You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-user@axis.apache.org by Jayavarshini Radhakrishnan <ja...@gmail.com> on 2007/12/14 18:49:10 UTC
axis2: Security for SwA
Hi,
We have implemented Axis2 for trading SOAP messages. As described by Axis2,
we are using the Rampart module and Neethi policy to implement SOAP
security. However, Rampart doesn't support SwA(SOAP with Attachment)
security. Hence, I am trying to create a custom policy, which I can add it
as policy component to Neethi. However, I am unable to get any guidelines
for creating policy for securing attachments. I am new to this, so If I am
on the wrong track, please let me know. Any help/guidelines would be
appreciated.
Thanks,
Jaya
Re: axis2: Security for SwA
Posted by Anne Thomas Manes <at...@gmail.com>.
I concur with Paul -- a better solution is to use MTOM in place of
SwA. If you must use SwA, then you will need to use a combination of
SSL and WS-Security. See the WS-I Basic Security Profile for advice.
http://www.ws-i.org/Profiles/BasicSecurityProfile-1.0.html.
Anne
On Dec 14, 2007 1:24 PM, Paul Fremantle <pz...@gmail.com> wrote:
> The reason Rampart doesn't support SwA security is not solved by a little
> bit of policy! The problem is that Rampart is based on XML security and the
> SwA message is not in XML. A much simpler solution is to move to use MTOM
> which is more interoperable and is fully supported in every aspect by
> Rampart.
>
> Paul
>
>
>
> On Dec 14, 2007 5:49 PM, Jayavarshini Radhakrishnan <ja...@gmail.com>
> wrote:
> > Hi,
> >
> > We have implemented Axis2 for trading SOAP messages. As described by
> Axis2, we are using the Rampart module and Neethi policy to implement SOAP
> security. However, Rampart doesn't support SwA(SOAP with Attachment)
> security. Hence, I am trying to create a custom policy, which I can add it
> as policy component to Neethi. However, I am unable to get any guidelines
> for creating policy for securing attachments. I am new to this, so If I am
> on the wrong track, please let me know. Any help/guidelines would be
> appreciated.
> >
> > Thanks,
> > Jaya
>
>
>
> --
> Paul Fremantle
> Co-Founder and VP of Technical Sales, WSO2
> OASIS WS-RX TC Co-chair
>
> blog: http://pzf.fremantle.org
> paul@wso2.com
>
> "Oxygenating the Web Service Platform", www.wso2.com
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org
Re: axis2: Security for SwA
Posted by Paul Fremantle <pz...@gmail.com>.
The reason Rampart doesn't support SwA security is not solved by a little
bit of policy! The problem is that Rampart is based on XML security and the
SwA message is not in XML. A much simpler solution is to move to use MTOM
which is more interoperable and is fully supported in every aspect by
Rampart.
Paul
On Dec 14, 2007 5:49 PM, Jayavarshini Radhakrishnan <ja...@gmail.com>
wrote:
> Hi,
>
> We have implemented Axis2 for trading SOAP messages. As described by
> Axis2, we are using the Rampart module and Neethi policy to implement SOAP
> security. However, Rampart doesn't support SwA(SOAP with Attachment)
> security. Hence, I am trying to create a custom policy, which I can add it
> as policy component to Neethi. However, I am unable to get any guidelines
> for creating policy for securing attachments. I am new to this, so If I am
> on the wrong track, please let me know. Any help/guidelines would be
> appreciated.
>
> Thanks,
> Jaya
--
Paul Fremantle
Co-Founder and VP of Technical Sales, WSO2
OASIS WS-RX TC Co-chair
blog: http://pzf.fremantle.org
paul@wso2.com
"Oxygenating the Web Service Platform", www.wso2.com