Return-Path: 
 <axis-user-return-38101-apmail-ws-axis-user-archive=ws.apache.org@ws.apache.org>
Delivered-To: apmail-ws-axis-user-archive@www.apache.org
Received: (qmail 90479 invoked from network); 4 Nov 2005 17:16:19 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199)
  by minotaur.apache.org with SMTP; 4 Nov 2005 17:16:19 -0000
Received: (qmail 96973 invoked by uid 500); 4 Nov 2005 17:16:10 -0000
Delivered-To: apmail-ws-axis-user-archive@ws.apache.org
Received: (qmail 96095 invoked by uid 500); 4 Nov 2005 17:16:07 -0000
Mailing-List: contact axis-user-help@ws.apache.org; run by ezmlm
Precedence: bulk
Reply-To: axis-user@ws.apache.org
list-help: <mailto:axis-user-help@ws.apache.org>
list-unsubscribe: <mailto:axis-user-unsubscribe@ws.apache.org>
List-Post: <mailto:axis-user@ws.apache.org>
List-Id: <axis-user.ws.apache.org>
Delivered-To: mailing list axis-user@ws.apache.org
Received: (qmail 96084 invoked by uid 99); 4 Nov 2005 17:16:07 -0000
Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 04 Nov 2005 09:16:07 -0800
X-ASF-Spam-Status: No, hits=0.0 required=10.0
	tests=HTML_MESSAGE,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (asf.osuosl.org: domain of soactive@gmail.com designates
 66.249.82.199 as permitted sender)
Received: from [66.249.82.199] (HELO xproxy.gmail.com) (66.249.82.199)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 04 Nov 2005 09:16:02 -0800
Received: by xproxy.gmail.com with SMTP id i32so45917wxd
        for <axis-user@ws.apache.org>; Fri, 04 Nov 2005 09:15:46 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references;
        b=oY5KGfZEluWW4gbtTTsI7ufGrwnkBFp0Ty2B+Odd/8ugt7l9PvCR9PpkMPY1KDrvfYE4/kqGPZggnPnaBybf46SY2kqrlb46/4yKE/ald6u32qNha+00UrGRQwVBAPVfO4uw7eNnfTMQ381WegbEtPfd57L7ZRxC464lVwHrh3g=
Received: by 10.11.117.36 with SMTP id p36mr22942cwc;
        Fri, 04 Nov 2005 09:15:46 -0800 (PST)
Received: by 10.11.117.40 with HTTP; Fri, 4 Nov 2005 09:15:46 -0800 (PST)
Message-ID: <aedf73d30511040915p5f937dc3vc46e0da3fe57dda9@mail.gmail.com>
Date: Fri, 4 Nov 2005 09:15:46 -0800
From: Soactive Inc <soactive@gmail.com>
To: axis-user@ws.apache.org, acronce@earthlink.net
Subject: Re: WSS4J vs. Apache XML security for digital signatures?
In-Reply-To: <436B8B42.2020701@earthlink.net>
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_Part_5281_8412959.1131124546436"
References: <436B8B42.2020701@earthlink.net>
X-Virus-Checked: Checked by ClamAV on apache.org
X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N

------=_Part_5281_8412959.1131124546436
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

I use the following links to help me understand and implement Web Service
security for Axis-based services and they work pretty well. I would advise
against using XML security directly if you are not used to dealing with the
intricacies of security for XML. The WSS4J abstraction is meant to shield
you from doing just that and also to easily comply with the WS-Security
standard:

- http://ws.apache.org/wss4j/axis.html

- http://wiki.apache.org/ws/FrontPage/WsFx/wss4jParameters

- http://ws.apache.org/wss4j/package.html

-Arun

On 11/4/05, Allen Cronce <acronce@earthlink.net> wrote:
>
> Hi all,
>
> I'm interested in adding digital signatures to our Axis 1.3 based soap
> service. Originally I had assumed that I would use WSS4J (or something
> like it) to do implement this. But the Axis example code uses Apache XML
> Security directly, via a sample helper class called SignedSOAPEnvelope.
> And posts to this list seem to be split in their recommendations.
>
> Can anyone with practical experience adding security to their Axis
> service comment on the best overall direction to proceed?
>
> Best regards,
> --
> Allen Cronce
>

------=_Part_5281_8412959.1131124546436
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

I use the following links to help me understand and implement Web
Service security for Axis-based services and they work pretty well. I
would advise against using XML security directly if you are not used to
dealing with the intricacies of security for XML. The WSS4J abstraction
is meant to shield you from doing just that and also to easily comply
with the WS-Security standard:<br>
<br>
- <a href=3D"http://ws.apache.org/wss4j/axis.html">http://ws.apache.org/wss=
4j/axis.html</a><br>
<br>
- <a href=3D"http://wiki.apache.org/ws/FrontPage/WsFx/wss4jParameters">http=
://wiki.apache.org/ws/FrontPage/WsFx/wss4jParameters</a><br>
<br>
- <a href=3D"http://ws.apache.org/wss4j/package.html">http://ws.apache.org/=
wss4j/package.html</a><br>
<br>-Arun<br>
<br><div><span class=3D"gmail_quote">On 11/4/05, <b class=3D"gmail_senderna=
me">Allen Cronce</b> &lt;<a href=3D"mailto:acronce@earthlink.net">acronce@e=
arthlink.net</a>&gt; wrote:</span><blockquote class=3D"gmail_quote" style=
=3D"border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; p=
adding-left: 1ex;">
Hi all,<br><br>I'm interested in adding digital signatures to our Axis 1.3 =
based soap<br>service. Originally I had assumed that I would use WSS4J (or =
something<br>like it) to do implement this. But the Axis example code uses =
Apache XML
<br>Security directly, via a sample helper class called SignedSOAPEnvelope.=
<br>And posts to this list seem to be split in their recommendations.<br><b=
r>Can anyone with practical experience adding security to their Axis<br>
service comment on the best overall direction to proceed?<br><br>Best regar=
ds,<br>--<br>Allen Cronce<br></blockquote></div><br>

------=_Part_5281_8412959.1131124546436--