Hi All , I have a webservices inside a firewall that needs to be accessed by the DMZ servers .. The firewall can only be crossed using message queues as no other ports are exposed. I can not make a direct connection to the SOAP services. I have an application which already does reading of message queues and calling the web services inside the firewall. Web services security is not in place yet. My question is that if I implement web services security can I still go this route across the firewall or do I need to call a web services directly . Does web services security require that only directly calling SOAP services can have web service security. If there is a in between proxy will the encrptyed info still remain intact when sent across as message. Thanks DJ
You'd have to specify what kind of "web services security" you're talking about. If the security comes from encryption in the transport layer (HTTPS), you'll need to intercept the requests and proxy them to the actual web service implementation through the message queue. If the security element is embedded into your SOAP envelopes (Digital Signatures and XML-Encryption), you shouldn't need to do anything extra because to an outsider (such as the message queue), the encrypted messages look just like any other SOAP envelope.
Thanks for the quick response. I want to implement security at the transport layer as well as the SOAP envelope. If I do that. Does the transport layer handle the decrpytion encrytion similarly to a normal https request. I get that since SOAP envelope would not interfere at transport level ..it should behave similar to a https protocol whether to a servlet or to webservices. Also I am slightly confused about the SOAP envelope implementation if I do thru the message queue. The web service proxy client which sends the request over to the DMZ message queue .. will that need to have any extra implementations over a normal SOAP proxy. Thanks Dhiren
Joined: Jan 23, 2002
I'm unable to guide you with the proxy implementation. However, if you're working with WebSphere Network Deployment Edition and WebSphere MQ, you should be able to use a component called Web Services Gateway.
subject: Web services security implementation question