WSSecurityConfig

Version 63

    JBoss WS-Security Configuration

     

    Deployment Descriptors

     

    WS-Security support is enabled by adding one or both of WS-Security deployment descriptors:

     

    • jboss-wsse-server.xml - The security configuration used on the server-side. This applies to all incoming requests to a web service endpoint, as well as the outgoing responses sent by the web service endpoint.

     

    • jboss-wsse-client.xml - The security configuration used on the client-side. This applies to all outgoing requests sent by a client, as well the response messages that are received by the client.

     

    Both descriptors use the same underlying XML Schema, the only difference is the name of the files. See the schema documentation for detailed information on the configuration elements in the WS-Security deployment descriptors.

     

    Descriptor Location

     

    The location of these descriptors depends on the type of deployment

     

    Web Application Archive (WAR)

     

    Both the jboss-wsse-server.xml, and jboss-wsse-client.xml are searched for in WEB-INF

     

    J2EE Application Client (JAR containing application-client.xml)

     

    Only jboss-wsse-client.xml is searched in META-INF

     

    EJB Archvice (JAR containing ejb-jar.xml)

     

    Both the jboss-wsse-server.xml and jboss-wsse-client.xml are searched for in META-INF

     

    Simple Example

    A simple use case is to apply encryption, and digital signature processing to the entire message body. The following server-side configuration requires all requests to be signed and encrypted, as well as signs and encrypts all response messages:

    <?xml version="1.0" encoding="UTF-8"?>
    <jboss-ws-security xmlns="http://www.jboss.com/ws-security/config" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance&#147;>
     <key-store-file>WEB-INF/wsse.keystore</key-store-file>
     <key-store-password>jbossws</key-store-password>
     <trust-store-file>WEB-INF/wsse.truststore</trust-store-file>
     <trust-store-password>jbossws</trust-store-password>
     <config>
       <sign type="x509v3" alias="wsse"></sign>
       <encrypt type="x509v3" alias="wsse"></encrypt>
       <requires>
         <signature></signature>
         <encryption></encryption>
       </requires>
     </config>
    </jboss-ws-security>