ws-security

We need to consume a SOAP 1.1 Web Service, developed using Java, from within a C#/.Net 4.0 application. We have no access to the service programming or the server it resides on. The service is exposed over a non SSL connection and requires WS-Security, Username/PasswordText. Using SoapUI (http://soapui.org/) we are able to consume the web service simply by creating a project, pointing it to the WSDL and setting up a simple Username/PasswordText WS-Security configuration. The issue is that we are unable to consume the Web Service using WCF. After some researching, we found information that

I need to call web service that I have to send such soap request below by using C#. SoapBody and TimeStamp must be signed. <soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:web="http://xyzt.com/"> <soap:Header> <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs

When developing a Web service(Hospital Management System) using Java EE, is it necessary that for each Web Service call, it has to be checked that the user is logged in?? Which authentication method is the best JAAS, WS-Security, SAML, or a combination or using own tokens ?? It all depends on how is your web service implemented/or its going to be. If you still have a choice I would recommend going with REST approach, authenticate the user with some kind of login functionality and then maintain users session. Timo89 You can use filters. Here's an example of how to use filters: http://viralpatel

I'm trying to create a "java first" webservice that will use plain and simple UsernameToken WS-Security. I've attempted to follow the examples from CXF. When I query my wsdl I see no mention of anything ws-security related. I'm using CXF 2.7.5 and I'm trying to do everything with annotations. The following is my failed attempt: SampleService.java: import java.util.ArrayList; import java.util.Date; import javax.jws.WebParam; import javax.jws.WebMethod; import javax.jws.WebService; import javax.jws.soap.SOAPBinding; import org.apache.cxf.annotations.EndpointProperties; import org.apache.cxf

We have got a normal WCF service which has a binding that looks like this: <wsHttpBinding> <binding name="ServiceBinding" receiveTimeout="00:10:00" sendTimeout="00:10:00" bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard" maxReceivedMessageSize="20971520" messageEncoding="Mtom" textEncoding="utf-8" useDefaultWebProxy="true" allowCookies="false"> <security mode="Message"> <message clientCredentialType="Windows" negotiateServiceCredential="true" establishSecurityContext="false" /> </security> </binding> </wsHttpBinding> this service sits in 2 servers

I use symfony2 for web server and use wsse authentication with x-wsse header. The question actually is about which exact functions I should use in Java to give the same result as in PHP. PHP part for header generation: $nonce = substr( md5( uniqid( 'nonce_', true ) ), 0, 16 ); $nonceHigh = base64_encode( $nonce ); $passwordDigest = base64_encode( sha1( $nonce . $created . $password . "{" . $user->getSalt() . "}", true ) ); $header = "UsernameToken Username=\"{$username}\", PasswordDigest=\"{$passwordDigest}\", Nonce=\"{$nonceHigh}\", Created=\"{$created}\""; PHP part for header verify:

I've been able to make successfull call to first ACA web service and I thought, that getting status would be a breeze. Bo-o-oy how I have been wrong! I've used same settings for the status service as I did for the submit one... and I got "WS Security header is invalid error!" What gives?!?! Signature generation code is the same as I been using for submission! I would appreciate if any one would be able shed some light what possibly is wrong here? I am aware, that following tags should be digitally signed(and I do signed them): ACABusinessHeader ACABulkRequestTransmitterStatusDetailRequest

I'm trying to call a Java based, WS-Security enabled web service over https using a WCF client and can't seem to get the security configuration right. Using SvcTraceViewer, I don't see the expected security header with any of the security configurations I have tried. My most recent security configuration is: <wsHttpBinding> <binding name="MySoapBinding" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" maxBufferPoolSize="524288" maxReceivedMessageSize="65536"