Version 7

    JBoss Web Services 1.0 - WS-Security


    New to JBossWS is full WS-Security support for any service or client.



    More information can be found in the JBossWS User Guide


    What is WS-Security?


    WS-Security standardizes authorization, encryption, and digital signature processing of web services. Unlike transport security models, such as SSL, WS-Security applies security directly to the elements of the web service message. This increases the flexibility of your web services, by allowing any message model to be used (point to point, multi-hop relay, etc).




    WS-Security is defined by the combination of the following specifications:


    OASIS Specifications


    W3C Specifications


    WS-I Specifications




    See the JBoss WS-Security Feature List page.




    You can enable WS-Security on your web service by adding a jboss-wsse-server.xml descriptor and/or a jboss-wsse-client.xml descriptor to your deployment. Both of these files are documented here.





    1. Message Signing

    2. Message Encryption

    3. Message Signing and Encryption

    4. Encrypting Keystore and Truststore Passwords

    5. Complex Doc/Lit Nested Element Encryption & Signing with Walkthrough