I missed the first part of this message. Anyways,
using jboss you most certainly can write your endpoint
as an EJB. If the docs aren't helping enough perhaps I
can show an example of how I've done it.
When you say WSSecurity - are you referring to
applying message level security in the way of XML
Signatures and XML encryption? While there are a few
frameworks out there, the one sure fire way to do it
is to implement javax.xml.rpc.handler.Handler and
apply the XML Security libs from Apache. The sun guys
contribute to the project. Googling should turn up
some examples using that approach.
HTH,
Robert
http://www.braziloutsource.com
--- V B Kumar Jayanti <Vbkumar.Jayanti_at_Sun.COM> wrote:
> Hi,
>
> If you want security for an EJB WebService you
> should seriously
> consider using Sun Application Server 8.2 or Sun
> Application Server 9.0.
>
> Here are some documents that you can use
> understand how to secure an
> EJB Webservice. You client can still be a JWSDP 1.6
> client and your
> server can be hosted on Application Server 8.2.
>
> There are jwsdp facilities for securing wenb
> services messages, and the
> methods for configuring that functionality differs
> from the methods
> provided in sun the appserver to configure message
> layer security. Both
> mechanisms are implemented by common code; and the
> focus of the
> appserver has been to ensure that these mechanisms
> can be bound to
> existing apps without changing the application.
> Please look at the
> below link.
>
>
> http://docs.sun.com/source/819-0076/ws-security.html
>
> These instrcutions should be sufficient to guide you
> through this
> process; assuming you are using the appserver
> configuration mechanisms.
>
> It sounds like you may be trying to configure a
> stand-alone client of an
> appserver hosted webservice; if this is the case, I
> think you will need
> to use the jwsdp config mechanisms on the client;
> but you should be able
> to use the appserver mechansims at the EJB endpoint.
>
>
> Thanks...
>
> kdduncan (sent by Nabble.com) wrote:
>
> > I have a webservice that needs to use WSSecurity.
> When I specify the
> > 'security' option for WSCompile, stubs and ties
> for the webservice use
> > the com.sun.xml.rpc.security.SecurityPluginUtil
> class to process the
> > security configuration file I gave WSCompile.
> >
> > My problem is that the server side of my
> webservice is deployed as an
> > EJB and my WSCompile-generated tie class is never
> used! Messages sent
> > to the webservice are directed to my EJB based on
> my ejb-jar.xml and
> > webservices.xml files, and the Tie class is never
> invoked (so my
> > security requirements are not processed).
> >
> > Does anyone know how to deploy an EJB webservice
> in such a way that
> > the Tie class is used to call the service endpoint
> EJB?
> >
> > The JWSDP 1.6 has a security example but it
> deploys its service
> > endpoints as servlets in a WAR file using
> WSDeploy. I'm following the
> > example as closely as possible but I've got to
> deploy my endpoint as
> > an EJB in an ejb-jar file, so WSDeploy is not
> appropriate.
> >
> > I'm using J2SDK 1.4.2 with JWSDP 1.6 libraries and
> deploying on JBoss
> > 4.0.2. I use XDoclet to generate my ejb-jar.xml
> file and my
> > webservices.xml file is written by hand.
> > The webservice used to run without any security,
> and I generated all
> > the classes I needed by using the 'import="true"'
> WSCompile option,
> > which generates request/response structs but not
> stubs and ties. Now I
> > use 'server="true"' and a second call with
> "client="true"' to get the
> > stubs and ties, and my client side successfully
> uses the stub (and
> > security plugin) to make the WS call.
> >
>
------------------------------------------------------------------------
> > View this message in context: Use WSCompile to
> generate server Tie,
> > and Tie is never used!
> >
>
<
http://www.nabble.com/Use-WSCompile-to-generate-server-Tie%2C-and-Tie-is-never-used%21-t945857.html#a2450410>
> > Sent from the JAX-RPC - User
> > <http://www.nabble.com/JAX-RPC---User-f2630.html>
> forum at Nabble.com.
>
>
>
Sufficiently advanced incompetence is indistinguishable from malice.
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com