1 Reply Latest reply on Aug 26, 2009 1:18 AM by Ismail Seyfi

    Security on Service exposed as a Web Service through Contrac

    Ismail Seyfi Newbie

      I have a simple Service defined. This Service uses with in and out request and response parameter settings. By default, If I understand it correctly, ESB exposes this service as a web service end point. I have a remote web application that submits a simple soap message to this service/end point. This all works great. My next step is to integrate security. I modified my soap message contain UsernameToken. However when I set the tag inside my service definition. I get an exception indicating that AuthRequest has not been set up. My readings indicate that Gateway listeners or ServiceInvoker is able to extract security tokens from the incoming input. Is it possible to integrate security into a Service that is exposed through contract definition.

      Do i need to keep the service as it is and use the webservice attribute (=false) and not expose the service? Do I then integrate jbr listener and have my client web application submit a request to the jbr port?

      thanks

        • 1. Re: Security on Service exposed as a Web Service through Con
          Ismail Seyfi Newbie

           

          "ismail.seyfi@definitivelogic.com" wrote:
          I have a simple Service defined. This Service uses actions me="RequestResponse" with in and out request and response parameter settings. By default, If I understand it correctly, ESB exposes this service as a web service end point. I have a remote web application that submits a simple soap message to this service/end point. This all works great. My next step is to integrate security. I modified my soap message contain UsernameToken. However when I set the security tag inside my service definition. I get an exception indicating that AuthRequest has not been set up. My readings indicate that Gateway listeners or ServiceInvoker is able to extract security tokens from the incoming input. Is it possible to integrate security into a Service that is exposed through contract definition.

          Do i need to keep the service as it is and use the webservice attribute (=false) and not expose the service? Do I then integrate jbr listener and have my client web application submit a request to the jbr port?

          thanks