[jboss-user] [JBossWS] - Ws-Security and Authentication

[kristof_taveirne]

Hi,

I'm starting out doing some experimenting with WS-Security and i'm running into a few problems/questions.

I want 2 things.
First I want to do some authentication.
And second I want to sign the message i've send to the server.

For authentication I was thinking about Jaas. So I did the following on the client side:

((Stub)port)._setProperty(javax.xml.rpc.Stub.USERNAME_PROPERTY, "me");		((Stub)port)._setProperty(javax.xml.rpc.Stub.PASSWORD_PROPERTY, "myPassword");

I've configured my ejb based web service by configuring the ejb-jar.xml file.

This works great.

Now, I also want to sign my message using ws-security by adding
   
   	 
   
to the jboss-wsse-server.xml file.

This also works.

But now: 
- How do I know that the signature belongs to the person that logs in using the username/password properties?

- I've seen there is no  in the schema for the jboss-wsse-server.xml config file that could also do this instead of using the Basic Auth in the HTTP header. Howcome?

I in fact want to do some authentication using a x509 certificate in the sense that the user is able to use the web service if it is known in the truststore of the server. Can somebody give me some directions on how I could do this?

I have some experience using xws-security from Sun's JWSDP, but I would like to learn how I can transform some things to JBoss.

All help/directions are welcome!

Greetings,
Kristof.

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3965827#3965827

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3965827