ws-security

问题 I have the following situation: we have several webapplications, all using Spring Security to do authentication/authorization. We want to create a webservice that will be used by all those webapplications. Communication will hapen over https. I want the security context of the webapp to propagate to the webservice, so that @Secured annotations on methods in the webservice implementation work correctly. I've looked at spring ws security, and have succesfully implemented authentication using

问题 I am trying to set up a web service between a Silverlight client and a Java server. I need to send username tokens (username/password) from the Silverlight client for authentication purposes. Since this is a proof-of-concept, I want to keep things simple and use HTTP as my transport layer. However it looks like Silverlight only supports username tokens over HTTPS (Visual Studio is unable to digest the WSDL from my Java server that does username tokens over HTTP). So my question is this: how

问题 I'm implementing web service client in Java which uses wss4j 1.6.8 for WS-Security (to be more precize I need to sign a SOAP message). Server side requires requests to have the following structure: <Envelope> <Header> <wsse:Security mustUnderstand="1"> **<wsu:Timestamp wsu:Id="Timestamp-913ca68e-05ed-44e1-9d6c-b2f293da5a1d"> <wsu:Created>2012-12-21T11:37:31Z</wsu:Created> <wsu:Expires>2012-12-21T11:42:31Z</wsu:Expires> </wsu:Timestamp>** <wsse:BinarySecurityToken> MIID2jCCAsKg... </wsse

问题 How to create a web service in C# that uses WS-Security for encryption and signatures for both sides (requests and responses)? Client and server will use certificates. 回答1: Not sure which version of the framework you're using, but if it's .NET 2.0 (not using WCF) check out Web Service Extensions 3.0. That will allow you to implement the WS-Security standards in .NET 2.0 Web Services. And if you're using WCF, take a look at this article to get some ideas on how to secure your services using

问题 My task is to try to establish a communication with a ONVIF camera in the building to, eventually, upgrade the company's domotic solution to automatically recognize ONVIF cameras and to be able to set them up and to use their services. I am already able to gather some basic informations like its model, its MAC address and its firmware version this way: EndpointAddress endPointAddress = new EndpointAddress("<mycameraurl:<mycameraport>/onvif/device_service"); CustomBinding bind = new

问题 I made a question about JAX-WS, Authentication and Authorization - How to?; there was a discussion about security levels, and where to store user credentials. Now after some conclusions, I want to try one of those scenarios: SOAP web services - metro Message level security - Mutual certificate authentication, to authenticate the client application User credential in the Soap Header How to get the credentials and do the authorization? I have 2 ideas: JAAS (I don't know anything about this);

问题 I have a WCF client connecting to a Java based Axis2 web service (outside my control). It is about to have WS-Security applied to it, and I need to fix the .NET client. However, I am struggling to provide the correct authentication. I am aware that WSE 3.0 might make it easier, but I would prefer not to revert to an obsolete technology. Similar issues (unsolved), include this, this and this. The SOAP message should look like this: <wsse:UsernameToken> <wsse:Username><!-- Removed--></wsse

问题 I have created web services and trying to add security part of it. I'm using RAD and wondering how to add the username token in the webservices.xml extension tab? Any help is appreciated. Thanks. 回答1: A comment was added by @parthkansara asking about how to do this for a JAX-WS application. I'm answering that comment as an additional answer to this topic since there aren't enough characters to do so in the comment field. You can add a WS-Security Policy and Bindings for a JAX-WS application

问题 I can not understand the following: WS-Security and https are presented as alternatives. The problem though with https (as described) is when there intermediaries i.e. proxies are between client and server. Then we can work arround and guarrantee point-to-point security e.g. between proxy and server but not end to end. So we can have: Client <--(secure)--> Proxy <--(secure)-->Server But this is not equal to Client <--(secure)--> Server So why is not the end-to-end guaranteed? Could someone

问题 Documentation of the service, says I need to use WS-Security. From they support, i got a p12 file, which I should be using. What worked I ran up SoapUI application, configured it, added wsdl etc, and got message <faultstring>These policy alternatives can not be satisfied: (...)</faultstring> So I found I need to add basic Auth to the request. And i got my proper answer. What I did so far Found a function which generates almost the same xml as the SoapUI, so I could use that probably. I call