[
https://issues.apache.org/jira/browse/GERONIMO-5366?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Rahul Mehta updated GERONIMO-5366:
----------------------------------
Attachment: WebServiceSecurity_ClientSide.txt
Hello Jarek/Devs,
I am attaching a patch (WebServiceSecurity_ClientSide.txt) for the support of
WebService Security at Client side (in Apache Axis2/Tomcat) in Apache Geronimo.
Example: User can add the following in geronimo-web.xml at Client side to
enable the ws-security
<service-ref>
<service-ref-name>services/Calculator</service-ref-name>
<port>
<port-name>CalculatorPort</port-name>
<protocol>http</protocol>
<host>localhost</host>
<port>8080</port>
<uri>/GeronimoAxisService/calculator</uri>
<property name="wss4j.out.action">UsernameToken Timestamp</property>
<property name="wss4j.out.passwordType">PasswordText</property>
<property name="wss4j.out.user">system</property>
<property name="wss4j.out.password">manager</property>
</port>
</service-ref>
Following is the outgoing message intercepted by TCP Monitor:
POST /GeronimoAxisService/calculator HTTP/1.1
Content-Type: text/xml; charset=UTF-8
SOAPAction: "add"
User-Agent: Axis2
Host: localhost:8080
Transfer-Encoding: chunked
488
<?xml version='1.0' encoding='UTF-8'?><soapenv:Envelope
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";><soapenv:Header>
<wsse:Security
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
soapenv:mustUnderstand="1"><wsu:Timestamp
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
wsu:Id="Timestamp-24506741"><wsu:Created>2010-06-10T21:44:17.758Z</wsu:Created><wsu:Expires>2010-06-10T21:49:17.758Z</wsu:Expires></wsu:Timestamp><wsse:UsernameToken
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
wsu:Id="UsernameToken-19471836"><wsse:Username>system</wsse:Username><wsse:Password
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText";>manager</wsse:Password></wsse:UsernameToken></wsse:Security></soapenv:Header><soapenv:Body><dlwmin:add
xmlns:dlwmin="http://jws.samples.geronimo.apache.org";><value1
xmlns="http://jws.samples.geronimo.apache.org";>2</value1><value2
xmlns="http://jws.samples.geronimo.apache.org";>2</value2></dlwmin:add></soapenv:Body></soapenv:Envelope>
0
Please review this patch and apply it.
Many Thanks,
Rahul
> To enable the ws-security support in Axis2/Tomcat JAX-WS provider in Apache
> Geronimo
> ------------------------------------------------------------------------------------
>
> Key: GERONIMO-5366
> URL: https://issues.apache.org/jira/browse/GERONIMO-5366
> Project: Geronimo
> Issue Type: New Feature
> Security Level: public(Regular issues)
> Components: webservices
> Environment: Apache Geronimo, Apache Axis2, Apache Tomcat,
> WS-Security, Web Services, Java, Linux
> Reporter: Rahul Mehta
> Priority: Minor
> Attachments: RampartModule.txt
>
>
> Cross reference#GERONIMO-4642
> Hello Devs,
> This JIRA aims to enable the WS-Security support in "Apache Geronimo- in
> Axis2/Tomcat". During my Google summer of code project last year, I worked on
> setting up WS_Security in CXF/Jetty JAX-WS provider in Apache geronimo (plz
> have a look at GERONIMO-4642) and that is still ongoing. This JIRA is
> dedicated to Axis2/Tomcat JAX-WS provider.
> Some appropriate information about how to set up WS-Security is given in JIRA
> GERONIMO-4642.
> For axis2 part, we will first need Rampart module (based on WSS4J) as
> security module. I will first start pulling required rampart modules in the
> apache geronimo and then start with setting the client side out flow
> security. Later I will move to Server side inflow security.
> Look forward to seeing your feedbacks.
> Many Thanks,
> Rahul
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
