axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ben Anderson <>
Subject Re: adding security to webservices in axis
Date Fri, 29 Oct 2004 22:07:05 GMT
is wss4j even usable at this point?  I downloaded the source
yesterday, but it wouldn't build.

On Fri, 29 Oct 2004 13:04:34 -0400, Greg Michalopoulos
<> wrote:
> Check out wss4j from Apache (  This is an
> implementation of the WS-Security spec.  Documentation is a little weak at
> this point in time, but I was about to use the UsernameToken in the SOAP
> header and a password callback class to authenticate a user making a
> request.  The spec outlines ways to encrypt and sign SOAP messages as well.
> Greg 
> -----Original Message-----
> From: Wagle, Shriniwas []
> Sent: Friday, October 29, 2004 10:23 AM
> To:
> Subject: RE: adding security to webservices in axis
> We implemented security at the transport level using SSL with
> client-authentication.
> The good thing about this is the web services code does not have to deal
> with security related aspects at all.  It works well, and in a predictable
> manner.
> We had a binary level of security - either a client can invoke the web
> service or not.  We didn't have tiered security or diff levels of
> authorization.  Having to deal with that will complicate this solution.
> The negative aspect is the overhead in managing all the certs and keys
> floating around and ensuring the security policy is well understood and
> adhered to.
> The latest JAX RPC comes with message level security.  You might want to
> explore that but I believe the standardization in that area is not yet
> complete.  So not sure about the level of interoperability needs on your
> project and the impact of using something non-standard.
> -----Original Message-----
> From: Marco Mistroni []
> Sent: Thursday, October 28, 2004 4:43 AM
> To:
> Subject: adding security to webservices in axis
> Hello all,
>         I have a question for axis mailing list..
> I would like to add security to my axis webservice, and I am looking For
> tips..
> What I want to avoid is to going and modify the web.xml in tomcat for adding
> Users....
> I am sure that there is at least someone on this list which came across This
> problem...
> Any hints will be appreciated...
> Thanks in advance and regards
>         marco

View raw message