developerWorks > SOA and Web services > Forums > Web Services Technical >

Reg:WebService Confidentiality


Search for within

My developerWorks

Welcome, Guest

	Sign in or register

Reply to this Thread

Post New Thread

Watch list

Forum settings

Help

	Replies: 1 - Pages: 1 - Last Post: Oct 12, 2009 5:07 PM Last Post By: Barbara_Jensen

vvreddy

Posts: 5
Registered: Jan 29, 2008 05:10:07 AM

Reg:WebService Confidentiality
Posted: Feb 29, 2008 08:21:11 AM

Hi all ,

i am securing webservice by using a UserName token and Encryption.In my application Encryption part is UserNameToken .I am successfully deployed into Server.When ever i making request to webservice with adding Username Token and Encryption ( Encryption part is Username Token) security ,i am getting results.
_But when i making request to webservice with only UserNameToken profile as secuirty also i am getting a result .Why it is ?_I am using RAD for development and WebSphere as server.
can you please help me on this.
It would be better if you provide example

Thank You

Message was edited by: vvreddy

Barbara_Jensen

Posts: 6
Registered: Apr 26, 2005 06:56:43 PM

Re: Reg:WebService Confidentiality
Posted: Oct 12, 2009 05:07:02 PM

in response to: vvreddy's post

I don't quite understand what you are saying. Let me restate and you can tell me if I'm right:

1) You have constraints with UNT + encryption of the UNT (and only the UNT)
2) If you send as above, it works
3) If you send just the UNT (ie, nothing is encrypted at all), it still works

I'd like to know the following:

1) Did you verify with a trace, or tcpmon that the message that you think is the encrypted UNT is ACTUALLY encrypted?
2) Is the provider JAX-RPC or JAX-WS?

Pages: 1

Back to Thread List

Update your My developerWorks profile and start connecting with others.