Home > Archive > Java Security > August 2005 > Basic question about WebServices and XWS-Security
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Basic question about WebServices and XWS-Security
|
|
|
| Hello,
I actually hope this is a basic question, but I can't solve it:
I have a WebService running on the AppServer and a standalone java client.
The webservice has been deployed using the Deployment tool and it
communicates with the client without any problem.
I now want to add a UserName token to each message, using XWS-Security.
Like in the tutorial, I created an xml-file for the client and the
server. That xml-file says to include a Username token and says wich
class is the CallbackHandler (the class that looks up or validates the
username and pass).
This works at the client side... but how do I include this at serverside?
The way I construct a webservice, I only use wscompile (where you enable
the -security-option) to create the wsdl-file and the mapping-file (as
described in the J2EE-tutorial). But this way the server doesn't even
seem to notice that there is a security configuration (not understood
fault).
Do I have to enable something in deploytool? Do I have to use an other
method?
The JWSDP-tutorial follows an other way to create the webservice (using
asant-tasks), but I'd really like to use deploytool for this.
Any help? The deadline for this project is getting very close...
Thanks in advance,
Thomas
| |
|
| T. wrote:
> Hello,
>
> I actually hope this is a basic question, but I can't solve it:
>
> I have a WebService running on the AppServer and a standalone java client.
> The webservice has been deployed using the Deployment tool and it
> communicates with the client without any problem.
>
> I now want to add a UserName token to each message, using XWS-Security.
> Like in the tutorial, I created an xml-file for the client and the
> server. That xml-file says to include a Username token and says wich
> class is the CallbackHandler (the class that looks up or validates the
> username and pass).
I have found the solution myself. It seams that it's impossible to use
the regular deploytool method to create a webservice with XWS-security.
Instead you have to make a raw war and a deployable war using wsdeploy
(as described in the JWSDP-tutorial, simple sample). Afterwards you can
still load the created war in deploytool to add more options.
Hope maybe this helps someone who's experiencing the same problems.
Thomas
|
|
|
|
|