ws-security

问题 I debugged ssl handshake, by the log I suppose both server and client uses TLSv1. Even tried setting System.setProperty("https.protocols", "TLSv1"); still no success. I'm unable to figure out the exact cause of this problem. Can anyone please guide me on this. I'm using Java 1.7.0_65 keyStore is : keyStore type is : jks keyStore provider is : init keystore init keymanager of type SunX509 trustStore is: E:\Java\jdk1.7.0_65\jre\lib\security\cacerts trustStore type is : jks trustStore provider

问题 I'm struggling with implementing WS-Security in Progress ABL. It seems possible, this knowledgebase: http://knowledgebase.progress.com/articles/Article/P88147 states: For outgoing WS-Security, create SOAP Headers containing the WS-Security content manually using the OpenEdge Web Service client. First of all I'm struggling with the creation of a base64 encoded and SHA1 digested password hash. Password digest according to the WS-Security specification. Source. Password_Digest = Base64 ( SHA-1 (

问题 I built a simple SOAP web service using Eclipse and axis 1.4. Everything is working well. I'd like to enhance it to: 1) require digital signatures with requests 2) validate those signatures 3) allow me to examine the cert used to sign the requests Any guidance at all would be appreciated. I don't mind RTFM but I don't even know what manual to start with. Thanks in advance. 回答1: It appears I can integrate Axis with WSS4J to accomplish what I am after: http://ws.apache.org/wss4j/axis.html Will

问题 I'm new here and I'm facing a problem. I need to know if it is possible to implement the WS-Security protocol with X.509 certificates on a native iPhone application. I haven't found much information on the web, except this information from Apple about security services. I just want to ask, is it possible? has it been made before?. If it is possible, can you point me in the right direction?. Thanks in advance. 回答1: You should be able to implement this using OpenSSL. There is a tutorial on The

问题 I am trying to make CXF STS work with 509v3 token. It works fine, if only a username token is configured, but it fails on X509. I am using CXF inside of JBOSS EAP 6.3.1 Maven Dependencies <dependency> <groupId>org.apache.cxf.services.sts</groupId> <artifactId>cxf-services-sts-core</artifactId> <version>2.7.11.redhat-3</version> </dependency> <dependency> <groupId>org.jboss.ws.cxf</groupId> <artifactId>jbossws-cxf-server</artifactId> <version>4.3.0.Final-redhat-3</version> <scope>provided<

问题 I am trying to create a Soap client in java, where I have to Sign the Soap message using my private key. I am getting response using SoapUI , with WS-Security configured. I have imported the WSDL and generated classes using wsimport . I created a SOAPHandler to sign the message like below. I am not sure If this is the correct way to sign the message. @Override private void handleMessage(SOAPMessageContext context) throws SOAPException, WSSecurityException { try { SOAPMessage soapMessage =

问题 I'm working in a big project that makes extensive use of WCF for different kinds of communication. As a part of a new requirement, we need to communicate with a SOAP Web Service developed by a third party. Their service is developed with Java and has two security requirements: it needs BASIC authentication over transport and the message has to be signed (not encrypted) with a X509 certificate using the WS-Security (OASIS) standard for non-repudiation. The problem I have is that the bindings

问题 In my soap application, I'm using apache cxf. Here's my code which will submit data to the server. import org.apache.cxf.Bus; import org.apache.cxf.BusFactory; import org.apache.cxf.bus.spring.SpringBusFactory; import org.apache.cxf.endpoint.Client; import org.apache.cxf.frontend.ClientProxy; import org.apache.cxf.interceptor.LoggingInInterceptor; import org.apache.cxf.interceptor.LoggingOutInterceptor; import org.apache.cxf.ws.security.wss4j.DefaultCryptoCoverageChecker; import org.apache

问题 I'm writing a JAXWS-RI client that must call a .NET Web Service that is using WS-Security. The service's WSDL does not contain any WS-Security info, but I have an example soap message from the service's authors and know that I must include wsse:Security headers, including X:509 tokens. I've been researching, and I've seen example of folks calling this type of web service from Axis and CXF (in conjunction with Rampart and/or WSS4J), but nothing about using plain JAXWS-RI itself. However, I'm

问题 I have a web service which implements WS-Security but does not define a policy in the WSDL. I am able to consume this web service successfully using Axis 2 as client. I am trying to consume the same web service using Metro 2 but the wsse:security headers are not going. It works only if the service defines the security policy which is not under my control. I tested this by creating a sample web service and unless I define the policy my metro client never sends the wsse:security headers. Is