Platinum Partner
java,architects,enterprise-integration,open source,integration,tips and tricks

SOAP, WS-Security, Apache CXF, and Axis2 Linksheet

WS-Security Configuration

    <con:wssContainer>

    <con:crypto>
    <con:source>keystore.jks</con:source>
    <con:password>mypasswordiscool</con:password>
    <con:type>KEYSTORE</con:type>
    </con:crypto>
    <con:outgoing>
    <con:name>Outgoing</con:name>
    <con:entry type=”Username” username=”longcomplicateduser” password=”weirdRandomP@33w4rD!”>
    <con:configuration>
    <addCreated>true</addCreated>
    <addNonce>true</addNonce>
    <passwordType>PasswordDigest</passwordType>
    </con:configuration>
    </con:entry>
    <con:entry type=”Timestamp”>
    <con:configuration>
    <timeToLive>60</timeToLive>
    <strictTimestamp>true</strictTimestamp>
    </con:configuration>
    </con:entry>
    </con:outgoing>
    </con:wssContainer>

    <soap:Header>
    <wsse:Security soap:mustUnderstand=”true” xmlns:wsse=”http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd” xmlns:wsu=”http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd”><wsu:Timestamp wsu:Id=”TS-4″><wsu:Created>2013-05-01T19:52:45.639Z</wsu:Created><wsu:Expires>2013-05-01T19:53:45.639Z</wsu:Expires></wsu:Timestamp><wsse:UsernameToken wsu:Id=”UsernameToken-3″><wsse:Username>longcomplicateduser</wsse:Username><wsse:Password Type=”http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest”>weirdRandomP@33w4rD!</wsse:Password><wsse:Nonce EncodingType=”http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary”>dfdfdf</wsse:Nonce><wsu:Created>2013-05-01T19:52:45.638Z</wsu:Created></wsse:UsernameToken></wsse:Security>
    </soap:Header>

http://techdiary.bitourea.com/2007/03/step-by-step-tutorial-to-use-rampart.html

http://www.coderanch.com/t/422683/Web-Services/java/SOAP-Header-missing-Rampart-Axis

http://stackoverflow.com/questions/11794223/rampart-doesnt-add-necessary-headers-to-soap-envelope

SET AXIS2_HOME=/axis2-1.6.2
wsdl2java.bat -uri https://X.com?wsdl -o JavaPrj -p mypackage.is.cool -d xmlbeans -t -ss -ssi -sd -g -ns2p

System.setProperty(“javax.net.ssl.keyStore”, “/data/PkiCertificate/tomcatkeystore.jks”);
System.setProperty (“javax.net.ssl.keyStorePassword”, “changeit”);
System.setProperty(“javax.net.ssl.trustStore”, “/data/PkiCertificate/clientstore.jks”);
System.setProperty(“javax.net.ssl.trustStorePassword”, “changeit”);

setx -m JAVA_HOME “jdk1.7.0_04″

setx -m javax.net.ssl.keyStore “/keystore.jks”);
setx -m javax.net.ssl.keyStorePassword “passwordislong”);
setx -m javax.net.ssl.trustStore “/keystore.jks”);
setx -m javax.net.ssl.trustStorePassword “passwordislong”);


http://stackoverflow.com/questions/3803581/setting-a-system-environment-variable-from-a-windows-batch-file

http://nl.globalsign.com/en/support/ssl+certificates/java/java+based+webserver/keytool+commands/

-Djavax.net.debug=ssl,trustmanager


http://docs.oracle.com/javaee/1.4/tutorial/doc/Security7.html

http://broadsign.com/docs/9-2-1/appendix/apache-axis2/

http://web.archiveorange.com/archive/v/fNNSSwpIzBWqt1TcJdT4

http://stackoverflow.com/questions/5871279/java-ssl-and-cert-keystore

http://javarevisited.blogspot.com/2012/09/difference-between-truststore-vs-keyStore-Java-SSL.html

PasswordDigest
http://www.ibm.com/developerworks/training/kp/j-kp-wssecurity/

http://ianso.blogspot.com/2009/12/building-ws-security-enabled-soap.html

Java web services: WS-Security without client certificates

http://www.ibm.com/developerworks/java/library/j-jws17/index.html

Understanding web services specifications, Part 4: WS-Security
http://www.ibm.com/developerworks/webservices/tutorials/ws-understand-web-services4/

Java Web services: Axis2 WS-Security signing and encryption
http://www.ibm.com/developerworks/java/library/j-jws5/index.html

Best Practices for Web Services
http://www.ibm.com/developerworks/library/ws-best11/

Java Web services: Axis2 WS-Security basics
http://www.ibm.com/developerworks/webservices/library/j-jws4/index.html

Java web services: The high cost of (WS-)Security
http://www.ibm.com/developerworks/java/library/j-jws6/index.html

Java web services: WS-Trust and WS-SecureConversation
http://www.ibm.com/developerworks/java/library/j-jws15/index.html

Java web services: WS-Security with CXF
http://www.ibm.com/developerworks/java/library/j-jws13/index.html

Java Web services: Granular use of WS-Security
http://www.ibm.com/developerworks/java/library/j-jws7/index.html

Java web services: Modeling and verifying WS-SecurityPolicy
http://www.ibm.com/developerworks/java/library/j-jws21/index.html

Java Web services: Axis2 WS-Security basics
http://www.ibm.com/developerworks/java/library/j-jws4/

http://blog.sweetxml.org/2007/12/rampart-basic-examples-how-you-add-ws.html

http://www.javaranch.com/journal/200709/web-services-authentication-axis2.html

http://stackoverflow.com/questions/14266237/adding-ws-security-to-wsdl2java-generated-classes

http://wso2.org/library/3190

http://wso2.org/library/3415#step_1

http://ws.apache.org/tcpmon/index.html

Metro for Java (Web Services)

Java Web services: Introducing Metro
http://www.ibm.com/developerworks/java/library/j-jws9/index.html

http://www.bouncycastle.org/java.html

Apache CXF Security
http://cxf.apache.org/docs/ws-security.html

Security Best Practices
http://ws.apache.org/wss4j/best_practice.html

Web Service Security for Java
http://ws.apache.org/wss4j/index.html

AXIS2 Security
http://axis.apache.org/axis2/java/rampart/index.html

CXF
http://www.ibm.com/developerworks/java/library/j-jws12/index.html

Java web services: Understanding and modeling WSDL 1.1
http://www.ibm.com/developerworks/java/library/j-jws20/index.html

JAX-WS Guide
http://axis.apache.org/axis2/java/core/docs/jaxws-guide.html

Axis2 Quick Start Guide
http://axis.apache.org/axis2/java/core/docs/quickstartguide.html

Axis2 FAQ
http://axis.apache.org/axis2/java/core/faq.html

Published at DZone with permission of {{ articles[0].authors[0].realName }}, DZone MVB. (source)

Opinions expressed by DZone contributors are their own.

{{ tag }}, {{tag}},

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}
{{ parent.authors[0].realName || parent.author}}

{{ parent.authors[0].tagline || parent.tagline }}

{{ parent.views }} ViewsClicks
Tweet

{{parent.nComments}}