All geek questions in one place

Wsse web service security implementation

I am creating a web service using IBM JAX-RPC / JAX-WS. I am trying to implement wsse security, but I am not able to determine the exact steps to achieve the same. I will use RSA 7.5 and Websphere 7 for this web service.

Reading the documentation, I was completely lost, as I am new to this and have no idea about the same.

Can someone point me to the steps to implement wsse security for a web service?

I have been struggling with this since the last few days.

EDIT

I want authentication to be done in the header, it should look something like this:

<header> <authenticationInfo> <userID></userID> <password></password> </authenticationInfo> </header>

Besides using a handler and changing the contents of the header, is there any other way to achieve the same?

+4
source share
2 answers

For web services (SOAP-based), part of the security is usually handled by web service handlers . Handlers are applicable for both client and server. For a typical use case for security

  • On the client side, the handlers intercept the request before sending it to the server and inserts the security header in the SOAP message.
  • On the server side, the handlers intercept the request and check for a SOAP request that contains the appropriate security headers. This happens before it processes the request handlers.

Here is a good link to WS Security in general I came across. However, this is not IBM or java, but informative.

To answer your question for a walkthrough, I could not find any standard RSA 7.5 articles, but since JAX-RPC is a standard specification, it should be the same. Here is an example: Part1 , Part2 )

+1
source

Source: https://habr.com/ru/post/1433227/

More articles:


All Articles