User Close

Search

THE DEVELOPER PORTAL FOR SOA

ws-security without ws-addressing?

killerkent's picture

Submitted by killerkent on October 20, 2008 - 03:21

Hi,

Am I correct in thinking that I cannot implement ws-security with wsf php on a request if the request does not use ws addressing?

ie I want to handle an incoming request like this:

<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">

<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soap:mustUnderstand="1">

<wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-12468716">

<wsu:Created>2008-06-23T13:17:13.841Z</wsu:Created>

<wsu:Expires>2008-06-23T13:22:13.841Z</wsu:Expires>

</wsu:Timestamp>

<wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="UsernameToken-31571602">

<wsse:Username>username</wsse:Username>

<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password</wsse:Password>

</wsse:UsernameToken>

</wsse:Security>

<soap:Body>

<GetStatus xmlns=http://HOST/webservice.php>

<JobNumber>string</JobNumber>

</GetStatus>

</soap:Body>

</soap:Envelope>

Is this going to be possible or do I need to another solution?

thanks,

Dave

nandika's picture

Re: ws-security without ws-addressing

Submitted by nandika on October 21, 2008 - 21:18.

It is possible to get your senario working with wsf/php. However you will have to make a few ajustments to the configuaration files, axis2.xml and wsf_c/modules/rampart/module.xml as follows. In module.xml change 'inflow' element to following. <inflow> <handler name="RampartInHandler" class="mod_rampart"> <order phase="Security"/> </handler> </inflow&g Then in axis2.xml 'inflow' element add following element between PostDispatch and Rahas phases. <phase name="Security"/> We will fix this configuration issue for next release. -- Nandika

Login or register to post comments

killerkent's picture

great, thanks for your

Submitted by killerkent on October 24, 2008 - 02:53.

great, thanks for your assistance

Login or register to post comments

sandysong's picture

thanks, you`ve solved my

Submitted by sandysong on October 27, 2008 - 02:03.

thanks, you`ve solved my problem too.

Login or register to post comments

library project main code

Featured

In your cloud environment, if a user is consuming too much of your resources, either you have to control the user's behavior or scale up your resources to cater the situation and charge the user for consuming resources. If you decide to control the user, then, throttling is the answer for you...

WSO2 StratosLive is the public Platform as a Service (PaaS) from WSO2. With its lean, complete and 100% open source model, StratosLive holds key attributes to become competitively prominent in the enterprise cloud space...

Messaging is used with distributed computing to achieve asynchronous communication. An Event is a change of state in a software system. Eventing is referred to as propagating messages which contain those event information through publish and subscribe...

Patterns are essential ingredients for architects when building solutions since patterns make solutions more stable as well as clean. It is important to pick the correct pattern based on the problem or the use-case that is implemented by a solution...

WSO2 Carbon Studio immensely simplifies SOA development by providing a complete Eclipse IDE for service/application development, deployment and execution. This article explains Carbon Studio and its benefits...

Popular Content

Developing Web Services Using Apache Axis2 Eclipse Plugins - Part 1 (456039 reads)
How to Embed an Axis2 based Web Service in your Webapp? (104716 reads)
Hello World with Apache Axis2 (102563 reads)
Web Services Security with Apache Rampart – Part 1 ( Transport Level Security ) (96129 reads)
Downloading a Binary File from a Web Service using Axis2 and SOAP with Attachments (91204 reads)
Developing Web Services Using Apache Axis2 Eclipse Plugins - Part 2 (84667 reads)
Writing Your Own services.xml for Axis2 Web Services (80068 reads)
Reference Guide to Apache Axis2 Client API Parameters (72618 reads)

Learn Cloud

Learn

Cloud

The WSO2 Application Server is a reliable application server that can host your enterprise web applications. The WSO2 Application Server as a Service is offered in StratosLive, the WSO2 Platform as a Service. This article explains how a simple web application can be developed and deployed from Carbon Studio to the WSO2 Application Server...

Latest Webinar

Different groups within an organization need to monitor different Key Performance Indicators (KPIs) - An operations team will be interested in the response times of business services and loads of each service,..

Thursday, February 9th 2012, 09.00 AM (PST)

Thursday, February 9th 2012, 10.00 AM (GMT)

Tags

WS-PolicyAttachment WS-Security WS-Policy WS-Policy WS-Trust transports Web services WS-ReliableMessaging WS-* WS-Eventing