Hi,
trebor iksrazal wrote:
>I missed the first part of this message. Anyways,
>using jboss you most certainly can write your endpoint
>as an EJB. If the docs aren't helping enough perhaps I
>can show an example of how I've done it.
>
I did not mean that you cannot write an EJB using Jboss :-). I was
referring to applying Message Level Security for an EJB endpoint.
>
>When you say WSSecurity - are you referring to
>applying message level security in the way of XML
>Signatures and XML encryption? While there are a few
>frameworks out there, the one sure fire way to do it
>is to implement javax.xml.rpc.handler.Handler and
>apply the XML Security libs from Apache. The sun guys
>contribute to the project. Googling should turn up
>some examples using that approach.
>
thats a lot of work, and you can use XWSS from JWSDP 2.0
http://java.sun.com/webservices/downloads/webservicespack.html
Thanks.
>
>HTH,
>Robert
>http://www.braziloutsource.com
>
>--- V B Kumar Jayanti <Vbkumar.Jayanti_at_Sun.COM> wrote:
>
>
>
>>Hi,
>>
>> If you want security for an EJB WebService you
>>should seriously
>>consider using Sun Application Server 8.2 or Sun
>>Application Server 9.0.
>>
>> Here are some documents that you can use
>>understand how to secure an
>>EJB Webservice. You client can still be a JWSDP 1.6
>>client and your
>>server can be hosted on Application Server 8.2.
>>
>> There are jwsdp facilities for securing wenb
>>services messages, and the
>>methods for configuring that functionality differs
>>from the methods
>>provided in sun the appserver to configure message
>>layer security. Both
>>mechanisms are implemented by common code; and the
>>focus of the
>>appserver has been to ensure that these mechanisms
>>can be bound to
>>existing apps without changing the application.
>>Please look at the
>>below link.
>>
>>
>>http://docs.sun.com/source/819-0076/ws-security.html
>>
>>These instrcutions should be sufficient to guide you
>>through this
>>process; assuming you are using the appserver
>>configuration mechanisms.
>>
>>It sounds like you may be trying to configure a
>>stand-alone client of an
>>appserver hosted webservice; if this is the case, I
>>think you will need
>>to use the jwsdp config mechanisms on the client;
>>but you should be able
>>to use the appserver mechansims at the EJB endpoint.
>>
>>
>>Thanks...
>>
>>kdduncan (sent by Nabble.com) wrote:
>>
>>
>>
>>>I have a webservice that needs to use WSSecurity.
>>>
>>>
>>When I specify the
>>
>>
>>>'security' option for WSCompile, stubs and ties
>>>
>>>
>>for the webservice use
>>
>>
>>>the com.sun.xml.rpc.security.SecurityPluginUtil
>>>
>>>
>>class to process the
>>
>>
>>>security configuration file I gave WSCompile.
>>>
>>>My problem is that the server side of my
>>>
>>>
>>webservice is deployed as an
>>
>>
>>>EJB and my WSCompile-generated tie class is never
>>>
>>>
>>used! Messages sent
>>
>>
>>>to the webservice are directed to my EJB based on
>>>
>>>
>>my ejb-jar.xml and
>>
>>
>>>webservices.xml files, and the Tie class is never
>>>
>>>
>>invoked (so my
>>
>>
>>>security requirements are not processed).
>>>
>>>Does anyone know how to deploy an EJB webservice
>>>
>>>
>>in such a way that
>>
>>
>>>the Tie class is used to call the service endpoint
>>>
>>>
>>EJB?
>>
>>
>>>The JWSDP 1.6 has a security example but it
>>>
>>>
>>deploys its service
>>
>>
>>>endpoints as servlets in a WAR file using
>>>
>>>
>>WSDeploy. I'm following the
>>
>>
>>>example as closely as possible but I've got to
>>>
>>>
>>deploy my endpoint as
>>
>>
>>>an EJB in an ejb-jar file, so WSDeploy is not
>>>
>>>
>>appropriate.
>>
>>
>>>I'm using J2SDK 1.4.2 with JWSDP 1.6 libraries and
>>>
>>>
>>deploying on JBoss
>>
>>
>>>4.0.2. I use XDoclet to generate my ejb-jar.xml
>>>
>>>
>>file and my
>>
>>
>>>webservices.xml file is written by hand.
>>>The webservice used to run without any security,
>>>
>>>
>>and I generated all
>>
>>
>>>the classes I needed by using the 'import="true"'
>>>
>>>
>>WSCompile option,
>>
>>
>>>which generates request/response structs but not
>>>
>>>
>>stubs and ties. Now I
>>
>>
>>>use 'server="true"' and a second call with
>>>
>>>
>>"client="true"' to get the
>>
>>
>>>stubs and ties, and my client side successfully
>>>
>>>
>>uses the stub (and
>>
>>
>>>security plugin) to make the WS call.
>>>
>>>
>>>
>------------------------------------------------------------------------
>
>
>>>View this message in context: Use WSCompile to
>>>
>>>
>>generate server Tie,
>>
>>
>>>and Tie is never used!
>>>
>>>
>>>
><http://www.nabble.com/Use-WSCompile-to-generate-server-Tie%2C-and-Tie-is-never-used%21-t945857.html#a2450410>
>
>
>>>Sent from the JAX-RPC - User
>>><http://www.nabble.com/JAX-RPC---User-f2630.html>
>>>
>>>
>>forum at Nabble.com.
>>
>>
>>
>>
>>
>
>
>Sufficiently advanced incompetence is indistinguishable from malice.
>
>__________________________________________________
>Do You Yahoo!?
>Tired of spam? Yahoo! Mail has the best spam protection around
>http://mail.yahoo.com
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: users-unsubscribe_at_jax-rpc.dev.java.net
>For additional commands, e-mail: users-help_at_jax-rpc.dev.java.net
>
>
>