I am implementing WS-Security using WSS4J and I'm trying to incorporate some support form of authorization. I have a global handler, defined in the <requestFlow>, which executes before every service. I need to determine, through the Axis MessageContext or otherwise, what class is mapped to the requested service. I want to delegate to ...
I have a spring web application with jsp pages that calls different web services and displays the results in a jsp page. The spring web application has username/login spring security attached to it. I am adding a call to a web service that handles security. For the WebServiceGateway, I added a security interceptor. (See below) <bean i...
I'm using WSS4J to add a Username token in the header of an already formed SOAP request envelope. Here is what the SOAP request looks like: <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://sample03.samples.rampart.apache.org/xsd"> <soapenv:Header/> <soapenv:Body> ...
We need to sign a SOAP message with a certificate in Websphere 7. Currently we are looking at using WSS4J from Apache and are approaching this in the java code itself. Does anyone have any experience signing SOAP messages in Websphere or otherwise? ...
NB-6.8 jdk-1.6.14 WSS4j-1.5.8 ,OpenSAML-2.3.0 I try to modify WSS4J-1.5.8 to operate SAML 2.0, and I could not insert a generated assertion to existing SOAP Header, the code like this: Assertion assertion = createAssertion("some subject", "some issuer"); Document doc = docBuilder.parse("request.xml"); Element parent = doc.getD...
I have run into an exasperating problem getting a Java service client to communicate successfully with a WCF service. I have overcome many hurdles, and I believe that this is my last one. The problem boils down to how Java Axis + WSS4J seem to handle xml namespaces. The Java platform seem to be very rigid in what they expect for xml name...
I have been provided with some documentation for connecting to a 3rd party system and a wsdl. The documentation says to generate the client code using WSDL2JAVA, which I have done. but now it says to encrypt the SOAP Envelope using a secret key (which I have been given) and I don't know much about encryption. Am I right in thinking W...
I have Web Service client code generated by WSDL2Java. I am trying to encrypt the Soap Envelope specifying a CallbackHandler in the wsdd. I've managed to set a username and password in plain text on the soap request, but I need to use a key instead (I have been given a .key file which seems to be a SecretKeySpec). I load the .key file,...
Scenario: Web-service producer have only SHA-1 hash of passwords stored in database. We need to authenticate Web-service users using User Name/Password combination. Web Services Security UsernameToken Profile allows us to add soap headers for this purpose: The element is introduced in the WSS: SOAP Message Security document...
I am trying to consume a .NET web service (secured with SSL and WS-Security - UsernameToken) with Axis (in Java). I don't operate the service, I'm just building the client. The operator of the service turned off SSL and WS-Security, and we got everything communicating properly. Then, they turned SSL on, and everything was still workin...
I am trying to write a client to consume a .NET service secured through https and WS-security. (I don't have control over the server.) We got everything communicating properly when we drop SSL and WS-security; then we got everything communicating properly when we added SSL. Now we're trying to add WS-security, and can't get it to work....
Hi, I have a WCF(3.5) client talking to a Java Web Service (Spring-WS, WSS4J), the client fails while recieving the response from server giving the following exception message Cannot read the token from the 'SignatureConfirmation' element with the 'http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd' namespace for Binary...