5 Replies Latest reply: Apr 13, 2012 7:00 PM by User696-Oracle RSS

    webservice (jaxws) and ws-security

    892445
      Hello
      I have made one webservice using jaxws.
      i must to add ws-security to this ws for singning the messages (body)

      into my implementation i have put:
      @WebService(portName = "MyImplPort",
      name = "MyWS",
      serviceName = "My0WS",
      targetNamespace = "http://www.my.com/my")


      @Policies({
                @Policy(uri = "policy:Wssp1.2-2007-SignBody.xml", attachToWsdl = false)})
      public class MyImpl {
      .....

      but when i invoke it i can invoke without security, there is not any exception (security exception)

      can you help me for implementing ws security into this service for making imposible to invoke it without security?

      i am testing using soapui

      thanks
        • 1. Re: webservice (jaxws) and ws-security
          User696-Oracle
          can you check ::::::: Example of Adding Security to a JAX-WS Web Service::::::::::::
          http://docs.oracle.com/cd/E23943_01/web.1111/e13713/message.htm#


          Regards,
          Sunil Polineni
          • 2. Re: webservice (jaxws) and ws-security
            892445
            i have used thi:

            http://docs.oracle.com/cd/E23943_01/web.1111/e13713/message.htm#CDEBIJEJ

            but it (the service) i can use without security.
            Can you help me?
            thanks
            • 3. Re: webservice (jaxws) and ws-security
              User696-Oracle
              Can you try with below option

              @Policy(uri = "policy:Wssp1.2-2007-SignBody.xml", attachToWsdl = true)
              public class MyImpl {

              And see if it makes any difference in the wsdl if the policy file is being added to wsdl file or not and try to invoke the service.


              Regards,
              Sunil Polineni
              • 4. Re: webservice (jaxws) and ws-security
                892445
                yes
                appears into the wsdl this:
                xmlns:tns="http://www.metaposta.com/mp06s00" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata" xmlns:wsp1_2="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsp="http://www.w3.org/ns/ws-policy" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wssutil="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
                <wsp:UsingPolicy wssutil:Required="true"/>
                <wsp1_2:Policy wssutil:Id="Wssp1.2-2007-SignBody.xml">
                <ns1:SignedParts xmlns:ns1="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
                <ns1:Body/>
                </ns1:SignedParts>
                </wsp1_2:Policy>
                <types>
                <xsd:schema>
                ......

                there aer security declarations but i can invoque this service without sign. I am using the soaopui for testing and without sign i can invoke it.
                is this normal?

                thanks
                • 5. Re: webservice (jaxws) and ws-security
                  User696-Oracle
                  Ok, you need to add following policy Wssp1.2-2007-Wss1.0-X509-Basic256.xml. SO it uses this x509 token to sign
                  For Eg:

                  @Policies( { @Policy(uri = "policy:Wssp1.2-2007-SignBody.xml"), @Policy(uri = "policy:Wssp1.2-2007-Wss1.0-X509-Basic256.xml") })
                  public class Test {


                  Regards,
                  Sunil Polineni