You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@servicemix.apache.org by wolf10 <pc...@arcor.de> on 2007/10/18 10:02:11 UTC

WS-Security questions

Hello,

I have two questions related to WS-Securty.

1. If the http-bc consumer receives a soap message including the ws-security
header and is configured like this: 

<http:policies> 
        <soap:ws-security receiveAction="NoSecurity UsernameToken"/> 
</http:policies> 

does that mean that the user information is stored in the security context
in the same way it is done if basic authentication is used?

2. Which other binding components support WS-Security?
For example the file-bc could pick up a soap message and process the
WS-Security header. In principle this would be nice to have for all
components which accept soap messages.

Thank you
Wolfgang
-- 
View this message in context: http://www.nabble.com/WS-Security-questions-tf4645502s12049.html#a13269898
Sent from the ServiceMix - User mailing list archive at Nabble.com.

Re: WS-Security questions

Posted by Freeman Fang <fr...@gmail.com>.

Hi Wolfgang,
Firstly,  servicemix-cxf-bc is based on apache cxf and also a servicemix 
compatible binding component,  this component can leverage ws* feature 
of cxf.
ws-security is soap binding level concept,  apache cxf support 
ws-security and don't care what's the underlying transport 
protocol(http, jms or in your case, ftp transport) is. Which means 
apache cxf has decoupled binding and transport.
But unfortunately,  ftp transport is not a part of open source cxf.  I 
know there is a ftp transport which is based on cxf transport api, but 
it's part of commercial software(IONA Artix).

Best Regards
Freeman

wolf10 wrote:
> Thank you.
>
> I'm looking for a file based binding component such as ftp or file that
> supports WS-Security. Can cxf help me in this regard?
>
> Wolfgang
>
>
> Freeman Fang wrote:
>   
>> Hi Wolfgang,
>>
>> For your second question, our cxf binding component support ws-security. 
>> You can find this component and tests from
>> trunk/deployables/bindingcomponents/servicemix-cxf-bc
>> You need download the lastest trunk since this component is introduced 
>> from servicemix 3.2, which will be released soon.
>> Best Regards
>> Freeman
>>
>> wolf10 wrote:
>>     
>>> Hello,
>>>
>>> I have two questions related to WS-Securty.
>>>
>>> 1. If the http-bc consumer receives a soap message including the
>>> ws-security
>>> header and is configured like this: 
>>>
>>> <http:policies> 
>>>         <soap:ws-security receiveAction="NoSecurity UsernameToken"/> 
>>> </http:policies> 
>>>
>>> does that mean that the user information is stored in the security
>>> context
>>> in the same way it is done if basic authentication is used?
>>>
>>> 2. Which other binding components support WS-Security?
>>> For example the file-bc could pick up a soap message and process the
>>> WS-Security header. In principle this would be nice to have for all
>>> components which accept soap messages.
>>>
>>> Thank you
>>> Wolfgang
>>>   
>>>       
>>     
>
>

Re: WS-Security questions

Posted by wolf10 <pc...@arcor.de>.

Thank you.

I'm looking for a file based binding component such as ftp or file that
supports WS-Security. Can cxf help me in this regard?

Wolfgang


Freeman Fang wrote:
> 
> Hi Wolfgang,
> 
> For your second question, our cxf binding component support ws-security. 
> You can find this component and tests from
> trunk/deployables/bindingcomponents/servicemix-cxf-bc
> You need download the lastest trunk since this component is introduced 
> from servicemix 3.2, which will be released soon.
> Best Regards
> Freeman
> 
> wolf10 wrote:
>> Hello,
>>
>> I have two questions related to WS-Securty.
>>
>> 1. If the http-bc consumer receives a soap message including the
>> ws-security
>> header and is configured like this: 
>>
>> <http:policies> 
>>         <soap:ws-security receiveAction="NoSecurity UsernameToken"/> 
>> </http:policies> 
>>
>> does that mean that the user information is stored in the security
>> context
>> in the same way it is done if basic authentication is used?
>>
>> 2. Which other binding components support WS-Security?
>> For example the file-bc could pick up a soap message and process the
>> WS-Security header. In principle this would be nice to have for all
>> components which accept soap messages.
>>
>> Thank you
>> Wolfgang
>>   
> 
> 

-- 
View this message in context: http://www.nabble.com/WS-Security-questions-tf4645502s12049.html#a13270480
Sent from the ServiceMix - User mailing list archive at Nabble.com.

Re: WS-Security questions

Posted by Freeman Fang <fr...@gmail.com>.

Hi Wolfgang,

For your second question, our cxf binding component support ws-security. 
You can find this component and tests from
trunk/deployables/bindingcomponents/servicemix-cxf-bc
You need download the lastest trunk since this component is introduced 
from servicemix 3.2, which will be released soon.
Best Regards
Freeman

wolf10 wrote:
> Hello,
>
> I have two questions related to WS-Securty.
>
> 1. If the http-bc consumer receives a soap message including the ws-security
> header and is configured like this: 
>
> <http:policies> 
>         <soap:ws-security receiveAction="NoSecurity UsernameToken"/> 
> </http:policies> 
>
> does that mean that the user information is stored in the security context
> in the same way it is done if basic authentication is used?
>
> 2. Which other binding components support WS-Security?
> For example the file-bc could pick up a soap message and process the
> WS-Security header. In principle this would be nice to have for all
> components which accept soap messages.
>
> Thank you
> Wolfgang
>