On Mar 20, 2009, at 8:13 AM, Jean-Louis MONTEIRO wrote:
<openejb-jar xmlns="http://openejb.apache.org/xml/ns/openejb-jar-2.2";>
<enterprise-beans>
<session>
<ejb-name>CalculatorImpl</ejb-name>
<web-service-security>
<security-realm-name/>
<transport-guarantee>NONE</transport-guarantee>
<auth-method>WS-SECURITY</auth-method>
<configuration>
wss4j.in.action = Encrypt Signature
wss4j.in.signaturePropFile = path to file/
CalculatorSecurity.properties
wss4j.in.encryptionPropFile = path to file/
CalculatorSecurity.properties
wss4j.out.action = Encrypt Signature
wss4j.out.signaturePropFile = path to file/
CalculatorSecurity.properties
wss4j.out.encryptionPropFile = path to file/
CalculatorSecurity.properties
wss4j.out.user = something
wss4j.out.encryptionUser = bod
wss4j.out.signatureKeyIdentifier = DirectReference
wss4j.out.encryptionSymAlgorithm =
http://www.w3.org/2001/04/xmlenc#tripledes-cbc
...
</configuration>
</web-service-security>
</session>
</enterprise-beans>
</openejb-jar>
I'm curious on how bean specific that above configuration is. If I
have say 10 web services that need to be secured, which properties
will likely be the same and which would I typically want to be
different? Just wondering if we'll want some more general way to
setup the security in addition to 100% bean defined.
-David
