3 Replies Latest reply on Jan 19, 2009 6:20 PM by Sander S

    Seam WS encryption

    Chua Khoon Yong Novice

      hi any1,


      I was browsing through the seam user guide on web services and the example seambay.  Seambay uses the test.js to format and send out the web service request in soap.


      Is there any sort of encryption of the ws payload that can be configured in seam ?   Appreciate some advice on this, i couldn't figure out the answer.


      Many thanks.




        • 1. Re: Seam WS encryption
          Sander S Newbie

          What kind of encryption do you mean ?
          The most simple thing to do is use ssl so that everything is encrypted.


          Furthermore the WS familiy has some specs that covers how to encrypt things (can't remember which one) but I think it would then be a matter of the app server (or ws lib) to deal with that and not seam

          • 2. Re: Seam WS encryption
            Chua Khoon Yong Novice

            hi Sander,


            To secure the the WS endpoint, one could secure the http transport or use WS-Security.  I was thinking that WS-Security is easily to use, so i was browsing the seam documentation to do that.


            The Seam configuration for web service consists of a part on configuring the endpoint:


            Seam WS config



            <jaxws-config xmlns="urn:jboss:jaxws-config:2.0" 
                          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
                          xmlns:javaee="http://java.sun.com/xml/ns/javaee"
                          xsi:schemaLocation="urn:jboss:jaxws-config:2.0 jaxws-config_2_0.xsd">
               <endpoint-config>
                  <config-name>Seam WebService Endpoint</config-name>
                  <pre-handler-chains>
                     <javaee:handler-chain>
                        <javaee:protocol-bindings>##SOAP11_HTTP</javaee:protocol-bindings>
                        <javaee:handler>
                           <javaee:handler-name>SOAP Request Handler</javaee:handler-name>
                           <javaee:handler-class>org.jboss.seam.webservice.SOAPRequestHandler</javaee:handler-class>
                        </javaee:handler>
                     </javaee:handler-chain>
                  </pre-handler-chains>
               </endpoint-config>
            </jaxws-config>




            To secure using WS-Security, i am not sure if the current javaee:handler in seam can do it.


            The jboss ws endpoint configuration info is Here



            See also Steps for implementing WS-Security in JBoss using Username token Authentica


            Best regards.

            • 3. Re: Seam WS encryption
              Sander S Newbie

              It's an handler chain so you should be able to chain them. The Seam SoapRequestHandler does not do much, just starting and closing the session context so that shouldn't be a problem.


              Try making some test setups as I have no experience with this. For the WSS stuff you'd probably need to be in the AS forum if that doesn't work.


              Good luck