Jon, One more suggestion: can I try to produce a small HowTo for the web site ?
Jean-Louis Jonathan Gallimore-2 wrote: > > I've fired this up and run the tests. It looks really good to me - many > thanks for this! If you're happy to add this patch to jira OPENEJB-1004 > I'm > happy to get it committed. > > Do you think it would be ok to include the keys I generated from your > batch > file, so that people can just do the usual 'mvn test' without any extra > work > for the test in the example project to work (I'd keep the batch file as > well > as I think its useful)? > > Jon > > On Mon, Mar 30, 2009 at 1:24 PM, Jean-Louis MONTEIRO < > [email protected]> wrote: > >> >> Hi Jonathan, >> >> I spent some time this week end to get WS-Security integrated. >> Sorry in advance because I changed some of your co >> http://www.nabble.com/file/p22782120/patch-ws-security.txt >> patch-ws-security.txt de (but it allowed me to go faster). >> >> I enhanced the sample application to illustrate how to use WS-Security. >> Here is a patch file with all changes. >> >> Please, can you apply it on your local working copy and have a look on >> tests >> ? >> I think you can launch the CalculatorTest test case from the >> webservice-ws-security project. >> >> It would be very nice to have some feedback. >> @David: for the moment, no special properties management has been done. >> >> Jean-Louis >> >> >> >> Jonathan Gallimore-2 wrote: >> > >> > I really like the idea of this configuration. >> > >> > I think David's point is a good one - I don't know how bean specific >> these >> > properties are, but if you want to use a set of properties for more >> than >> > one >> > webservice I guess we could have a node with the global webservice >> > security >> > config for the app, with any bean specific properties defined >> overriding >> > this. >> > >> > I guess I'm thinking of something along the lines of: >> > >> > <openejb-jar xmlns="http://openejb.apache.org/xml/ns/openejb-jar-2.2";> >> > <global-ws-security> >> > <configuration> >> > wss4j.in.action = Encrypt Signature >> > wss4j.in.signaturePropFile = path to file/CalculatorSecurity.properties >> > wss4j.in.encryptionPropFile = path to >> file/CalculatorSecurity.properties >> > >> > wss4j.out.action = Encrypt Signature >> > wss4j.out.signaturePropFile = path to >> file/CalculatorSecurity.properties >> > wss4j.out.encryptionPropFile = path to >> file/CalculatorSecurity.properties >> > wss4j.out.user = something >> > wss4j.out.encryptionUser = bod >> > wss4j.out.signatureKeyIdentifier = DirectReference >> > wss4j.out.encryptionSymAlgorithm = >> > http://www.w3.org/2001/04/xmlenc#tripledes-cbc >> > ... >> > </configuration> >> > </global-ws-security> >> > >> > <enterprise-beans> >> > <session> >> > <ejb-name>CalculatorImpl</ejb-name> >> > <web-service-security> >> > <security-realm-name/> >> > <transport-guarantee>NONE</transport-guarantee> >> > <auth-method>WS-SECURITY</auth-method> >> > >> > <configuration> >> > wss4j.some_bean_specific_property = foo >> > ... >> > </configuration> >> > >> > </web-service-security> >> > </session> >> > </enterprise-beans> >> > </openejb-jar> >> > >> > I'm very happy to help with some of the code and/or testing. >> > >> > Cheers, >> > >> > Jon >> > >> > On Fri, Mar 20, 2009 at 4:57 PM, David Blevins >> > <[email protected]>wrote: >> > >> >> On Mar 20, 2009, at 8:13 AM, Jean-Louis MONTEIRO wrote: >> >> >> >> <openejb-jar >> xmlns="http://openejb.apache.org/xml/ns/openejb-jar-2.2";> >> >>> <enterprise-beans> >> >>> <session> >> >>> <ejb-name>CalculatorImpl</ejb-name> >> >>> <web-service-security> >> >>> <security-realm-name/> >> >>> <transport-guarantee>NONE</transport-guarantee> >> >>> <auth-method>WS-SECURITY</auth-method> >> >>> >> >>> <configuration> >> >>> wss4j.in.action = Encrypt Signature >> >>> wss4j.in.signaturePropFile = path to >> file/CalculatorSecurity.properties >> >>> wss4j.in.encryptionPropFile = path to >> file/CalculatorSecurity.properties >> >>> >> >>> wss4j.out.action = Encrypt Signature >> >>> wss4j.out.signaturePropFile = path to >> file/CalculatorSecurity.properties >> >>> wss4j.out.encryptionPropFile = path to >> >>> file/CalculatorSecurity.properties >> >>> wss4j.out.user = something >> >>> wss4j.out.encryptionUser = bod >> >>> wss4j.out.signatureKeyIdentifier = DirectReference >> >>> wss4j.out.encryptionSymAlgorithm = >> >>> http://www.w3.org/2001/04/xmlenc#tripledes-cbc >> >>> ... >> >>> </configuration> >> >>> >> >>> </web-service-security> >> >>> </session> >> >>> </enterprise-beans> >> >>> </openejb-jar> >> >>> >> >> >> >> I'm curious on how bean specific that above configuration is. If I >> have >> >> say 10 web services that need to be secured, which properties will >> likely >> >> be >> >> the same and which would I typically want to be different? Just >> >> wondering >> >> if we'll want some more general way to setup the security in addition >> to >> >> 100% bean defined. >> >> >> >> -David >> >> >> >> >> >> >> >> >> > >> > >> http://www.nabble.com/file/p22782120/patch-ws-security.txt >> patch-ws-security.txt >> -- >> View this message in context: >> http://www.nabble.com/Re%3A-Securing-a-webservice-tp22265166p22782120.html >> Sent from the OpenEJB Dev mailing list archive at Nabble.com. >> >> > > -- View this message in context: http://www.nabble.com/Re%3A-Securing-a-webservice-tp22265166p22845394.html Sent from the OpenEJB Dev mailing list archive at Nabble.com.
