I'm using digital signatures in a Web Service. I request that any client who calls the web service presents a digital certificate in the SOAP Header. This was highly based on the security sample provided with Axis.
But I'm having a hard time in defining the WSDL for this service, since the WSDL that Axis creates dinamically doesn't mention anything about security (and perhaps shouldn't, since I'm using global handlers). Anyway, the WSDL that clients read must somehow state that this service needs a digital signature element in the soap header, right? I've tried to place the following attribute in the <definitions> tag: xmlns:SOAP-SEC="http://schemas.xmlsoap.org/soap/security/2000-12"; plus the following elements in the appropriate sections: <message name="digitalSignature"> <part name="signature" ref="SOAP-SEC:Signature"/> </message> --------------------- <wsdlsoap:header use="literal" message="digitalSignature" part="signature" namespace="http://www.cidadebcp.pt/webservices/services/getDDAccounts"/> --------------------- But when I invoke wsdl2java, it states that "Type http://schemas.xmlsoap.org/soap/security/2000-12:Signature is referenced but not defined." For what I understand, I need to import this namespace and specify its location, as I did for a homemade one. But I can't even find it in the Internet. Has anyone had this problem? Is this the correct way for specifying security to clients? I'd rather have Axis dinamically generate the WSDL with security information. Many thanks, Nuno Guerreiro __________________________________________________ Do You Yahoo!? Yahoo! Health - Feel better, live better http://health.yahoo.com
