Can anyone point me to some decent introductions to WS-Security?
I'm looking for tutorials or something that provide a fairly gentle introduction to the subject, though I don't mind if it assumes basic knowledge of web services and SOAP. Most of the stuff I've seen so far is very technical and you need a lot of complex, detailed backgro...
I need to call a web service written in .NET from Java. The web service implements the WS-Security stack (either WSE 2 or WSE 3, it's not clear from the information I have).
The information that I received from the service provider included WSDL, a policyCache.config file, some sample C# code, and a sample application that can succes...
What is the best approach to make sure you only need to authenticate once when using an API built on WCF?
My current bindings and behaviors are listed below
<bindings>
<wsHttpBinding>
<binding name="wsHttp">
<security mode="TransportWithMessageCredential">
<transport/>
<message clientCredentialType="UserName" negoti...
I'm having troubles finding good Ruby libraries that implement WS-Security. I've seen wss4r but have yet to use it (and the documentation is a bit light on it). What libraries do you use for this task, or is there a better alternative?
...
I've exposed several web services in our product using java and WS-Security. One of our customers wants to consume the web service using Coldfusion. Does coldfusion support ws-security? Can I get around it by writing a java client and using that in coldfusion?
(I don't know much about coldfusion).
...
Using Ws2007HttpBinding and securing the service, the WSDL file generated shows in the policy section that all the ws-addressing headers and the body will be signed, and that the body will be encrypted.
<sp:SignedParts>
<sp:Body />
<sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="From" Na...
Hi, I need to use encryption (and signature) for a web-service (server side). I use axis2 and successfully added the rampart module (for WS-Security implementation).
But rampart page (http://ws.apache.org/axis2/modules/rampart/1_2/security-module.html) is missing examples and the sample file are not really documented.
So my question is ...
Hi
I'm running an application (web service) in tomcat with TLS enabled (with certificates both for the client and the server).
I want that my application will be able to send audit message (logging) when TLS handshake fails. for example I want to log when:
the client certificate is expired,
the client certificate is unknown (not in th...
I'm working with a .NET dev team who are trying to interface with a web service that uses WS-Security, and although the service requires signed requests it only returns unsigned responses.
The team knows of a way to call the service using WSE, but they're required to use WCF, so can anyone suggest how to configure WCF to send signed req...
I ask this question in anticipation as part of a project. I have experience of developing and consuming web services in the past and am au fait with those. However I have been told that as part of this next project I will need to use "secure" web services. Can you provide some insight into what additional development tasks there will be ...
I have a Axis2 web service secured using Rampart. I do want to develop secure clients for it, preferably JAX-WS based. I tried a lot of tutorials but they are so closed tied with each other, like including Axis2 libraries in the client side. The client should be fairly independent of the WS service framework, as the service can be consum...
Hi,
For one of our projects, I should be able to call a webservice that uses WS-Security, i.e. the SOAP request should be signed with an X.509 certificate. I've been doing some tests to call the webservice through the use of the WebServiceRef annotation and I'm able to call the webservice without WS-Security.
So my question is: how can...
the ws-discovery specifications explains how to protect your network from
message alteration
Denial of service
replay
spoofing
but what about man-in-the-middle attack?
...
Can you use a Spring-WS WebserviceTemplate for calling a webservice and avoid that it generates a SOAP-envelope? That is, the message already contains an SOAP-Envelope and I don't want that the WebserviceTemplate wraps another one around it. :-)
The reason I want this is that I'd like to call a webservice that uses ws-security and do no...
Hi all,
What is the best approach to implementing authorisation/authentication for a Windows Forms app talking to an IIS-hosted RESTful WCF Service?
The reason I ask is I am very confused, after sifting through different articles and posts expressing a different method and eventually hitting a ~650 page document on WCF Security Best Pr...
Hi guys,
I am trying to resolve a problem we have using glassfish V2 to publish a simple web service using a plain UserNameToken for security reasons. Since we were using Netbeans 6.5 to archive this we were looking into this tutorial:
http://testwww.netbeans.org/kb/60/javaee/identity-amsecurity.html
enter code here
Therefore the foll...
I'm trying to access a web service secured by a certificate.
The security is setup on IIS and the web service is behind it.
I don't think WS-SECURITY will do this type of authentication.
Is there any way to pass the client certificate when you call the web service?
I'm just getting an IIS Error Page that says "The page requires a
clien...
I've been working with JAX-WS with Weblogic Server, using their Ant tasks to build EAR files that can be deployed on the server. I've gotten basic SOAP calls to work with JAX-WS, but now I'm trying to add some message-level security via WS-Security.
According to the documentation, there are two ways of adding security policies to web s...
I'm writing a simple proof-of-concept webservice client using the JBoss-WS library. I need to send messages to a remote service that requires a <Security> header with a <UsernameToken> element.
I would like to add this header in the most JAX-WS-kosher way, without having to manually add XML elements by hand, without having to read in a ...
I need to build a simple webservice to get data in and out of a HR System over the Internet (it's a hosted solution). I am using IIS and ASP.Net with .Net 2.0.
Having looked into it, there are several ways of making the webservice secure - I am after some advice on which method to choose, with some views on pros and cons.
These are th...