SOAP / WS-Security / IBM / Metro / Apache CXF / Axis2

WS-Security Configuration

<con:wssContainer>

<con:crypto>
<con:source>keystore.jks</con:source>
<con:password>mypasswordiscool</con:password>
<con:type>KEYSTORE</con:type>
</con:crypto>
<con:outgoing>
<con:name>Outgoing</con:name>
<con:entry type=”Username” username=”longcomplicateduser” password=”weirdRandomP@33w4rD!”>
<con:configuration>
<addCreated>true</addCreated>
<addNonce>true</addNonce>
<passwordType>PasswordDigest</passwordType>
</con:configuration>
</con:entry>
<con:entry type=”Timestamp”>
<con:configuration>
<timeToLive>60</timeToLive>
<strictTimestamp>true</strictTimestamp>
</con:configuration>
</con:entry>
</con:outgoing>
</con:wssContainer>

<soap:Header>
<wsse:Security soap:mustUnderstand=”true” xmlns:wsse=”http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd” xmlns:wsu=”http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd”><wsu:Timestamp wsu:Id=”TS-4″><wsu:Created>2013-05-01T19:52:45.639Z</wsu:Created><wsu:Expires>2013-05-01T19:53:45.639Z</wsu:Expires></wsu:Timestamp><wsse:UsernameToken wsu:Id=”UsernameToken-3″><wsse:Username>longcomplicateduser</wsse:Username><wsse:Password Type=”http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest”>weirdRandomP@33w4rD!</wsse:Password><wsse:Nonce EncodingType=”http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary”>dfdfdf</wsse:Nonce><wsu:Created>2013-05-01T19:52:45.638Z</wsu:Created></wsse:UsernameToken></wsse:Security>
</soap:Header>

 

http://techdiary.bitourea.com/2007/03/step-by-step-tutorial-to-use-rampart.html

http://www.coderanch.com/t/422683/Web-Services/java/SOAP-Header-missing-Rampart-Axis

http://stackoverflow.com/questions/11794223/rampart-doesnt-add-necessary-headers-to-soap-envelope

 

SET AXIS2_HOME=/axis2-1.6.2
wsdl2java.bat -uri https://X.com?wsdl -o JavaPrj -p mypackage.is.cool -d xmlbeans -t -ss -ssi -sd -g -ns2p

System.setProperty(“javax.net.ssl.keyStore”, “/data/PkiCertificate/tomcatkeystore.jks”);
System.setProperty (“javax.net.ssl.keyStorePassword”, “changeit”);
System.setProperty(“javax.net.ssl.trustStore”, “/data/PkiCertificate/clientstore.jks”);
System.setProperty(“javax.net.ssl.trustStorePassword”, “changeit”);

setx -m JAVA_HOME “jdk1.7.0_04”

setx -m javax.net.ssl.keyStore “/keystore.jks”);
setx -m javax.net.ssl.keyStorePassword “passwordislong”);
setx -m javax.net.ssl.trustStore “/keystore.jks”);
setx -m javax.net.ssl.trustStorePassword “passwordislong”);


http://stackoverflow.com/questions/3803581/setting-a-system-environment-variable-from-a-windows-batch-file

http://nl.globalsign.com/en/support/ssl+certificates/java/java+based+webserver/keytool+commands/

 

-Djavax.net.debug=ssl,trustmanager


http://docs.oracle.com/javaee/1.4/tutorial/doc/Security7.html

http://broadsign.com/docs/9-2-1/appendix/apache-axis2/

http://web.archiveorange.com/archive/v/fNNSSwpIzBWqt1TcJdT4

http://stackoverflow.com/questions/5871279/java-ssl-and-cert-keystore

http://javarevisited.blogspot.com/2012/09/difference-between-truststore-vs-keyStore-Java-SSL.html

PasswordDigest
http://www.ibm.com/developerworks/training/kp/j-kp-wssecurity/

http://ianso.blogspot.com/2009/12/building-ws-security-enabled-soap.html

Java web services: WS-Security without client certificates

http://www.ibm.com/developerworks/java/library/j-jws17/index.html

Understanding web services specifications, Part 4: WS-Security
http://www.ibm.com/developerworks/webservices/tutorials/ws-understand-web-services4/

Java Web services: Axis2 WS-Security signing and encryption
http://www.ibm.com/developerworks/java/library/j-jws5/index.html

Best Practices for Web Services
http://www.ibm.com/developerworks/library/ws-best11/

Java Web services: Axis2 WS-Security basics
http://www.ibm.com/developerworks/webservices/library/j-jws4/index.html

Java web services: The high cost of (WS-)Security
http://www.ibm.com/developerworks/java/library/j-jws6/index.html

Java web services: WS-Trust and WS-SecureConversation
http://www.ibm.com/developerworks/java/library/j-jws15/index.html

Java web services: WS-Security with CXF
http://www.ibm.com/developerworks/java/library/j-jws13/index.html

Java Web services: Granular use of WS-Security
http://www.ibm.com/developerworks/java/library/j-jws7/index.html

Java web services: Modeling and verifying WS-SecurityPolicy
http://www.ibm.com/developerworks/java/library/j-jws21/index.html

Java Web services: Axis2 WS-Security basics
http://www.ibm.com/developerworks/java/library/j-jws4/

http://blog.sweetxml.org/2007/12/rampart-basic-examples-how-you-add-ws.html

http://www.javaranch.com/journal/200709/web-services-authentication-axis2.html

http://stackoverflow.com/questions/14266237/adding-ws-security-to-wsdl2java-generated-classes

http://wso2.org/library/3190

http://wso2.org/library/3415#step_1

http://ws.apache.org/tcpmon/index.html

Metro for Java (Web Services)

Java Web services: Introducing Metro
http://www.ibm.com/developerworks/java/library/j-jws9/index.html

http://www.bouncycastle.org/java.html

Apache CXF Security
http://cxf.apache.org/docs/ws-security.html

Security Best Practices
http://ws.apache.org/wss4j/best_practice.html

Web Service Security for Java
http://ws.apache.org/wss4j/index.html

AXIS2 Security
http://axis.apache.org/axis2/java/rampart/index.html

CXF
http://www.ibm.com/developerworks/java/library/j-jws12/index.html

Java web services: Understanding and modeling WSDL 1.1
http://www.ibm.com/developerworks/java/library/j-jws20/index.html

JAX-WS Guide
http://axis.apache.org/axis2/java/core/docs/jaxws-guide.html

Axis2 Quick Start Guide
http://axis.apache.org/axis2/java/core/docs/quickstartguide.html

Axis2 FAQ
http://axis.apache.org/axis2/java/core/faq.html

 

Leave a Reply