Enterprise Integration Zone is brought to you in partnership with:

I have been a programmer since I was a young child in the Gifted and Talent Program in Rutherford, NJ back in 1979. I started programming on Commodore PETs – 4 bit. And then Apple IIs, Commodore 64s and some others. Basic, then Pascal, Fortran, C, C++, Java, JavaScript and more. I am a Senior Field Engineer with Pivotal. Tim is a DZone MVB and is not an employee of DZone and has posted 59 posts at DZone. You can read more from them at their website. View Full User Profile

SOAP, WS-Security, Apache CXF, and Axis2 Linksheet

05.09.2013
| 5784 views |
  • submit to reddit

WS-Security Configuration

    <con:wssContainer>

    <con:crypto>
    <con:source>keystore.jks</con:source>
    <con:password>mypasswordiscool</con:password>
    <con:type>KEYSTORE</con:type>
    </con:crypto>
    <con:outgoing>
    <con:name>Outgoing</con:name>
    <con:entry type=”Username” username=”longcomplicateduser” password=”weirdRandomP@33w4rD!”>
    <con:configuration>
    <addCreated>true</addCreated>
    <addNonce>true</addNonce>
    <passwordType>PasswordDigest</passwordType>
    </con:configuration>
    </con:entry>
    <con:entry type=”Timestamp”>
    <con:configuration>
    <timeToLive>60</timeToLive>
    <strictTimestamp>true</strictTimestamp>
    </con:configuration>
    </con:entry>
    </con:outgoing>
    </con:wssContainer>

    <soap:Header>
    <wsse:Security soap:mustUnderstand=”true” xmlns:wsse=”http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd” xmlns:wsu=”http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd”><wsu:Timestamp wsu:Id=”TS-4″><wsu:Created>2013-05-01T19:52:45.639Z</wsu:Created><wsu:Expires>2013-05-01T19:53:45.639Z</wsu:Expires></wsu:Timestamp><wsse:UsernameToken wsu:Id=”UsernameToken-3″><wsse:Username>longcomplicateduser</wsse:Username><wsse:Password Type=”http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest”>weirdRandomP@33w4rD!</wsse:Password><wsse:Nonce EncodingType=”http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary”>dfdfdf</wsse:Nonce><wsu:Created>2013-05-01T19:52:45.638Z</wsu:Created></wsse:UsernameToken></wsse:Security>
    </soap:Header>

http://techdiary.bitourea.com/2007/03/step-by-step-tutorial-to-use-rampart.html

http://www.coderanch.com/t/422683/Web-Services/java/SOAP-Header-missing-Rampart-Axis

http://stackoverflow.com/questions/11794223/rampart-doesnt-add-necessary-headers-to-soap-envelope

SET AXIS2_HOME=/axis2-1.6.2
wsdl2java.bat -uri https://X.com?wsdl -o JavaPrj -p mypackage.is.cool -d xmlbeans -t -ss -ssi -sd -g -ns2p

System.setProperty(“javax.net.ssl.keyStore”, “/data/PkiCertificate/tomcatkeystore.jks”);
System.setProperty (“javax.net.ssl.keyStorePassword”, “changeit”);
System.setProperty(“javax.net.ssl.trustStore”, “/data/PkiCertificate/clientstore.jks”);
System.setProperty(“javax.net.ssl.trustStorePassword”, “changeit”);

setx -m JAVA_HOME “jdk1.7.0_04″

setx -m javax.net.ssl.keyStore “/keystore.jks”);
setx -m javax.net.ssl.keyStorePassword “passwordislong”);
setx -m javax.net.ssl.trustStore “/keystore.jks”);
setx -m javax.net.ssl.trustStorePassword “passwordislong”);


http://stackoverflow.com/questions/3803581/setting-a-system-environment-variable-from-a-windows-batch-file

http://nl.globalsign.com/en/support/ssl+certificates/java/java+based+webserver/keytool+commands/

-Djavax.net.debug=ssl,trustmanager


http://docs.oracle.com/javaee/1.4/tutorial/doc/Security7.html

http://broadsign.com/docs/9-2-1/appendix/apache-axis2/

http://web.archiveorange.com/archive/v/fNNSSwpIzBWqt1TcJdT4

http://stackoverflow.com/questions/5871279/java-ssl-and-cert-keystore

http://javarevisited.blogspot.com/2012/09/difference-between-truststore-vs-keyStore-Java-SSL.html

PasswordDigest
http://www.ibm.com/developerworks/training/kp/j-kp-wssecurity/

http://ianso.blogspot.com/2009/12/building-ws-security-enabled-soap.html

Java web services: WS-Security without client certificates

http://www.ibm.com/developerworks/java/library/j-jws17/index.html

Understanding web services specifications, Part 4: WS-Security
http://www.ibm.com/developerworks/webservices/tutorials/ws-understand-web-services4/

Java Web services: Axis2 WS-Security signing and encryption
http://www.ibm.com/developerworks/java/library/j-jws5/index.html

Best Practices for Web Services
http://www.ibm.com/developerworks/library/ws-best11/

Java Web services: Axis2 WS-Security basics
http://www.ibm.com/developerworks/webservices/library/j-jws4/index.html

Java web services: The high cost of (WS-)Security
http://www.ibm.com/developerworks/java/library/j-jws6/index.html

Java web services: WS-Trust and WS-SecureConversation
http://www.ibm.com/developerworks/java/library/j-jws15/index.html

Java web services: WS-Security with CXF
http://www.ibm.com/developerworks/java/library/j-jws13/index.html

Java Web services: Granular use of WS-Security
http://www.ibm.com/developerworks/java/library/j-jws7/index.html

Java web services: Modeling and verifying WS-SecurityPolicy
http://www.ibm.com/developerworks/java/library/j-jws21/index.html

Java Web services: Axis2 WS-Security basics
http://www.ibm.com/developerworks/java/library/j-jws4/

http://blog.sweetxml.org/2007/12/rampart-basic-examples-how-you-add-ws.html

http://www.javaranch.com/journal/200709/web-services-authentication-axis2.html

http://stackoverflow.com/questions/14266237/adding-ws-security-to-wsdl2java-generated-classes

http://wso2.org/library/3190

http://wso2.org/library/3415#step_1

http://ws.apache.org/tcpmon/index.html

Metro for Java (Web Services)

Java Web services: Introducing Metro
http://www.ibm.com/developerworks/java/library/j-jws9/index.html

http://www.bouncycastle.org/java.html

Apache CXF Security
http://cxf.apache.org/docs/ws-security.html

Security Best Practices
http://ws.apache.org/wss4j/best_practice.html

Web Service Security for Java
http://ws.apache.org/wss4j/index.html

AXIS2 Security
http://axis.apache.org/axis2/java/rampart/index.html

CXF
http://www.ibm.com/developerworks/java/library/j-jws12/index.html

Java web services: Understanding and modeling WSDL 1.1
http://www.ibm.com/developerworks/java/library/j-jws20/index.html

JAX-WS Guide
http://axis.apache.org/axis2/java/core/docs/jaxws-guide.html

Axis2 Quick Start Guide
http://axis.apache.org/axis2/java/core/docs/quickstartguide.html

Axis2 FAQ
http://axis.apache.org/axis2/java/core/faq.html

Published at DZone with permission of Tim Spann, author and DZone MVB. (source)

(Note: Opinions expressed in this article and its replies are the opinions of their respective authors and not those of DZone, Inc.)