>> 3) If I do not mention signatureParts, encryptionParts, >> encryptionSymAlgorithm properties in interceptors, what are the default >> algorithms used or *which algorithm is your suggestion* ? (If you could >> point me to any tutorial, that will be great. Thanks)
Here are the default values: signatureParts - The SOAP Body is signed (if the signature action is specified) encryptionParts - The SOAP Body is encrypted (if the encryption action is specified) encryptionSymAlgorithm - AES-128 You might find the following page useful: http://ws.apache.org/wss4j/config.html Colm. On Fri, Mar 2, 2012 at 5:22 PM, Glen Mazza <[email protected]> wrote: > On 03/02/2012 12:02 PM, kumarasamyr wrote: >> >> I have few questions here, >> >> >> 1) *I do not see any changes in WSDL (generated from IE) after adding >> security(Signature,Encrypt)*. Because How webservice consumer knows about >> the security(in my case, there are BPM and .net consumers)? > > > None of the tools create Policy statements for you. You either have a WSDL > with WS-Policy already in place (created manually or with help from NetBeans > -- see the Metro security articles #13, #15 on my blog[1]), or if you don't > wish to use WS-Policy, then you use the interceptor approach. > > >> >> >> 2) Is there any *free *alternatives available for bcprov-jdk15-146.jar >> (BouncyCastle encryption library)? - Just for knowledge >> > > I thought BC is free: http://www.bouncycastle.org/licence.html. But I'm > unsure if you need it anyway -- IIRC that's only if the cryptographic > algorithms already provided by the JDK are not what you want. > > > >> 3) If I do not mention signatureParts, encryptionParts, >> encryptionSymAlgorithm properties in interceptors, what are the default >> algorithms used or *which algorithm is your suggestion* ? (If you could >> point me to any tutorial, that will be great. Thanks) > > > Nothing should get encrypted/signed in that case. If you don't have > specific encryption requirements (i.e., if you have to ask us), you might > consider just encrypting the SOAP calls using SSL (i.e., using simpler > transport- instead of message-layer encryption without need for Policy > statements) see article #11 of [1]. > > > [1] http://www.jroller.com/gmazza/entry/blog_article_index > > >> >> >> 4) How do I log the original request and response(request and response >> without encryption) when I use security encryption? atleast I want in >> server >> side for debugging. > > > https://cwiki.apache.org/CXF20DOC/debugging-and-logging.html should take > care of you. > > HTH, > Glen > > >> >> >> Thanks, >> Kumar >> >> -- >> View this message in context: >> http://cxf.547215.n5.nabble.com/CXF-Webservice-Security-tp5531555p5531555.html >> Sent from the cxf-user mailing list archive at Nabble.com. > > > > -- > Glen Mazza > Talend Community Coders - coders.talend.com > blog: www.jroller.com/gmazza > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
