[
https://issues.apache.org/jira/browse/GERONIMO-4642?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12743746#action_12743746
]
Rahul Mehta edited comment on GERONIMO-4642 at 8/15/09 1:45 PM:
----------------------------------------------------------------
Hello Devs,
This patch allows to set the ws-security at the service side in CXF/Jetty. This
is done through by passing the properties file in the geronimo-web.xml.
Note: please apply UsernameToken_ServerSide[2].txt patch before this patch.
This patch (X509SigningEncrytion_ServerSide_CXF.txt) might have some duplicate
code of CXFEndpoint.java, as it is contained in both the patches.
But indeed David Jencks suggested a better approach for setting X509
sign/encrypt security with the use of geronimo built in security. I will move
on this to figure it out.
we can use something like this in the geronimo-web.xml at the service side:
<servlet>
<servlet-name>DoubleItServiceImpl</servlet-name>
<ws-security-binding>
<security-realm-name></security-realm-name>
<property name="wss4j.in.action">Signature Encrypt Timestamp</property>
<property name="wss4j.in.user">myservicekey</property>
<property name="wss4j.in.keyPassword">skpass</property>
<property
name="wss4j.in.signaturePropFile">serviceKeystore.properties</property>
<property
name="wss4j.in.decryptionPropFile">serviceKeystore.properties</property>
<property name="wss4j.out.action">Signature Encrypt Timestamp</property>
<property name="wss4j.out.user">myservicekey</property>
<property
name="wss4j.out.signaturePropFile">serviceKeystore.properties</property>
<property
name="wss4j.out.encryptionPropFile">serviceKeystore.properties</property>
<property name="wss4j.out.encryptionUser">myclientkey</property>
<property
name="wss4j.out.signatureKeyIdentifier">DirectReference</property>
<property name="wss4j.out.keyPassword">skpass</property>
<property
name="wss4j.out.encryptionSymAlgorithm">http://www.w3.org/2001/04/xmlenc#tripledes-cbc</property>
</ws-security-binding>
</servlet>
Jarek, should we make the <security-realm-name> tag optional in the xsd?
Many Thanks to Jarek and community members for the help.
Rahul
was (Author: rahul.soa):
Hello Devs,
This patch allows to set the ws-security at the service side in CXF/Jetty. This
is done through by passing the properties file in the geronimo-web.xml.
Note: please apply UsernameToken_ServerSide[2].txt patch before this patch.
This patch (X509SigningEncrytion_ServerSide_CXF.txt) might have some duplicate
code of CXFEndpoint.java, as it is contained in both the patches.
But indeed David Jencks suggested a better approach for setting X509
sign/encrypt security with the use of geronimo built in security. I will move
on this to figure it out.
Many Thanks to Jarek and community members for the help.
Rahul
> "WS-Security support for JAX-WS Web Services"
> ---------------------------------------------
>
> Key: GERONIMO-4642
> URL: https://issues.apache.org/jira/browse/GERONIMO-4642
> Project: Geronimo
> Issue Type: New Feature
> Security Level: public(Regular issues)
> Components: webservices
> Environment: Apache Geronimo, Apache CXF, Apache Axis2, Ws-Security,
> Web Services, Java, Linux
> Reporter: Rahul Mehta
> Priority: Minor
> Attachments: RampartToAxis2.txt, site.patch, usernameToken.patch,
> usernameToken[2].patch, UsernameToken_ServerSide[2].txt,
> X509SigningEncrytion_CXF.txt, X509SigningEncrytion_ServerSide_CXF.txt
>
> Original Estimate: 2016h
> Remaining Estimate: 2016h
>
> To integrate and enable the WS-Security features of Apache Axis2 and Apache
> CXF in Apache Geronimo:
> ----------------------------------------------------------------------------------------------------------------------------------------------
> Apache Geronimo supports two JAX-WS providers: Axis2 and CXF and both of
> these libraries have some WS-Security features. But these features are not
> integrated/enabled in Geronimo. So the goal is to enable these features from
> within Geronimo. That involves basically two things:
> 1) that the modules (i.e. WSS4J) that provide the WS-Security features for
> Axis2 and CXF are installed with Geronimo, and
> 2) that the WS-Security features such as [XML Security ('XML Signature' -
> allows one to send along with the message a digital signature of it, which
> assures that no one modified the message content between the sender and
> receiver, 'XML Encryption' -allows one to encrypt the message body or only
> its part using the given cryptography algorithm) and Tokens ('Username
> Tokens' - WS-Security scenario adds username and password values to the
> message header, 'Timestamps' - Timestamps specify how long the security data
> remains valid, 'SAML Tokens')] can be enabled and configured on web services
> via Geronimo deployment descriptors and/or annotations. For example, given
> some web service that is annotated with @WebService; so to ensure that the
> service only accepts WS-Security -secured messages, it should be something
> like "to add @WS-Security annotation".
> Further in detail, we can consider WS-Security policies which can be applied
> to the SOAP messages that pass between web services and web service controls.
> A WS-Security is controlled in WS-Security policy files. The WS-Security
> policy file (WSSE file) defines the security policy applied to the SOAP
> messages that pass between web services and their clients.[1]
> So we can use something like following annotation @WS-Security
> file="MyWebServicePolicy.wsse" Example: @WebService @WS-Security
> file="MyWebServicePolicy.wsse"
> public class xyz
> The @WS-Security annotation determines the WS-Security policy file (WSSE) to
> be applied to (1) incoming SOAP invocations of the web service's methods and
> (2) the outgoing SOAP messages containing the value returned by the web
> service's methods.[1]. The attribute file in the above mentioned annotation
> specifies the path to the WS-Security policy file (WSSE file -
> MyWebServicePolicy.wsse) used by the web service.
> Besides configuring WS-Security properties for web services we also need to
> configure the same sort of properties for Web Service references
> (@WebServiceRef) so that clients can also make WS-Security secured calls.
> In addition, I think we can also define some security feature something like
> SecurityFeature similar to other WebService Feature(s) such as
> AddressingFeature, MTOMFeature and RespectBindingFeature . This new feature
> can also have the "enabled property" like other features that is used to
> store whether a particular feature should be enabled or disabled. This type
> should provide either a constructor argument and/or a method that will allow
> the web service developer to set the enabled property. The meaning of enabled
> or disabled is determined by each individual WebServiceFeature. It is
> important that web services developers be able to enable/disable specific
> features when writing their web applications. [2]
> References:
> [1] [WWW] http://e-docs.bea.com/workshop/docs81/doc/en/core/index.html
> [2] [WWW] http://jcp.org/aboutJava/communityprocess/mrel/jsr224/index2.html
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
