is wss4j even usable at this point? I downloaded the source yesterday, but it wouldn't build.
On Fri, 29 Oct 2004 13:04:34 -0400, Greg Michalopoulos <[EMAIL PROTECTED]> wrote: > Check out wss4j from Apache (http://ws.apache.org/ws-fx/wss4j/). This is an > implementation of the WS-Security spec. Documentation is a little weak at > this point in time, but I was about to use the UsernameToken in the SOAP > header and a password callback class to authenticate a user making a > request. The spec outlines ways to encrypt and sign SOAP messages as well. > > Greg > > > > -----Original Message----- > From: Wagle, Shriniwas [mailto:[EMAIL PROTECTED] > Sent: Friday, October 29, 2004 10:23 AM > To: [EMAIL PROTECTED] > Subject: RE: adding security to webservices in axis > > We implemented security at the transport level using SSL with > client-authentication. > The good thing about this is the web services code does not have to deal > with security related aspects at all. It works well, and in a predictable > manner. > We had a binary level of security - either a client can invoke the web > service or not. We didn't have tiered security or diff levels of > authorization. Having to deal with that will complicate this solution. > > The negative aspect is the overhead in managing all the certs and keys > floating around and ensuring the security policy is well understood and > adhered to. > > The latest JAX RPC comes with message level security. You might want to > explore that but I believe the standardization in that area is not yet > complete. So not sure about the level of interoperability needs on your > project and the impact of using something non-standard. > > -----Original Message----- > From: Marco Mistroni [mailto:[EMAIL PROTECTED] > Sent: Thursday, October 28, 2004 4:43 AM > To: [EMAIL PROTECTED] > Subject: adding security to webservices in axis > > Hello all, > I have a question for axis mailing list.. > I would like to add security to my axis webservice, and I am looking For > tips.. > What I want to avoid is to going and modify the web.xml in tomcat for adding > Users.... > I am sure that there is at least someone on this list which came across This > problem... > > Any hints will be appreciated... > > Thanks in advance and regards > marco > >
