axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ben Anderson <benanderson...@gmail.com>
Subject Re: adding security to webservices in axis
Date Fri, 29 Oct 2004 22:07:05 GMT
is wss4j even usable at this point?  I downloaded the source
yesterday, but it wouldn't build.


On Fri, 29 Oct 2004 13:04:34 -0400, Greg Michalopoulos
<gmichalopoulos@d2hawkeye.com> wrote:
> Check out wss4j from Apache (http://ws.apache.org/ws-fx/wss4j/).  This is an
> implementation of the WS-Security spec.  Documentation is a little weak at
> this point in time, but I was about to use the UsernameToken in the SOAP
> header and a password callback class to authenticate a user making a
> request.  The spec outlines ways to encrypt and sign SOAP messages as well.
> 
> Greg 
> 
> 
> 
> -----Original Message-----
> From: Wagle, Shriniwas [mailto:Shriniwas_Wagle@sra.com]
> Sent: Friday, October 29, 2004 10:23 AM
> To: axis-user@ws.apache.org
> Subject: RE: adding security to webservices in axis
> 
> We implemented security at the transport level using SSL with
> client-authentication.
> The good thing about this is the web services code does not have to deal
> with security related aspects at all.  It works well, and in a predictable
> manner.
> We had a binary level of security - either a client can invoke the web
> service or not.  We didn't have tiered security or diff levels of
> authorization.  Having to deal with that will complicate this solution.
> 
> The negative aspect is the overhead in managing all the certs and keys
> floating around and ensuring the security policy is well understood and
> adhered to.
> 
> The latest JAX RPC comes with message level security.  You might want to
> explore that but I believe the standardization in that area is not yet
> complete.  So not sure about the level of interoperability needs on your
> project and the impact of using something non-standard.
> 
> -----Original Message-----
> From: Marco Mistroni [mailto:mmistroni@waersystems.com]
> Sent: Thursday, October 28, 2004 4:43 AM
> To: axis-user@ws.apache.org
> Subject: adding security to webservices in axis
> 
> Hello all,
>         I have a question for axis mailing list..
> I would like to add security to my axis webservice, and I am looking For
> tips..
> What I want to avoid is to going and modify the web.xml in tomcat for adding
> Users....
> I am sure that there is at least someone on this list which came across This
> problem...
> 
> Any hints will be appreciated...
> 
> Thanks in advance and regards
>         marco
> 
>

Mime
View raw message