You are viewing a plain text version of this content. The canonical link for it is here.

Posted to fx-dev@ws.apache.org by AyaJava <ja...@gmail.com> on 2007/03/05 05:57:42 UTC

SOAP Body

I am designing the structure of a SOAP message that contains wsse security,
assertions etc. I read that the assertions need to be contained within the
wsse security header, which will be in the soap header. So, I am a little
confused about what will be in the soap body? can it just remain empty?
Appreciate your answers.
-- 
View this message in context: http://www.nabble.com/SOAP-Body-tf3345677.html#a9304725
Sent from the WSS4J mailing list archive at Nabble.com.


---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org

Re: SOAP Body

Posted by A R <ja...@gmail.com>.

Thanks Ruchith, that makes sense. I will leave the body empty.

I have one more question though. I am looking at the sample tests in wss4j,
and I see how symmetric encryption of the header can be done, and the key is
wrapped by RSA.

But is it possible for me to directly encrypt the security header using a
RSA public key? I thought I should be using WSSecEncrypt class, but that
class seems to be accept only symmetric algorithms, whereas I need to
encrypt with a public key, and let the recevier decrypt with their private
key. Can you please provide me with some pointers or if there is a sample
code that I should be looking at, that would be VERY helpful too.

Thanks much, appreciate your help!

-aj

On 3/25/07, Ruchith Fernando <ru...@gmail.com> wrote:
>
> On 3/5/07, AyaJava <ja...@gmail.com> wrote:
> >
> > I am designing the structure of a SOAP message that contains wsse
> security,
> > assertions etc. I read that the assertions need to be contained within
> the
> > wsse security header, which will be in the soap header. So, I am a
> little
> > confused about what will be in the soap body? can it just remain empty?
> > Appreciate your answers.
>
> The assertion can be completely included in the Security header. And
> yes the body can be leaft empty or the body will contain some
> application data depending on the web service.
>
> Thanks,
> Ruchith
>
> > --
> > View this message in context:
> http://www.nabble.com/SOAP-Body-tf3345677.html#a9304725
> > Sent from the WSS4J mailing list archive at Nabble.com.
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> > For additional commands, e-mail: wss4j-dev-help@ws.apache.org
> >
> >
>
>
> --
> www.ruchith.org
> www.wso2.org
>

Re: SOAP Body

Posted by A R <ja...@gmail.com>.

Thanks Ruchith, that makes sense. I will leave the body empty.

I have one more question though. I am looking at the sample tests in wss4j,
and I see how symmetric encryption of the header can be done, and the key is
wrapped by RSA.

But is it possible for me to directly encrypt the security header using a
RSA public key? I thought I should be using WSSecEncrypt class, but that
class seems to be accept only symmetric algorithms, whereas I need to
encrypt with a public key, and let the recevier decrypt with their private
key. Can you please provide me with some pointers or if there is a sample
code that I should be looking at, that would be VERY helpful too.

Thanks much, appreciate your help!

-aj

On 3/25/07, Ruchith Fernando <ru...@gmail.com> wrote:
>
> On 3/5/07, AyaJava <ja...@gmail.com> wrote:
> >
> > I am designing the structure of a SOAP message that contains wsse
> security,
> > assertions etc. I read that the assertions need to be contained within
> the
> > wsse security header, which will be in the soap header. So, I am a
> little
> > confused about what will be in the soap body? can it just remain empty?
> > Appreciate your answers.
>
> The assertion can be completely included in the Security header. And
> yes the body can be leaft empty or the body will contain some
> application data depending on the web service.
>
> Thanks,
> Ruchith
>
> > --
> > View this message in context:
> http://www.nabble.com/SOAP-Body-tf3345677.html#a9304725
> > Sent from the WSS4J mailing list archive at Nabble.com.
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> > For additional commands, e-mail: wss4j-dev-help@ws.apache.org
> >
> >
>
>
> --
> www.ruchith.org
> www.wso2.org
>

Re: SOAP Body

Posted by Ruchith Fernando <ru...@gmail.com>.

On 3/5/07, AyaJava <ja...@gmail.com> wrote:
>
> I am designing the structure of a SOAP message that contains wsse security,
> assertions etc. I read that the assertions need to be contained within the
> wsse security header, which will be in the soap header. So, I am a little
> confused about what will be in the soap body? can it just remain empty?
> Appreciate your answers.

The assertion can be completely included in the Security header. And
yes the body can be leaft empty or the body will contain some
application data depending on the web service.

Thanks,
Ruchith

> --
> View this message in context: http://www.nabble.com/SOAP-Body-tf3345677.html#a9304725
> Sent from the WSS4J mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
>


-- 
www.ruchith.org
www.wso2.org

---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org

Re: SOAP Body

Posted by Ruchith Fernando <ru...@gmail.com>.

On 3/5/07, AyaJava <ja...@gmail.com> wrote:
>
> I am designing the structure of a SOAP message that contains wsse security,
> assertions etc. I read that the assertions need to be contained within the
> wsse security header, which will be in the soap header. So, I am a little
> confused about what will be in the soap body? can it just remain empty?
> Appreciate your answers.

The assertion can be completely included in the Security header. And
yes the body can be leaft empty or the body will contain some
application data depending on the web service.

Thanks,
Ruchith

> --
> View this message in context: http://www.nabble.com/SOAP-Body-tf3345677.html#a9304725
> Sent from the WSS4J mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
>


-- 
www.ruchith.org
www.wso2.org

---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org