ws-security

Any Spring Framework support for REST security?

I am about to implement security for my RESTful services based on the Spring framework. Actually, I have never secured RESTful WS before, but I've got myself a good introduction here. Basically, Amazon S3 or even OAuth are suggested as good examples. My questions: Does the Spring framework provide these strategies out-of-the-box? If ...

Calling .NET Web Service (WSF, WS-Security) from Java - NullPointerException

I am attempting to create a Java client to call a .NET web service. I was provided a WSDL (which contains the security policy information) and used the Axis2 wsdl2java utility to generate the client stub. Here is the code I use to initialize the stub: ConfigurationContext ctx = ConfigurationContextFactory.createConfigurationContextFro...

Looking for Tutorial/How To for JAX-WS Client Security

Hi, I have been given a WSDL to generate a client against which uses a security policy. This is my first time using a security policy and although I've read about it (basic theory), putting it into practice with specific elements and a specific technology isn't straight forward (to me anyway). I generated the client using wsimport and...

WCF Message Security With Service Certificate Only

I'm new to WCF, and wanted to know if it is possible to do Message Security, where I use a x.509 certificate for the service only, and for client security do windows credentials, is this acceptable, does it work? Tried searching the web, but either no discuss on this approach exists, or I have put the wrong wording in my google search, ...

How do I secure a CXF web service using WS-Security and an AES 256 encrypted password?

I'm trying to use an AES 256 encrypted password instead of a plain text password. I'm not sure how to configure the server to use an AES encrypted password. When I try to run the client code it gets an exception org.apache.ws.security.WSSecurityException: Unknown password type encoding: http://www.w3.org/2001/04/xmlenc#aes256-cbc If an...

WCF and plain-text credentials: Custom SecurityAlgorithmSuite?

So out of the box, WCF doesn't allow me to send WS-Security credentials plain-text as they are expected by CXF on the receiving end. It seems as though different SecurityAlgorithmSuite which doesn't actually encrypt anything would do the trick, but I don't know where to begin as far as what values should be returned by the various prope...

Implement JBoss WS-Security Username Token Profile authentication

I implemented a web service with JAX-WS, and my service client is implemented with JAX-WS too, and the client can talk to service with WS-Security username token profile authentication. Now I want to deploy this service to JBoss 4.2.3 and want to replace the custom authentication with JEE container authentication. I read some documents ...

Axis2/rampart cryptography problem with signaturePropFile

I have problem with WebService client that has to use WS-Security. My client is written with axis2. It works when I do not enable cryptography (of course with my server emulator). I enabled cryptography by adding to axis.xml: <!--Signature and Encryption : Using the request's certificate--> <module ref="rampart" /> <parameter name="Out...

Consume WS-* Web Service with Flash?

Can Flash consume web services that embed WS-* such as WS-Security? The services are actually WCF services with .NET using WsHttpBinding... I need the security features of WS. ...

Example of SOAP request authenticated with WS-UsernameToken

I'm trying to authenticate a SOAP request using WS-UsernameToken spec, but the target device is always denying access. My non-working request looks like this. (The password I'm trying to hash is system.) <?xml version="1.0" encoding="UTF-8"?> <Envelope xmlns="http://www.w3.org/2003/05/soap-envelope"&gt; <Header> <Security xmlns="http...

WSS4J kills SOAP envelope when used with SSL

I am trying to consume a .NET web service (secured with SSL and WS-Security - UsernameToken) with Axis (in Java). I don't operate the service, I'm just building the client. The operator of the service turned off SSL and WS-Security, and we got everything communicating properly. Then, they turned SSL on, and everything was still workin...

Invalid or Expired Security Context Token

I am trying to write a client to consume a .NET service secured through https and WS-security. (I don't have control over the server.) We got everything communicating properly when we drop SSL and WS-security; then we got everything communicating properly when we added SSL. Now we're trying to add WS-security, and can't get it to work....

Java ME consuming .NET Web Service the safe way

Hi Gurus I'm developing an application for Blackberry that consumes .NET Web Services that are hosted on our public web server. We are using JSON as our data interchange format. So far we have been testing the application and everything is working fine but there is one big thing to solve: the .NET web services are public. If you go to...

Axis2 problem: WSHandler: Check Signature confirmation: stored SV vector not empty

I have problem with querying webservice which uses WS-Security. I use code creadted by axis2 with rampard module which implements WS-Security. I think I make good query and I got response, but that response have something my client do not understand. Exception look like: INFO [main] (?:?) - Verification successful for URI "#element-113...

WCF - Java web service interop - Signed outgoing message not accepted

Hi, I try to sign a message using a certificate and a private key to call a java (JBoss) web service, but the server refuses to accept my signed message. It only echoes back the same message that I've sent. I have successfully signed the outgoing message using the certificate, and the structure of the message look alright when I compar...

Using certificates in a client-application consuming a web service

I am implementing a VB.NET desktop application which consumes a web service. The web service implemented in Java and I currently using Tomcat on my localhost to host the web service. The web service requires secure communication with the client and so I have followed instructions that outlined how to use Java's keytool.exe to create tw...

How do I get the login creditials passed to the JAX-WS service client with is associated policy sets and bindings in Rational/WebSphere tooling

I am specifically using WebSphere Integration Developer V7, but I also could be using Rational Software Architect V 7.5.1 (as I have both). Context: I am trying to create a JAX-WS client to call into the Human Task Manager and Business Flow Manager services in WebSphere Process Server V7, that are exposed via JAX-WS. By default they hav...

WCF Service with WS-Security requires Signed Timestamp only

I need to provide a service to a third-party that will be sending soap messages with a signed Timestamp.. How can I configure my service to support this? UPDATE I've managed to get close to the format of the Soap message that we're after but WCF insists on signing both the username and the timestamp tokens, Is there a way to modify the...

WS security Coldfusion

Working on a docuSign integration with Coldfusion and need assistance in making the SOAP request using WS security. ...

Cannot engage module rampart, not sending security details

Hi all, I'm using eclipse with WTP plugin for creating a client to call secure web service. I have used web service client wizard to generate the client and now I want to configure apache rampart in the eclipse project to call the service protected with username token the error is "can not engage module rampart". -------- update ----...