Hi,
I'm starting out doing some experimenting with WS-Security and i'm running into
a few problems/questions.
I want 2 things.
First I want to do some authentication.
And second I want to sign the message i've send to the server.
For authentication I was thinking about Jaas. So I did the following on the
client side:
((Stub)port)._setProperty(javax.xml.rpc.Stub.USERNAME_PROPERTY, "me");
((Stub)port)._setProperty(javax.xml.rpc.Stub.PASSWORD_PROPERTY, "myPassword");
I've configured my ejb based web service by configuring the ejb-jar.xml file.
This works great.
Now, I also want to sign my message using ws-security by adding
to the jboss-wsse-server.xml file.
This also works.
But now:
- How do I know that the signature belongs to the person that logs in using the
username/password properties?
- I've seen there is no in the schema for the jboss-wsse-server.xml config
file that could also do this instead of using the Basic Auth in the HTTP
header. Howcome?
I in fact want to do some authentication using a x509 certificate in the sense
that the user is able to use the web service if it is known in the truststore
of the server. Can somebody give me some directions on how I could do this?
I have some experience using xws-security from Sun's JWSDP, but I would like to
learn how I can transform some things to JBoss.
All help/directions are welcome!
Greetings,
Kristof.
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3965827#3965827
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3965827
_______________________________________________
jboss-user mailing list
[email protected]
https://lists.jboss.org/mailman/listinfo/jboss-user
