• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

How would the client know what kind WS-security to use to access the secured service

 
Ranch Hand
Posts: 68
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hello,

I got a lot of valuable help from this forum early this year to pass my exam. Thanks for all the help!

Now I am doing my first real web service project now. I know quite a lot people in this forum has good real experience and I hope they do not mind helping me here again even though this is not directly exam related.

I implemented a webservice using WS-Security of digital certificate. I am using the WebSphere 5.1 studio wizard so I see the generated ibm-webservices-bnd.xmi and ibm-webservices-ext.xmi two files contain this security integrity configuration. However the WSDL file itself seems has no change compared with the webservice with no-security.

I am wondering how would the webservice client know what kind WS-security he should enable and configure in his side to access my secured web service successfully? Since from WSDL, client won't see WS-security information.

I tried to create two seperate clients. One is with no security at all and the client won't be able to get any thing back from my digital signature enabled webservice. By monitoring with the TCP/IP server, I saw the client get the SOAP Fault with the FaultCode - FailedCheck and FaultString - The SOAP Body is not signed.

The other client I created with WS-Security of digital signature. I monitored this client and see it can successfully access my web service.

Should client just check the fault code to decide which WS-Security to implement at his side to match the webservice endpoint security? Or is there other standard way that the client know from?


-Helen

SCJD, SCWCD, SCDJWS

[ July 11, 2006: Message edited by: Helen Li ]
[ July 11, 2006: Message edited by: Helen Li ]
 
Bartender
Posts: 2968
6
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Have a look over at the Web Services forum:
How would the client know what kind WS-security to use to access the secured service
 
Consider Paul's rocket mass heater.
reply
    Bookmark Topic Watch Topic
  • New Topic