JBoss WS-Security Configuration
WS-Security support is enabled by adding one or both of WS-Security deployment descriptors:
jboss-wsse-server.xml - The security configuration used on the server-side. This applies to all incoming requests to a web service endpoint, as well as the outgoing responses sent by the web service endpoint.
jboss-wsse-client.xml - The security configuration used on the client-side. This applies to all outgoing requests sent by a client, as well the response messages that are received by the client.
Both descriptors use the same underlying XML Schema, the only difference is the name of the files. See the schema documentation for detailed information on the configuration elements in the WS-Security deployment descriptors.
The location of these descriptors depends on the type of deployment
Web Application Archive (WAR)
Both the jboss-wsse-server.xml, and jboss-wsse-client.xml are searched for in WEB-INF
J2EE Application Client (JAR containing application-client.xml)
Only jboss-wsse-client.xml is searched in META-INF
EJB Archvice (JAR containing ejb-jar.xml)
Both the jboss-wsse-server.xml and jboss-wsse-client.xml are searched for in META-INF
A simple use case is to apply encryption, and digital signature processing to the entire message body. The following server-side configuration requires all requests to be signed and encrypted, as well as signs and encrypts all response messages:
<?xml version="1.0" encoding="UTF-8"?> <jboss-ws-security xmlns="http://www.jboss.com/ws-security/config" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance“> <key-store-file>WEB-INF/wsse.keystore</key-store-file> <key-store-password>jbossws</key-store-password> <trust-store-file>WEB-INF/wsse.truststore</trust-store-file> <trust-store-password>jbossws</trust-store-password> <config> <sign type="x509v3" alias="wsse"></sign> <encrypt type="x509v3" alias="wsse"></encrypt> <requires> <signature></signature> <encryption></encryption> </requires> </config> </jboss-ws-security>