <wsse:BinarySecurityToken ...>MIIEETCCAvmg...xFVHJ/X7XA==</wsse:BinarySecurityToken> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature-24309580"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /> <ds:Reference URI="#id-10196814"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <ds:DigestValue>BmL74yw7SzFd9Pw4ZkKUkN09BDg=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue>iBCz4OKhYpA...AeGBu2mA=</ds:SignatureValue> <ds:KeyInfo Id="KeyId-12358510"> <wsse:SecurityTokenReference ...> <wsse:Reference .../> </wsse:SecurityTokenReference> </ds:KeyInfo> </ds:Signature> </wsse:Security>
-
5. Re: How to specify WS-Security with SOAPClient ?
tfennelly Jun 5, 2008 11:08 AM (in response to stlecho)And are you in a position to generate the WS-S header info shown here? If you're in a position to generate it, I can try show you how to get it into the SOAP message.
-
6. Re: How to specify WS-Security with SOAPClient ?
stlecho Jun 5, 2008 11:41 AM (in response to stlecho)Axis2 does it for me, but I cannot use this method from within JBossESB or any other external client. When you look at the webservice_wssecurity quickstart, you'll see that JBossESB supports WS-S but - I guess - only for webservices hosted within JBossESB and not for external webservices.
-
7. Re: How to specify WS-Security with SOAPClient ?
stlecho Jun 15, 2008 5:38 AM (in response to stlecho)JBossESB supports WS-S but - I guess - only for webservices hosted within JBossESB and not for external webservices
Could this guessing be confirmed ? -
8. Re: How to specify WS-Security with SOAPClient ?
tfennelly Jun 15, 2008 1:30 PM (in response to stlecho)Right, JBossESB supports WS-S on WS endpoints exposed through the ESB, but the SOAPClient doesn't support WS-S. The SOAPClient only supports basic WS invocation.
-
9. Re: How to specify WS-Security with SOAPClient ?
stlecho Jun 16, 2008 3:42 PM (in response to stlecho)-Is there an alternative that can be used to invoke WS-Security enabled webservices ?
-Are there any plans to add WS-Security support to SOAPClient ? -
10. Re: How to specify WS-Security with SOAPClient ?
stlecho Aug 25, 2008 10:55 AM (in response to stlecho)Concerning "JBossESB supports WS-S on WS endpoints exposed through the ESB, but the SOAPClient doesn't support WS-S". Has this kind of support been added to the 4.3GA Release ?
-
11. Re: How to specify WS-Security with SOAPClient ?
stlecho Aug 25, 2008 10:57 AM (in response to stlecho)I meant off course the 4.4GA release instead of the 4.3GA release.
-
12. Re: How to specify WS-Security with SOAPClient ?
tfennelly Aug 25, 2008 1:17 PM (in response to stlecho)A new JAX-WS based SOAP client (via WISE) has been added in 4.4 and I'm fairly sure it's possible to add a WS-S handler on that. Stefano?
-
13. Re: How to specify WS-Security with SOAPClient ?
stlecho Aug 26, 2008 3:58 PM (in response to stlecho)Hi,
I will have a look at the sample provided in the distribution. Some questions:
-Does JBossESB supports the usage of WS-Security policy files ?
-The schema location used in the sample "http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd" results in a Page Not Found. Is this normal ?
-How can I specify which parts - body, ... - of the XML request should be signed or encrypted ?
Regards, Stefan Lecho. -
14. Re: How to specify WS-Security with SOAPClient ?
stlecho Aug 31, 2008 10:34 AM (in response to stlecho)Any clarifications on my questions are highly appreciated :o))))