Over a million developers have joined DZone.
Platinum Partner

SOAP, WS-Security, Apache CXF, and Axis2 Linksheet

· Integration Zone

The Integration Zone is brought to you in partnership with 3scale. Take control of your APIs and get a free t-shirt when you complete the 3step Challenge

WS-Security Configuration

    <con:wssContainer>

    <con:crypto>
    <con:source>keystore.jks</con:source>
    <con:password>mypasswordiscool</con:password>
    <con:type>KEYSTORE</con:type>
    </con:crypto>
    <con:outgoing>
    <con:name>Outgoing</con:name>
    <con:entry type=”Username” username=”longcomplicateduser” password=”weirdRandomP@33w4rD!”>
    <con:configuration>
    <addCreated>true</addCreated>
    <addNonce>true</addNonce>
    <passwordType>PasswordDigest</passwordType>
    </con:configuration>
    </con:entry>
    <con:entry type=”Timestamp”>
    <con:configuration>
    <timeToLive>60</timeToLive>
    <strictTimestamp>true</strictTimestamp>
    </con:configuration>
    </con:entry>
    </con:outgoing>
    </con:wssContainer>

    <soap:Header>
    <wsse:Security soap:mustUnderstand=”true” xmlns:wsse=”http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd” xmlns:wsu=”http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd”><wsu:Timestamp wsu:Id=”TS-4″><wsu:Created>2013-05-01T19:52:45.639Z</wsu:Created><wsu:Expires>2013-05-01T19:53:45.639Z</wsu:Expires></wsu:Timestamp><wsse:UsernameToken wsu:Id=”UsernameToken-3″><wsse:Username>longcomplicateduser</wsse:Username><wsse:Password Type=”http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest”>weirdRandomP@33w4rD!</wsse:Password><wsse:Nonce EncodingType=”http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary”>dfdfdf</wsse:Nonce><wsu:Created>2013-05-01T19:52:45.638Z</wsu:Created></wsse:UsernameToken></wsse:Security>
    </soap:Header>

http://techdiary.bitourea.com/2007/03/step-by-step-tutorial-to-use-rampart.html

http://www.coderanch.com/t/422683/Web-Services/java/SOAP-Header-missing-Rampart-Axis

http://stackoverflow.com/questions/11794223/rampart-doesnt-add-necessary-headers-to-soap-envelope

SET AXIS2_HOME=/axis2-1.6.2
wsdl2java.bat -uri https://X.com?wsdl -o JavaPrj -p mypackage.is.cool -d xmlbeans -t -ss -ssi -sd -g -ns2p

System.setProperty(“javax.net.ssl.keyStore”, “/data/PkiCertificate/tomcatkeystore.jks”);
System.setProperty (“javax.net.ssl.keyStorePassword”, “changeit”);
System.setProperty(“javax.net.ssl.trustStore”, “/data/PkiCertificate/clientstore.jks”);
System.setProperty(“javax.net.ssl.trustStorePassword”, “changeit”);

setx -m JAVA_HOME “jdk1.7.0_04″

setx -m javax.net.ssl.keyStore “/keystore.jks”);
setx -m javax.net.ssl.keyStorePassword “passwordislong”);
setx -m javax.net.ssl.trustStore “/keystore.jks”);
setx -m javax.net.ssl.trustStorePassword “passwordislong”);


http://stackoverflow.com/questions/3803581/setting-a-system-environment-variable-from-a-windows-batch-file

http://nl.globalsign.com/en/support/ssl+certificates/java/java+based+webserver/keytool+commands/

-Djavax.net.debug=ssl,trustmanager


http://docs.oracle.com/javaee/1.4/tutorial/doc/Security7.html

http://broadsign.com/docs/9-2-1/appendix/apache-axis2/

http://web.archiveorange.com/archive/v/fNNSSwpIzBWqt1TcJdT4

http://stackoverflow.com/questions/5871279/java-ssl-and-cert-keystore

http://javarevisited.blogspot.com/2012/09/difference-between-truststore-vs-keyStore-Java-SSL.html

PasswordDigest
http://www.ibm.com/developerworks/training/kp/j-kp-wssecurity/

http://ianso.blogspot.com/2009/12/building-ws-security-enabled-soap.html

Java web services: WS-Security without client certificates

http://www.ibm.com/developerworks/java/library/j-jws17/index.html

Understanding web services specifications, Part 4: WS-Security
http://www.ibm.com/developerworks/webservices/tutorials/ws-understand-web-services4/

Java Web services: Axis2 WS-Security signing and encryption
http://www.ibm.com/developerworks/java/library/j-jws5/index.html

Best Practices for Web Services
http://www.ibm.com/developerworks/library/ws-best11/

Java Web services: Axis2 WS-Security basics
http://www.ibm.com/developerworks/webservices/library/j-jws4/index.html

Java web services: The high cost of (WS-)Security
http://www.ibm.com/developerworks/java/library/j-jws6/index.html

Java web services: WS-Trust and WS-SecureConversation
http://www.ibm.com/developerworks/java/library/j-jws15/index.html

Java web services: WS-Security with CXF
http://www.ibm.com/developerworks/java/library/j-jws13/index.html

Java Web services: Granular use of WS-Security
http://www.ibm.com/developerworks/java/library/j-jws7/index.html

Java web services: Modeling and verifying WS-SecurityPolicy
http://www.ibm.com/developerworks/java/library/j-jws21/index.html

Java Web services: Axis2 WS-Security basics
http://www.ibm.com/developerworks/java/library/j-jws4/

http://blog.sweetxml.org/2007/12/rampart-basic-examples-how-you-add-ws.html

http://www.javaranch.com/journal/200709/web-services-authentication-axis2.html

http://stackoverflow.com/questions/14266237/adding-ws-security-to-wsdl2java-generated-classes

http://wso2.org/library/3190

http://wso2.org/library/3415#step_1

http://ws.apache.org/tcpmon/index.html

Metro for Java (Web Services)

Java Web services: Introducing Metro
http://www.ibm.com/developerworks/java/library/j-jws9/index.html

http://www.bouncycastle.org/java.html

Apache CXF Security
http://cxf.apache.org/docs/ws-security.html

Security Best Practices
http://ws.apache.org/wss4j/best_practice.html

Web Service Security for Java
http://ws.apache.org/wss4j/index.html

AXIS2 Security
http://axis.apache.org/axis2/java/rampart/index.html

CXF
http://www.ibm.com/developerworks/java/library/j-jws12/index.html

Java web services: Understanding and modeling WSDL 1.1
http://www.ibm.com/developerworks/java/library/j-jws20/index.html

JAX-WS Guide
http://axis.apache.org/axis2/java/core/docs/jaxws-guide.html

Axis2 Quick Start Guide
http://axis.apache.org/axis2/java/core/docs/quickstartguide.html

Axis2 FAQ
http://axis.apache.org/axis2/java/core/faq.html

The Integration Zone is brought to you in partnership with 3scale. Learn how API providers have changed the way we think about integration in The Platform Vision of API Giants.

Topics:

Published at DZone with permission of Tim Spann , DZone MVB .

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}