aspose file tools*
The moose likes Web Services and the fly likes Consuming secure web-services (Axis2 + Rampart) Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Web Services
Bookmark "Consuming secure web-services (Axis2 + Rampart)" Watch "Consuming secure web-services (Axis2 + Rampart)" New topic
Author

Consuming secure web-services (Axis2 + Rampart)

Sudharsan Govindarajan
Ranch Hand

Joined: Jul 03, 2002
Posts: 319
I have a Axis2 web service secured using Rampart. I do want to consume it, preferably using JAX-WS based clients. Most of the tutorials I was able to find arefor consuming it using Axis2 libraries in the client side. The client should be fairly independent of the WS service framework, as the service can be consumed by Java based, .NET based or even PHP based clients.

Thanks..


Joy is a radiation
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41876
    
  63
As long as the service uses only standard SOAP with WS-Security, any client framework can consume it. The JAX-WS reference would work too (in lieu of Axis), but it doesn't contain a WS-Security implementation, so you need to use the Metro stack instead (which does contain WS-Security).


Ping & DNS - my free Android networking tools app
Sudharsan Govindarajan
Ranch Hand

Joined: Jul 03, 2002
Posts: 319
Thanks, Ulf.
So, the standard JAX-WS with JSE 6 won't cut it then. Can I assume standard WS-Security is implemented in WS frameworks for .NET/PHP?
Peer Reynders
Bartender

Joined: Aug 19, 2005
Posts: 2922
    
    5
Originally posted by Sudharsan Govindarajan:
WS-Security is implemented in WS frameworks for .NET/PHP?


Even for .NET it depends on the version. Up to ASP.NET 2.0 you need to install the Web Service Enhancements (WSE) package to use WS-Security. Starting with .NET 3.0 WS-Security is supported as part of WCF (Windows Communication Foundation).

And I wouldn't count on a PHP client being able to use WS-Security.

While WS-Security is a standard it still is an optional standard. In the case of JAX-WS it simply means that WS-Security is treated as an optional extension implemented as part of the XML and Web Services Security Project (XWSS) which itself is part of the Web Services Interoperability Technologies (WSIT) distribution under the Metro Project.
Sudharsan Govindarajan
Ranch Hand

Joined: Jul 03, 2002
Posts: 319
Wow, lots of projects floating around.
Thanks, Peer!
It clears up a bit, but my choice has become even more confusing. It is disturbing to know that I can't write a standard WSS based service and assume that it can be consumed by any standard WS client
Peer Reynders
Bartender

Joined: Aug 19, 2005
Posts: 2922
    
    5
Originally posted by Sudharsan Govindarajan:
It is disturbing to know that I can't write a standard WSS based service and assume that it can be consumed by any standard WS client


The reality is that the more WS-* extensions you require the more you reduce your potential "consumer audience". SOAP is extensible - that doesn't mean that all SOAP clients are extensible. Theoretically with the extension standard in hand you could tinker with the SOAP envelope to make it work - but nobody does that because it is time-consuming, tedious and error prone. It seems that the Perl and Ruby communities have given up on SOAP and moved towards POX-over-HTTP (Plain Old XML) or RESTful HTTP Web Services - I wouldn't be surprised if PHP is going to follow the move. There a little bit of tinkering can still get you a long way, TLS/SSL provides you with transport security and you can still use XML encryption/digital signature for XML bodies.

So in the end SOAP isn't the universal "over-the-web" service access protocol.
[ December 02, 2008: Message edited by: Peer Reynders ]
Sudharsan Govindarajan
Ranch Hand

Joined: Jul 03, 2002
Posts: 319
TLS/SSL provides you with transport security and you can still use XML encryption/digital signature for XML bodies.


So, it comes to that then, laying my own dirty hands.

So in the end SOAP isn't the universal "over-the-web" service access protocol.


ashok ballu
Ranch Hand

Joined: Sep 17, 2007
Posts: 30
HI,
I am developing a .NET web service client to consume JAVA AXIS2 web service which is secured through rampart.

Could you please help me , how to develop the web service client in .net I mean how to pass the credentials to consume the secured webservice


ASHOK BALLU SCJP1.5 SCWCD1.5
 
jQuery in Action, 2nd edition
 
subject: Consuming secure web-services (Axis2 + Rampart)