Topic
  • 3 replies
  • Latest Post - ‏2012-11-26T22:39:52Z by mburati
jvarga
jvarga
1 Post

Pinned topic Web Service with WS-Security Signature and Encryption

‏2010-02-09T20:25:51Z |
I am trying to consume a web service created outside of Websphere. It is secured using WS-Security Username and as far as I can tell requires a signature and encryption. I have a keystore file with the required keys as well as the passwords for accessing the keystore. I saw the example on the wiki (I think) for consuming a web service using the Username token in the header, but it looks like that's for web services that don't use encryption and/or signatures. Is this possible? If so, how? Thanks in advance.
Updated on 2012-11-26T22:39:52Z at 2012-11-26T22:39:52Z by mburati
  • mburati
    mburati
    352 Posts

    Re: Web Service with WS-Security Signature and Encryption

    ‏2010-02-10T16:36:15Z  
    The current WPF Web Service builders only automate the UsernameToken and LTPA Binary Token WS-Security SOAP headers.

    You may be able to create the WS client/consumer code with RAD's WS wizard(s) and/or WAS's Web Service Tooling and then leverage that WS consumer/client code via WPF LJO.

    Another option that "may" be possible, but which I don't know much about myself, so I'm just guessing here is that WPF 6.1.5 added the ability to use JAX-WS as the underlying WS implementation, if you're running on WAS7, or if you're running on WAS6.1 with the JAX-WS WS Feature Pak applied. According to the WAS7 JAX-WS documentation, it should be possible to configure WAS's WS support to use WS-Security (such as signatures and encryption) across the board, on all JAX-WS ws consumers run on that platform. Again, I am not an expert on that area and wasn't involved directly in the JAX-WS work, so that's just a theory, not something I have done myself. See http://publib.boulder.ibm.com/infocenter/wasinfo/v7r0/index.jsp?topic=/com.ibm.websphere.express.doc/info/exp/ae/cwbs_generalbinding.html for more info.

    ..mb1
  • saikiran
    saikiran
    1 Post

    Re: Web Service with WS-Security Signature and Encryption

    ‏2012-11-20T16:19:32Z  
    Hi All

    I got the similar requirement of consuming web services uses UserToken + Symmetric Encryption web services. I got the user token (username and password) and key store.

    I tried to see if we can do WAS Level configuration, but not successful.

    Help me if you have already resolved similar kind of problems.
  • mburati
    mburati
    352 Posts

    Re: Web Service with WS-Security Signature and Encryption

    ‏2012-11-26T22:39:52Z  
    • saikiran
    • ‏2012-11-20T16:19:32Z
    Hi All

    I got the similar requirement of consuming web services uses UserToken + Symmetric Encryption web services. I got the user token (username and password) and key store.

    I tried to see if we can do WAS Level configuration, but not successful.

    Help me if you have already resolved similar kind of problems.
    The WEF WS builder allows generation of WS Security UsernameToken headers automatically, but not other ws security features like signatures and encryption. You could generate the JAX-WS classes via RAD or WAS tools and then call those via WEF LJO or you may be able to hook into the JAX-WS hooks and trigger additional security processing via Java as Dave describes in the following sample/article on the WEF Wiki:

    http://www-10.lotus.com/ldd/pfwiki.nsf/dx/JAX-WS_Handler_Sample_using_IBM_Web_Experience_Factory

    I hope that info helps,
    ..Mike Burati
    http://www-10.lotus.com/ldd/pfwiki.nsf/
    The postings on this site are my own and do not necessarily represent the positions, strategies, or opinions of IBM.