> > > I used Rampard. > There is good tutorial: > > http://www.ibm.com/developerworks/webservices/tutorials/ws-understand-web-services4/ > > My client .java code look the same with and without WS-Security. > All the difference is in configuration axis2.conf file. > You must know what cryptography (signature/encrypt/timestamp) server side > expects from you, and what cryptography you expect from server. > There is configuration from my client. > In my case query (OutflowSecurity) had to be signed and encrypted, > where in response there was also timestamp. Sequence order is very > important: "Signature Encrypt Timestamp" is very different > from "Timestamp Signature Encrypt", but creators of service > should help you. > > <axisconfig name="AxisJava2.0"> > <module ref="rampart" /> > > <parameter name="OutflowSecurity"> > <action> > <items>Signature Encrypt</items> > <user>myr_alias</user> > <passwordCallbackClass>PWCallback</passwordCallbackClass> > <signaturePropFile>client.properties</signaturePropFile> > <signatureKeyIdentifier>SKIKeyIdentifier</signatureKeyIdentifier> > <signatureParts>{Element}{ > http://schemas.xmlsoap.org/soap/envelope/}Body<http://schemas.xmlsoap.org/soap/envelope/%7DBody> > </signatureParts> > <encryptionKeyIdentifier>SKIKeyIdentifier</encryptionKeyIdentifier> > <encryptionUser>server_alias</encryptionUser> > </action> > </parameter> > > <parameter name="InflowSecurity"> > <action> > <items>Signature Encrypt Timestamp</items> > <passwordCallbackClass>PWCallback</passwordCallbackClass> > <signaturePropFile>client.properties</signaturePropFile> > <enableSignatureConfirmation>false</enableSignatureConfirmation> > </action> > </parameter> > ... >
Thanks Michal. Are you saying that adding a axis2.conf file will enable the creation of the security header? As far as I know (in talking to the owner of the web service) the information in the header is all that is needed. Matt
