Highest Voted 'ws-security' Questions

60

votes

3 answers

Correct way communicate WSSE Usernametoken for SOAP webservice

I am attempting to consume a web service through its corresponding wsdl. This service is dependent upon authentication conforming to Web Services Security Basic Security Profile 1.0 including that the correct xmls namespace of…

asked Apr 29 '11 at 19:47

Chris Marisic

30,638
21
158
255

44

votes

1 answer

In WCF/WIF how to merge up claims from two different client's custom sts's tokens

I'm trying to create something like: Client authenticates and gets token from custom STS1, next client authorizes with machine key and is issued token on custom STS2 and gets another token. With last token, client requests methods on RP service. All…

c# wcf wif ws-security ws-federation

asked Jun 09 '15 at 03:50

myrx

451
3
7

44

votes

1 answer

Prevent XXE Attack with JAXB

Recently, we had a security audit on our code, and one of the problem is that our application is subject to the Xml eXternal Entity (XXE) attack. Basically, the application is a calculator that receives inputs as XML, through a Web-Service. Here is…

java security jaxb ws-security xxe

asked Oct 19 '12 at 15:14

Romain Linsolas

73,921
45
197
265

36

votes

4 answers

User/Pass Authentication using RESTful WCF & Windows Forms

What is the best approach to implementing authorisation/authentication for a Windows Forms app talking to an IIS-hosted RESTful WCF Service? The reason I ask is I am very confused, after sifting through different articles and posts expressing a…

.net wcf restful-authentication ws-security

asked Dec 28 '08 at 05:47

GONeale

25,353
21
101
146

34

votes

10 answers

JAX-WS - Adding SOAP Headers

I am trying to create a standalone client to consume some web services. I must add my username and password to the SOAP Header. I tried adding the credentials as follows: OTSWebSvcsService service = new OTSWebSvcsService(); OTSWebSvcs port =…

java web-services soap jax-ws ws-security

asked Feb 24 '10 at 00:57

Jordan Allan

4,224
7
28
34

32

votes

7 answers

Connecting to WS-Security protected Web Service with PHP

I am trying to connect to a Web Service which is password protected and the url is https. I can't figure out how to authenticate before the script makes a request. It seems like it makes a request as soon as I define the service. For instance, if I…

php web-services soap ws-security

asked Jun 04 '09 at 23:38

Anthony

34,084
23
90
154

26

votes

3 answers

Can not get key from KeyStore

I try to get Key from KeyStore. I created a keystore by Keytool: keytool -genkeypair -dname "cn=Mark Jones, ou=JavaSoft, o=Sun, c=US" -alias business2 -keypass abcdtest -keystore C:\workspace\XMLSample\keystore\mykeystore.jks -storepass 123456 And…

java ws-security

asked Aug 24 '09 at 10:20

MartinJoo

2,394
8
29
38

24

votes

2 answers

How to make WCF Client conform to specific WS-Security - sign UsernameToken and SecurityTokenReference

I need to create a wcf client to call a service that I have no control over. I have been given a wsdl and a working soapui project. The service uses both a username/password and a x509 certificate. UPDATE I now understand what the problem is, but…

c# wcf x509certificate ws-security

asked Oct 11 '12 at 04:27

Steve B

413
1
3
13

22

votes

4 answers

Example of SOAP request authenticated with WS-UsernameToken

I'm trying to authenticate a SOAP request using WS-UsernameToken spec, but the target device is always denying access. My non-working request looks like this. (The password I'm trying to hash is system.)

web-services soap ws-security digest usernametoken

asked Aug 10 '10 at 11:39

che

11,712
7
42
69

22

votes

1 answer

Corresponding SOAP UI vs Spring-ws

Soap UI has the following option "Use single certificate for signing" what is the corresponding spring-ws config?

soapui ws-security spring-ws

asked Jun 01 '13 at 15:59

user48545

2,671
9
27
41

22

votes

5 answers

Calling .NET Web Service (WSE 2/3, WS-Security) from Java

I need to call a web service written in .NET from Java. The web service implements the WS-Security stack (either WSE 2 or WSE 3, it's not clear from the information I have). The information that I received from the service provider included WSDL,…

java .net axis2 ws-security wse

asked Aug 19 '08 at 15:54

Michael Sharek

4,951
2
27
33

19

votes

2 answers

Rampart PostDispatchVerificationHandler: InvalidSecurity - Security policy not found

Edit: I tweaked the Rampart configuration a little and I am now stuck at another point. In Rampart's PostDispatchVerificationHandler an exception is thrown, because the security header hasn't been processed. // If a security header is there and…

java web-services axis2 ws-security rampart

asked Oct 25 '13 at 18:44

Jonas

191
1
6

18

votes

1 answer

Trying to digitally sign SOAP call with x.509 certificate in PHP

I'm working with a client, trying to send and receive soap calls using PHP. They have ws-security set up, and use an x.509 certificate for authentication. I have been able to get this to work using SoapUI, but I haven't been able to work with it…

php xml web-services soap ws-security

asked Nov 13 '15 at 15:39

MattA

181
1
4

18

votes

2 answers

Policy for signing and encrypting

I need to implement a jax-ws client. Here is what the provider docs say about security Currently, we use the SOAP Message Security version 1.0 specification at …

java web-services jax-ws ws-security java-metro-framework

asked May 14 '12 at 11:14

ymajoros

2,220
3
30
56

17

votes

1 answer

Disable InclusiveNamespaces in axis/rampart client

I'm connecting to a webservice with axis/rampart and was told to remove the InclusiveNamespaces as the prefixList was "" which is not allowed. How do I do that? The part looks like

java axis2 ws-security rampart

asked Sep 02 '13 at 23:13

Perre

641
1
7
12

1

2 3

…

61 62 Next

Questions tagged [ws-security]