1 Reply Latest reply on May 30, 2006 12:22 PM by Kevin Conner

    WS-Security in WS-TX

    Paul Robinson Master

      Hello,

      I am thinking about how I would integrate WS-Security into WS-TX using JBossTS 4.2.1 within JBoss 4.0.3SP1.

      My understanding is that my application client and application Web service communicate via the JBossWS soap stack. To support WS-Security I would add a WS-Security handler in both the client and the server side stack.

      However, I believe that the coordinator and the application web service's participants communicate (during the completion protocol) without a soap stack and that messages are written straight onto the socket. Is this correct and if so, how do you recommend I plug in WS-Security?

      Thanks,

      Paul.

        • 1. Re: WS-Security in WS-TX
          Kevin Conner Master

           

          My understanding is that my application client and application Web service communicate via the JBossWS soap stack. To support WS-Security I would add a WS-Security handler in both the client and the server side stack.

          This is correct, they will use the standard JBoss stack if you are running those clients/services on JBoss.
          I believe that the coordinator and the application web service's participants communicate (during the completion protocol) without a soap stack

          This is not correct, XTS contains a small SOAP stack based on the StAX API. The stack contains an implementaion of the WS-A (2004 and 2005) specs as well as the WS-TX (2004) spec.

          WS-Security is not supported at present but communication can still be secured using the https transport layer.

          The XTS SOAP stack was designed to allow the substitution of parts, or all, of the stack. The current roadmap includes a task to integrate the new JBoss Webservices stack as an alternative to the internal one. Once this is complete you will be able to leverage the JBoss webservices implementation of other standards.

          Kev