ws-security

问题 I have problem with axis2+rampart WS-Security response in case of server internal error. When server returns "200 OK" all seems ok. Response is checked by rampart if it has proper timestamp, signature and decrypts function response XML. But when server returns "500 Internal Server Error" axis2/rapart throws exception: ERROR Thread-11 org.apache.axis2.engine.AxisEngine - Must Understand check failed for header I thought there is something wrong with answer and tested it with soapUI. There

问题 I am building a WCF web service with a customBinding endpoint and am getting stuck accepting the WS-Security header that is being sent to me by another party. We are both following a specification authored by the UK National Health Service, so I am unable to amend the requirements. The basic structure of the <wsse:Security> header should be as follows, according to the specification: <wsse:Security> <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss

问题 I'm having a problem with a .NET WCF client connecting to a Java web service using SOAP 1.1. The service requires both transport level encryption over SSL and SOAP security using the WS-Security protocol, both using the same certificate. I have the certificate installed and I can connect to the server however, I get a HTTP 500 response when I post the request. I have been able to compare the SOAP produced by WCF with a working example from the developers of the web service. The WCF SOAP

问题 I have an application that connects via https to a SOAP-based web service that implements WS-Security. The web service is written in Java, expects a plain text password as well as a properly set timestamp. After a great deal of googling and experimentation, I can't figure out how to configure my WCF client to interact with this service. In addition to a correct answer, I would also appreciate a link to a tutorial that explains WCF and SOAP well. My current client's app.config looks like this:

问题 We have got a normal WCF service which has a binding that looks like this: <wsHttpBinding> <binding name="ServiceBinding" receiveTimeout="00:10:00" sendTimeout="00:10:00" bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard" maxReceivedMessageSize="20971520" messageEncoding="Mtom" textEncoding="utf-8" useDefaultWebProxy="true" allowCookies="false"> <security mode="Message"> <message clientCredentialType="Windows" negotiateServiceCredential="true"

问题 I am trying to connect to a web service using WS-Security UsernameToken spec 1.0, using apache cxf 2.4.0. I've copied the code below from the CXF docs, but am getting: org.apache.cxf.ws.policy.PolicyException: No username available MyService_Service ss = new MyService_Service(wsdlURL, SERVICE_NAME); MyService port = ss.getBasicHttpBindingMyService (); Client client = ClientProxy.getClient(port); Endpoint cxfEndpoint = client.getEndpoint(); Map<String,Object> outProps = new HashMap<String

问题 I am specifically using WebSphere Integration Developer V7, but I also could be using Rational Software Architect V 7.5.1 (as I have both). Context: I am trying to create a JAX-WS client to call into the Human Task Manager and Business Flow Manager services in WebSphere Process Server V7, that are exposed via JAX-WS. By default they have attached Policy sets, and provider bindings that specify some WS-Security settings (as these are not defined in the WSDL). I have figured out how to make it

问题 I'm trying to get together with CXF's WS-security implementation(usernametoken). I've done everything as said at http://cxf.apache.org/docs/ws-security.html. My PasswordCallbackHandler seems to be working, but what bothers me is a part: if (pc.getIdentifier().equals("joe")) { // set the password on the callback. This will be compared to the // password which was sent from the client. pc.setPassword("password"); } as said Note that for up to and including CXF 2.3.x, the password validation of

问题 I have really been confused with Onvif Authentication. I have failed to execute onvif commands both on AXIS ans SONY cameras. Here is the code generating a request: procedure RebootDevice(dev: Device; Username, Password: string); var sdt: SystemDateTime; Created: string; Nonce: string; Nonce64: string; Password64: string; Header: Security; begin sdt := dev.GetSystemDateAndTime; Created := SystemDateTimeToStr(sdt.UTCDateTime); // yyyy-MM-ddTHH.mm.ss.000Z Nonce := '1234'; Nonce64 :=

问题 I am getting the below exception when I am calling the SecureStockQuoteProxy service with a proxy service. Here I have exposed this secured service as a REST API (which is unsecured). When I am calling the REST API, ESB throws the below error. [2013-11-24 12:41:46,386] ERROR - AxisEngine InvalidSecurity org.apache.axis2.AxisFault: InvalidSecurity at org.apache.rampart.handler.PostDispatchVerificationHandler.invoke(PostDispatchVerificationHandler.java:164) at org.apache.axis2.engine.Phase