Hello Everybody,
I have succesfully created a web service deployed on Tomcat with Axis, using
only the graphic tools
of Eclipse: I created the WSDL and then I generated the skeleton from it.
Then I implemented my methods in the skeleton.
The problem is that now I have been asked to implement WSS security on it. I
have a few tutorials, must of them relying on adding "handlers" to axis to
process the tokens. The problem is: this kind of security will be "visibile"
from the wsdl?
My company provided me the wsdl of a service already "working" with wss.
This wsdl contains tags like these:
<wsp:Policy wsu:Id="WSHttpBinding_InnWSDB_policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:SymmetricBinding
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<wsp:Policy>
<sp:ProtectionToken>
<wsp:Policy>
<sp:SecureConversationToken >....
What I am trying to say here is that somehow the "contract" of the security
is v isibile via wsdl rather than hidden back-end filters.
I am a bit confused because I have no idea on what is the fastest strategy
to apply security to my web services....
