tags:

views:

921

answers:

3
+1  Q: 

Encryption of SOAP message in Axis 2

Hi, I need to use encryption (and signature) for a web-service (server side). I use axis2 and successfully added the rampart module (for WS-Security implementation). But rampart page (http://ws.apache.org/axis2/modules/rampart/1_2/security-module.html) is missing examples and the sample file are not really documented. So my question is : what is the simplest way to add encryption (and signature) ? what do I have to put in the services.xml, do I have to write a policy.xml ? What do I have to give to the client's developer (in addition to the WSDL) ? If you can point me to a good tutorial it would be helpful, thanks etc...

+3  A: 

Would it be possible to simply use SSL (https)? That would certainly simplify things.

Ross  2008-10-18 06:15:07
+1  A: 

Vinze - I ran into this problem with rampart too, although I wasn't trying to expose a web service, just call one. (See this question).

I've found all web services security stuff to be confusing, and it doesn't help that rampart is poorly documented (no good tutorials as you mentioned).

You may have some success writing to the WSS4J API instead of using rampart. (BTW, I think rampart is built on top of WSS4J).

As for what to provide the client's developer it may be simplest for him/her if you put the policy information into the wsdl instead of a separate policy.xml. But you should probably plan on providing him/her documentation on how your service is secured so he/she knows how to call it.

Michael Sharek  2008-10-20 03:52:49
Yes, by searching many solutions I understood the policy should be in the WSDL file ; but I generate it using Axis's Java2WSDL ant task and I don't know how to do it... maybe I will have to write the WSDL myself ! Writing the service with correct API instead of POJO is also the solution I'm going to
Vinze  2008-10-20 09:31:10
A: 

I found many answers in this book : http://agileskills2.org/DWSAA/index.html (chapter 9) So even if I didn't finished I'll try to answer my own question :

  • Even if the policy is in the WSDL the current Axis 2 version (1.4) don't look at it so you must add the policy and the rampart configuration in the services.xml
  • You have to write a rampart-config.xml for the client and "engage" the module in the ConfigurationContext used as argument for the stub constructor
  • For both you need a keystore (such as JKS) and a certificate

Maybe more, I'll edit this answer when I would succeed...

Vinze  2008-11-25 13:53:57

related questions

Displaying Version Information in a Web Service
Example Web Service
SoapException: Root element is missing occurs when .NET web service called from Flex
Best practice for webservices
What is your preferred method of sending complex data over a web service?
.Net - Returning DataTables in WCF
Is it possible to return objects from a WebService?
How much extra overhead is generated when sending a file over a web service as a byte array?
Returning Large Results Via a Webservice
File Uploads via Web Services
best way to persist data in .NET Web Service
What is the difference between an endpoint, a service, and a port when working with webservices?
Calling REST web services from a classic asp page
Best way to write a RESTful service "client" in .Net?
Where can I find some good WS-Security introductions and tutorials?
ASP.NET Web Service Results, Proxy Classes and Type Conversion
Web Services -- WCF vs. Standard
C# WCF Service - Backward compatibility issue
Document or RPC based web services
How to easily consume a web service from PHP
Timer-based event triggers
How to pass enumerated values to a web service
Homegrown consumption of web services
How do I print an HTML document from a web service?
How do I fill a DataSet or a DataTable from a LINQ query resultset ?