ws-security

问题 How to create totally security proof jnlp. I created one jnlp and uploaded on my online server. It is not working at all, but in my local, it is working fine. My online JNLP is opening GUI, only when, i decrease the java security level to medium( i think it is not secure at all) and it is not working (none of the functionality is working) I googled it about it, but could not find anything useful. Edited Can you please verify the JNLP file...find at link..This application is running perfectly

问题 I must make my WCF Client consume a web service (IBM DataPower) and sign/encrypt the request using Web Services Security X.509 Certificate Token Profile 1.1 OASIS Standard Specification, 1 February 2006. So far I have created a custom binding and "think" I am working along the right lines: Updated to reflect latest attempt Private Function CreateCustomBinding() As Channels.Binding Dim asbe As New Channels.AsymmetricSecurityBindingElement asbe.MessageSecurityVersion = MessageSecurityVersion

问题 I'm trying to convert this WSE3.0 code to WCF: // we use Microsoft WSE 3.0 to insert the username token in the soap header. // This strategy takes care of creating and inserting the Nonce and Created elements // for us, as well as creating a password digest based on Nonce, Created, and // the password itself. Refer to the WS-Secutiry UsernameToken Profile 1.1 // specification at http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=wss. Microsoft.Web.Services3.Security.Tokens

问题 I am about to implement security for my RESTful services based on the Spring framework. Actually, I have never secured RESTful WS before, but I've got myself a good introduction here. Basically, Amazon S3 or even OAuth are suggested as good examples. My questions: Does the Spring framework provide these strategies out-of-the-box? If yes: Is it Spring security that implements these strategies? If no: How would you suggest to implement these strategies (OAuth ...) with Spring? Thanks in advance

问题 I'm attempting to set up a client (Web Application) and service (WCF Service) that will communicate using a WSHttpBinding. It appears that in order to use this binding the client sends preliminary messages to set up the channel. Between the client and the service exists a service bus which is routing on a custom header. The message, when using BasicHttpBinding security, routes without issue. My question is: Is there any way to add the same custom header to the preliminary RequestSecurityToken

问题 My question is quite related to this one I have spend weeks of headaches to try and fight it, but there doesn't seem to exist a solution worthy of mention, apart from the solution to the above question, which is a terrible workaround, but there really seem to exist nothing else around. We are trying to communicate with a legacy system that has an established and running web service, with certain WS-Security constraints declared in its WSDL. We cannot change anything on the server, we just

问题 I am trying to change the wsdl2apex code for a web service call header that currently looks like this: <env:Header> <Security xmlns="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"> <UsernameToken Id="UsernameToken-4"> <Username>test</Username> <Password>test</Password> </UsernameToken> </Security> </env:Header> to look like this: <soapenv:Header> <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <wsse

问题 I have a custom binding like following for my WCF service which I am trying to call from the soapUI 4.5.1 <customBinding> <binding name="NewBinding0"> <transactionFlow /> <security authenticationMode="MutualCertificate" defaultAlgorithmSuite="Basic128" securityHeaderLayout="Lax" includeTimestamp="false" messageProtectionOrder="SignBeforeEncrypt" allowInsecureTransport="true" requireSignatureConfirmation="false" requireDerivedKeys="false" keyEntropyMode="ClientEntropy"

问题 I am developing a web service using Spring framework for Java and deploy on JBoss AS. This web service needs authentication and authorization and security solution so that some method user A can execute and some other user B can execute. At client side, there will be an application calling to the web service and people may log in using either user account A or B. I have been digging out the Internet, searching for web service authentication, researching on WS-Security but all that I can see

问题 I'm successful in communicating with a WCF service via SoapUI (I was given specification on how to configure it), but I'm having trouble in copying those settings to .NET application. Turns out the shape of generated SOAP message (peeked via Fiddler) is being rejected by the web service, who expects a stricter layout of envelope. I'm very close. On this picture... ... you can see three SOAP messages: 1. With X509SecurityTokenParameters.InclusionMode set to AlwaysToRecipient 2. With