geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject [CONF] Apache Geronimo v2.2 > Securing Web Service
Date Tue, 18 Aug 2009 02:50:00 GMT
    <base href="">
            <link rel="stylesheet" href="/confluence/s/1519/1/1/_/styles/combined.css?spaceKey=GMOxDOC22&amp;forWysiwyg=true"
<body style="background-color: white" bgcolor="white">
<div id="pageContent">
<div id="notificationFormat">
<div class="wiki-content">
<div class="email">
    <h2><a href="">Securing
Web Service</a></h2>
    <h4>Page  <b>added</b> by             <a href="">Ying
    <div class="notificationGreySide">
         <p>Web Service security (WS-security) is an SOAP-based security standard that
provides web services with message-level integrity, confidentiality and authentication. <br/>
With WS-security, the Simple Object Access Protocol (SOAP) message contains a SOAP header,
which includes signature, encryption information, protocols for processing the secured information,
and security tokens for credential propagation.</p>

<p>Geronimo 2.2 has two WS-security providers: Axis2 for Tomcat Web container and CXF
for Jetty. They enable the following WS-security features in Web service development for Geronimo:</p>
	<li><b>XML Security</b>  - allowsa one to send along with the message a
digital signature of it, which assures that no one modified the message content between the
sender and receiver.</li>
	<li><b>XML Encryption</b> -allows one to encrypt the message body or only
its part using the given cryptography algorithm.</li>
	<li><b>Username Tokens</b> - adds username and password values to the message
	<li><b>Security Assertions Markup Language (SAML) Tokens</b> - configured
on web services via Geronimo deployment descriptors and/or annotations.</li>
	<li><b>Timestamps</b> - specifies how long the security data remains valid.</li>

    <div id="commentsSection" class="wiki-content pageSection">
       <div style="float: right;">
            <a href=""
class="grey">Change Notification Preferences</a>
       <a href="">View
       <a href=";showCommentArea=true#addcomment">Add

View raw message