I have a Axis2 web service secured using Rampart. I do want to consume it, preferably using JAX-WS based clients. Most of the tutorials I was able to find arefor consuming it using Axis2 libraries in the client side. The client should be fairly independent of the WS service framework, as the service can be consumed by Java based, .NET based or even PHP based clients.
As long as the service uses only standard SOAP with WS-Security, any client framework can consume it. The JAX-WS reference would work too (in lieu of Axis), but it doesn't contain a WS-Security implementation, so you need to use the Metro stack instead (which does contain WS-Security).
Originally posted by Sudharsan Govindarajan: WS-Security is implemented in WS frameworks for .NET/PHP?
Even for .NET it depends on the version. Up to ASP.NET 2.0 you need to install the Web Service Enhancements (WSE) package to use WS-Security. Starting with .NET 3.0 WS-Security is supported as part of WCF (Windows Communication Foundation).
And I wouldn't count on a PHP client being able to use WS-Security.
Wow, lots of projects floating around. Thanks, Peer! It clears up a bit, but my choice has become even more confusing. It is disturbing to know that I can't write a standard WSS based service and assume that it can be consumed by any standard WS client
Originally posted by Sudharsan Govindarajan: It is disturbing to know that I can't write a standard WSS based service and assume that it can be consumed by any standard WS client
The reality is that the more WS-* extensions you require the more you reduce your potential "consumer audience". SOAP is extensible - that doesn't mean that all SOAP clients are extensible. Theoretically with the extension standard in hand you could tinker with the SOAP envelope to make it work - but nobody does that because it is time-consuming, tedious and error prone. It seems that the Perl and Ruby communities have given up on SOAP and moved towards POX-over-HTTP (Plain Old XML) or RESTful HTTP Web Services - I wouldn't be surprised if PHP is going to follow the move. There a little bit of tinkering can still get you a long way, TLS/SSL provides you with transport security and you can still use XML encryption/digital signature for XML bodies.
So in the end SOAP isn't the universal "over-the-web" service access protocol. [ December 02, 2008: Message edited by: Peer Reynders ]