Re: WSS Web Services with Eclipse

Mon, 03 Aug 2009 09:50:40 -0700 

Hi Lorenzo,
You can see my recent articles on developerWorks for examples of using policy-based WS-Security with Axis2/Rampart: 

http://www.ibm.com/developerworks/java/library/j-jws4/index.html?S_TACT=105AGX02&S_CMP=EDU
http://www.ibm.com/developerworks/java/library/j-jws5/index.html?S_TACT=105AGX02&S_CMP=EDU
http://www.ibm.com/developerworks/java/library/j-jws6/index.html?S_TACT=105AGX02&S_CMP=EDU


I've got another one coming out tomorrow which also discusses working 
with WS-Policy security configurations embedded directly in WSDL, which 
is the preferred approach - but with Axis2 1.4.1 you're probably best 
off using the approach discussed in the articles, where you extract the 
WS-Policy security configuration from the WSDL and attach it directly 
(on the client side) or embed it in the generated services.xml 
configuration (on the server side). There is no Rampart release for 
Axis2 1.5 as of yet.


 - Dennis

--
Dennis M. Sosnoski
Java XML and Web Services
Axis2 Training and Consulting
http://www.sosnoski.com - http://www.sosnoski.co.nz
Seattle, WA +1-425-939-0576 - Wellington, NZ +64-4-298-6117


Lorenzo Carnevale wrote:

Hello Everybody,

I have succesfully created a web service deployed on Tomcat with Axis, 
using only the graphic tools
of Eclipse: I created the WSDL and then I generated the skeleton from 
it. Then I implemented my methods in the skeleton.



The problem is that now I have been asked to implement WSS security on 
it. I have a few tutorials, must of them relying on adding "handlers" 
to axis to process the tokens. The problem is: this kind of security 
will be "visibile" from the wsdl?



My company provided me the wsdl of a service already "working" with 
wss. This wsdl contains tags like these:


<wsp:Policy wsu:Id="WSHttpBinding_InnWSDB_policy">
   <wsp:ExactlyOne>
       <wsp:All>

           <sp:SymmetricBinding 
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>

               <wsp:Policy>
                   <sp:ProtectionToken>
                       <wsp:Policy>
                           <sp:SecureConversationToken >....



What I am trying to say here is that somehow the "contract" of the 
security is v isibile via wsdl rather than hidden back-end filters.



I am a bit confused because I have no idea on what is the fastest 
strategy to apply security to my web services....
























					Reply via email to