axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dittmann Werner <werner.dittm...@siemens.com>
Subject AW: AW: AW: WSS4J - WS-Security Implementation
Date Fri, 31 Oct 2003 07:05:24 GMT
Glen,

easy. WSS4J is (will be :-)  ) an implementation of the OASIS
WS Security specifications and is mainly based on the Apache
XML Sceurity project.

WSS4J takes SOAP Envelopes and signs and/or encrypts the contents
of it (also decrypts/verifies). Thus it is a generic tools that
works on SOAP Enevlopes only and this is independent of Axis.

To use WSS4J there are Axis handlers in the request/response
flow that take the SOAP Envelope of the message and let it
process by WSS4J.

And yes - there are very expensive transformations happening
during that siging/encryption processing. That is the way the
XML security is specified - you know: security is expensive :-)

Regards,
Werner

> -----Urspr√ľngliche Nachricht-----
> Von: Glen Daniels 
> [mailto:glen+dated+1067967027.d224f4@thoughtcraft.com] 
> Gesendet: Donnerstag, 30. Oktober 2003 18:30
> An: axis-dev@ws.apache.org; dims@yahoo.com
> Betreff: Re: AW: AW: WSS4J - WS-Security Implementation
> 
> 
> Hm - let me make sure I'm understanding this correctly 
> (apologies if I'm
> not).
> 
> What exactly does this implementation DO if it's not coupled to Axis
> (disclaimer - I have not looked at the code yet)?  There are 
> entry points
> which take a SOAP envelope as a DOM or something, and then 
> spit out more
> DOM?  This seems really wrong to me if so - what's the point 
> of having a web
> service engine if we have to write extensions for it in some kind of
> genericized way which causes potentially expensive transformations...?
> 
> --Glen
> 
> ----- Original Message ----- 
> From: "Davanum Srinivas" <dims@yahoo.com>
> To: <axis-dev@ws.apache.org>
> Sent: Thursday, October 30, 2003 12:03 PM
> Subject: Re: AW: AW: WSS4J - WS-Security Implementation
> 
> 
> > +1. Sounds great!!!
> >
> > -- dims
> >
> > --- Dittmann Werner <werner.dittmann@siemens.com> wrote:
> > > an intermediate step was checked in by Dims yesterday.
> > > As soon as I'm ready with the split I will hand it
> > > over for checkin.
> > >
> > > However, I didn't enhance the wss4j functions, just
> > > "decoupled" it from basic Axis. The wss4j enhancements
> > > are next.
> > >
> > > Regards,
> > > Werner
> > >
> > > > -----Urspr√ľngliche Nachricht-----
> > > > Von: Aleksander Slominski [mailto:aslom@cs.indiana.edu]
> > > > Gesendet: Donnerstag, 30. Oktober 2003 17:13
> > > > An: axis-dev@ws.apache.org
> > > > Betreff: Re: AW: WSS4J - WS-Security Implementation
> > > >
> > > >
> > > > Dittmann Werner wrote:
> > > >
> > > > >Dims,
> > > > >
> > > > >I hacked the wss4j basic code to be independent of Axis, i.e
> > > > >all files in org/apache/ws/security except the *Handler.java
> > > > >files do not contain any refences to basic Axis 
> classes anymore.
> > > > >
> > > > >After that I would propose to move the Axis dependent handlers
> > > > >to a spearate directory. My idea is to move them to a 
> new directory
> > > > >"org/apache/ws/Axis" (probably with a substructure) so that
> > > > >org/apache/ws/security/* contains the pure wss4j 
> implementation.
> > > > >
> > > > >
> > > > >Any ideas?
> > > > >
> > > > >
> > > > hi Werner,
> > > >
> > > > i think this is great step in direction of making 
> things modular and
> > > > pluggable. did you put updated code somewhere?
> > > >
> > > > thanks,
> > > >
> > > > alek
> > > >
> > > > -- 
> > > > If everything seems under control, you're just not going fast
> > > > enough. -Mario Andretti
> > > >
> > > >
> >
> >
> > =====
> > Davanum Srinivas - http://webservices.apache.org/~dims/
> >
> >
> 

Mime
View raw message