Re: CXF Webservice Security

Fri, 02 Mar 2012 09:22:34 -0800 

On 03/02/2012 12:02 PM, kumarasamyr wrote:

I have few questions here,


1) *I do not see any changes in WSDL (generated from IE) after adding
security(Signature,Encrypt)*. Because How webservice consumer knows about
the security(in my case, there are BPM and .net consumers)?
None of the tools create Policy statements for you. You either have a WSDL with WS-Policy already in place (created manually or with help from NetBeans -- see the Metro security articles #13, #15 on my blog[1]), or if you don't wish to use WS-Policy, then you use the interceptor approach. 




2) Is there any *free *alternatives available for  bcprov-jdk15-146.jar
(BouncyCastle encryption library)? - Just for knowledge
I thought BC is free: http://www.bouncycastle.org/licence.html. But I'm unsure if you need it anyway -- IIRC that's only if the cryptographic algorithms already provided by the JDK are not what you want. 



3) If I do not mention signatureParts, encryptionParts,
encryptionSymAlgorithm properties in interceptors, what are the default
algorithms used or *which algorithm is your suggestion* ? (If you could
point me to any tutorial, that will be great. Thanks)
Nothing should get encrypted/signed in that case. If you don't have specific encryption requirements (i.e., if you have to ask us), you might consider just encrypting the SOAP calls using SSL (i.e., using simpler transport- instead of message-layer encryption without need for Policy statements) see article #11 of [1]. 


[1] http://www.jroller.com/gmazza/entry/blog_article_index




4) How do I log the original request and response(request and response
without encryption) when I use security encryption? atleast I want in server
side for debugging.
https://cwiki.apache.org/CXF20DOC/debugging-and-logging.html should take care of you. 

HTH,
Glen




Thanks,
Kumar

--
View this message in context: 
http://cxf.547215.n5.nabble.com/CXF-Webservice-Security-tp5531555p5531555.html
Sent from the cxf-user mailing list archive at Nabble.com.



--
Glen Mazza
Talend Community Coders - coders.talend.com
blog: www.jroller.com/gmazza

Reply via email to