I'm trying to develop a standalone Java web service client with JAX-WS (Metro) that uses WS-Security with Username Token Authentication (Password digest, nonces and timestamp) and timestamp verification along with WS-Addressing over SSL. The WSDL I have to work with does not define any security policy information. I have been unable to...
Here is my scenario: I have a proxy that actually has the SSL Cert installed and this sits in front of a load balanced web farm. Each IIS server does not have SSL so I can't use transport security via wsHttp binding. I have not investigated basicHttp because we want to provide SOAP 1.2 going forward w/ this solution. In addition to t...
Well, I'm barely beginning to get involved in this subject. I've found this pretty detailed tutorial, but it seems a little outdated. Besides I guess that in Java 6 Metro is the way to go (am I right???) What are the frameworks, books and online resources to to investigate/read? Edit: Another pretty good tutorial, with Metro's WSIT i...
I am trying to connect to a Web Service which is password protected and the url is https. I can't figure out how to authenticate before the script makes a request. It seems like it makes a request as soon as I define the service. For instance, if I put in: $client = new SoapClient("https://example.com/WSDL/nameofservice", array('...
If I define a web service interface that uses WS Security, and many people using many different platforms implement that interface, can I expect seamless interoperability? Is WS-Security mature enough for that to happen? Is it widely and robustly implemented in modern programming languages? Specifically I am considering using the user na...
I need to integrate with a legacy .NET Web Service that uses WSE 2.0 for WS-Security and DIME. The catch is I need to do this from a Java application. I'm expecting that Axis2 works fine with the WS-Security because folks around here have done it before. It's the DIME that I'm concerned about. I see a reference to DIME at http://ws.apac...
I've implemented authentication through WS-Security on my webservice as described at http://static.springframework.org/spring-ws/sites/1.5/reference/html/security.html, like so: <bean id="callbackHandler" class="org.springframework.ws.soap.security.wss4j.callback.SimplePasswordValidationCallbackHandler"> <property name="users"> ...
I am implementing WS-Security using WSS4J and I'm trying to incorporate some support form of authorization. I have a global handler, defined in the <requestFlow>, which executes before every service. I need to determine, through the Axis MessageContext or otherwise, what class is mapped to the requested service. I want to delegate to ...
I have a rampart STS Client whose policy looks like this <sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> <wsp:Policy> <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"/> </sp:UsernameToken> </wsp:Polic...
I've got the code working that consumes an unprotected web service, but I'd like to know how to consume one using WS-Security. A pointer to some documentation would be helpful. I just can't find a starting place. ...
Hi there, I am trying to make my WCF client communicate with Spring-WS server running WS-Security (SOAP 1.1 over HTTP). The messages are encrypted using certificates. The key info I send over in my request contains information about the receiver public key I used for encrypting the message. This information is sent to the server as fol...
Hi, We have to transfer binary data using web service stack and in the process we have to sign web service requests/responses. The main question is: what is the prefered way to do this? Should we use MTOM and WS-Security? From ISSUE CXF-1904 I have concluded that there are issues when one uses MTOM and WS-Security. CXF and axis2 use ...
I have a web service in .NET 1.1 and WSE 2.0 that uses WS-Security with x509 certificates for both signature and encryption. I'm trying to configure a WCF client to connect with this service, and it's proving more challenging that I had expected. I've gotten past most of my versioning issues by using a custom binding, but I'm stuck on ...
Hi all I try to get Key from KeyStore. I created a keystore by Keytool: keytool -genkeypair -dname "cn=Mark Jones, ou=JavaSoft, o=Sun, c=US" -alias business2 -keypass abcdtest -keystore C:\workspace\XMLSample\keystore\mykeystore.jks -storepass 123456 And the following is GenerateXML.java import java.io.FileInputStream; import java...
I'm trying to build a minimal client for a WCF service, using the WSHttpBinding with SecurityMode: Message over a direct channel interface. My current code is very simple: EndpointIdentity i = EndpointIdentity.CreateX509CertificateIdentity(clientCertificate); EndpointAddress a = new EndpointAddress(new Uri("http://myServerUrl"), i); WS...
Hi, I am trying to use a gSoap-generated wsdl from Netbeans. The webservice requires that the UserNameToken be passed in. When I use the wsdl from SoapUI (which works), it sends this: <wsse:Username>myname</wsse:Username> <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordTex...
We have an upcoming project to allow an old platform that's only extensible with C++ / VS 2003 to call a SOAP-based web service that uses WS-Security. My Google research indicates that gSOAP could be the best way to go. I'm looking for validation and/or alternative suggestions. ...
How to create a web service in C# that uses WS-Security for encryption and signatures for both sides (requests and responses)? Client and server will use certificates. ...
Hi, we have a WCF service hosted inside IIS. Now there are loads of different client applications calling this service. WS-SecureConversion is used. Now, the service diagnostic log shows warnings that security sessions are being aborted. Most likely this is because of clients that do not properly close the session. More info: the prob...
I need ammunition to try to promote WS-Security for a set of externally-available web services that interact directly with our production customer service application. My vision is to implement IPassword provider and authenticate with our AD store. The architecture recommendation that came down from on high is SSL, with an IP filter on t...