• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Consuming secure web-services (Axis2 + Rampart)

 
Sudharsan Govindarajan
Ranch Hand
Posts: 319
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have a Axis2 web service secured using Rampart. I do want to consume it, preferably using JAX-WS based clients. Most of the tutorials I was able to find arefor consuming it using Axis2 libraries in the client side. The client should be fairly independent of the WS service framework, as the service can be consumed by Java based, .NET based or even PHP based clients.

Thanks..
 
Ulf Dittmer
Rancher
Posts: 42967
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
As long as the service uses only standard SOAP with WS-Security, any client framework can consume it. The JAX-WS reference would work too (in lieu of Axis), but it doesn't contain a WS-Security implementation, so you need to use the Metro stack instead (which does contain WS-Security).
 
Sudharsan Govindarajan
Ranch Hand
Posts: 319
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks, Ulf.
So, the standard JAX-WS with JSE 6 won't cut it then. Can I assume standard WS-Security is implemented in WS frameworks for .NET/PHP?
 
Peer Reynders
Bartender
Posts: 2968
6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Sudharsan Govindarajan:
WS-Security is implemented in WS frameworks for .NET/PHP?


Even for .NET it depends on the version. Up to ASP.NET 2.0 you need to install the Web Service Enhancements (WSE) package to use WS-Security. Starting with .NET 3.0 WS-Security is supported as part of WCF (Windows Communication Foundation).

And I wouldn't count on a PHP client being able to use WS-Security.

While WS-Security is a standard it still is an optional standard. In the case of JAX-WS it simply means that WS-Security is treated as an optional extension implemented as part of the XML and Web Services Security Project (XWSS) which itself is part of the Web Services Interoperability Technologies (WSIT) distribution under the Metro Project.
 
Sudharsan Govindarajan
Ranch Hand
Posts: 319
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Wow, lots of projects floating around.
Thanks, Peer!
It clears up a bit, but my choice has become even more confusing. It is disturbing to know that I can't write a standard WSS based service and assume that it can be consumed by any standard WS client
 
Peer Reynders
Bartender
Posts: 2968
6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Sudharsan Govindarajan:
It is disturbing to know that I can't write a standard WSS based service and assume that it can be consumed by any standard WS client


The reality is that the more WS-* extensions you require the more you reduce your potential "consumer audience". SOAP is extensible - that doesn't mean that all SOAP clients are extensible. Theoretically with the extension standard in hand you could tinker with the SOAP envelope to make it work - but nobody does that because it is time-consuming, tedious and error prone. It seems that the Perl and Ruby communities have given up on SOAP and moved towards POX-over-HTTP (Plain Old XML) or RESTful HTTP Web Services - I wouldn't be surprised if PHP is going to follow the move. There a little bit of tinkering can still get you a long way, TLS/SSL provides you with transport security and you can still use XML encryption/digital signature for XML bodies.

So in the end SOAP isn't the universal "over-the-web" service access protocol.
[ December 02, 2008: Message edited by: Peer Reynders ]
 
Sudharsan Govindarajan
Ranch Hand
Posts: 319
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
TLS/SSL provides you with transport security and you can still use XML encryption/digital signature for XML bodies.


So, it comes to that then, laying my own dirty hands.

So in the end SOAP isn't the universal "over-the-web" service access protocol.


 
ashok ballu
Ranch Hand
Posts: 30
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
HI,
I am developing a .NET web service client to consume JAVA AXIS2 web service which is secured through rampart.

Could you please help me , how to develop the web service client in .net I mean how to pass the credentials to consume the secured webservice
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic