aspose file tools*
The moose likes Web Services and the fly likes This weeks book giveaway Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Web Services
Bookmark "This weeks book giveaway" Watch "This weeks book giveaway" New topic
Author

This weeks book giveaway

Thomas Paul
mister krabs
Ranch Hand

Joined: May 05, 2000
Posts: 13974
A big welcome to Mark O'Neill, author of "Web Services Security".
Mark will be here until Friday to answer you questions. On Friday we will have a drawing and four lucky winners will win a copy of Mark's excellent book.
And a special thanks to McGraw-Hill for providing the books for the giveaway.


Associate Instructor - Hofstra University
Amazon Top 750 reviewer - Blog - Unresolved References - Book Review Blog
M.K.A. Monster
Ranch Hand

Joined: May 02, 2002
Posts: 130
Welcome Mark,
I hope you like our oncoming questions.
Thank you McCraw Hill, you have been publishing the most interesting books I ever bought.
Regards,
Mark Monster
Stanley Tan
Ranch Hand

Joined: May 17, 2001
Posts: 243
Mark,
I'm using SOAP headers right now for authentication. I have a .NET Web service that exposes Web methods but requires a SOAP header to be passed along with the invocation. I've created a Java stub to the .NET Web service using AXIS and all is working fine until I call a method that requires a SOAP header. How do I go about specifying a SOAP header from a Java client that uses a stub generated from AXIS? Thanks for any input!

Stanley
Rama Raghavan
Ranch Hand

Joined: Aug 22, 2001
Posts: 116
Welcome Mark..
What kinda of additives/bells and whistles has Microsoft added to web services that is over and beyond the call of the standards/protocol?
With a known history (unfortunately), always wonder what holes Microsoft leaves open on this front..
Rama
Mark O'Neill
Author
Greenhorn

Joined: Feb 26, 2003
Posts: 5
Originally posted by Stanley Tan:
Mark,
I'm using SOAP headers right now for authentication. I have a .NET Web service that exposes Web methods but requires a SOAP header to be passed along with the invocation. I've created a Java stub to the .NET Web service using AXIS and all is working fine until I call a method that requires a SOAP header. How do I go about specifying a SOAP header from a Java client that uses a stub generated from AXIS? Thanks for any input!

Stanley

Hi Stanley
Putting security data into SOAP headers now means using WS-Security. In terms of AXIS-friendly toolkits for WS-Security, the IBM WSTK is the most useful [e.g. by comparison, VeriSign's TSIK implements WS-Security but has its own SOAP stack].
WS-Security defines how security information is included in a SOAP header. At a simple level, it defines a "Security" element, and the format of security tokens which are put into that element (e.g. a UsernameToken for userid/password, or a BinarySecurityToken for an X.509 digital certificate). It also defines how to apply XML Signature and XML Encryption to these security headers, and to the rest of a SOAP message also.
You haven't specified which security parameters should go into the SOAP header, but let's say if you want to use the Java WSTK to include an X.509 certificate, then (ironically) the best place to learn how to do this is at this MSDN article:
http://msdn.microsoft.com/library/en-us/dnwebsrv/html/wsejavainterop.asp
As usual with Axis, you have to configure a deployment descriptor (WSDD file). The WSDK uses information in this file to determine the signing key, which is taken from a Java keystore (JKS). Note that the private key password and the JKS password both sit in the clear - this clearly isn't ideal and care should be taken that access to this WSDD file is guarded.
Mark O'Neill
Author
Greenhorn

Joined: Feb 26, 2003
Posts: 5
Originally posted by Rama Raghavan:
Welcome Mark..
What kinda of additives/bells and whistles has Microsoft added to web services that is over and beyond the call of the standards/protocol?
With a known history (unfortunately), always wonder what holes Microsoft leaves open on this front..
Rama

Hi Rama,
Looking at the Microsoft/IBM WS-Security model, I can see that a lot of the architecture fits well with Kerberos. Kerberos, of course, is built into Windows 2000, Windows XP, and Windows Server by implementing a Kerberos SSP (Security Support Provider). Kerberos fits the WS-Security model somewhat better than SAML does, for example.
That said, WS-Trust defines how to apply for a different token format (i.e. "token translation") - e.g. how to request an SAML assertion to send to a system which doesn't process Kerberos tickets. So, users are not locked in. I suspect that Web Services security is an area where lock-in is almost out of the question.
M.K.A. Monster
Ranch Hand

Joined: May 02, 2002
Posts: 130
Hello Mark O'Neill,
We have been posting questions in other topics also. I hope that you are there to answer some of our questions.
Regards,
Mark Monster
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: This weeks book giveaway