WS-Security interoperability workarounds: websphere, JBoss, axis and. net

Source: Internet
Author: User
Tags soap client jboss
1.. Net client-> webspherews Service

Restrictions:

  1. WSe 3.0 will insert WS-Addressing elements in outgoing SOAP message by default.

  2. Unfortunately, its <action> element will be empty by default.

  3. I have not found any way to remove WSA elements within WSE 3.0.

  4. Once you provide WSA elements in SOAP message, webspherews will dispatch the message according to these elements, even the mustunderstand is 0/false.

  5. I have not found any way to make webspherews omit WSA elements.

  6. Then, webspherews will complain that <action> is empty.

Workaround:

Add the "Action" Property of soaprpcmethodattribute/soapdocumentmethodattribute:

[SoapRpcMethod("", Action="price", RequestNamespace="..", ResponseNamespace="..", Use=SoapBindingUse.Literal)]
[return: System.Xml.Serialization.XmlElementAttribute("priceReturn")]
public string price(string arg_0_0) {
    object[] results = this.Invoke("price", new object[] {arg_0_0});
    return ((string)(results[0]));
}

Or in code you can insert the following line:proxy.RequestSoapContext.Addressing.Action = new Action( "price" ); But it seems not work.

Another tip: WS-Addressing vs. TCP Monitor

When you route SOAP message with WSA elements via TCP monitor. net service, the <to> element is incorrect because the port number is the port tcp monitor listening, not the port of final service. so you shoshould make. net service omit these WSA elements, just add soapactorattribute to the service class without any properties:

[WebService(Namespace = "http://tempuri.org/")]
[WebServiceBinding(ConformsTo = WsiProfiles.BasicProfile1_1)]
[SoapActor()]
public class Service : WebService{
}

2. jbossws client/webspherews client->. net service

Restrictions:

  1. By default,. net service will assume aes-256 is used as your Ric key algorithm by soap client when applying encryption.

  2. I have not found any way to specify other policric key algorithms for. net service, both <keyexchangeformatters> and <keyalgorithm> does not work.

  3. Both jbossws and webspherews client do not use the aes-256 as your Ric key algorithm by default.

  4. In fact, both Sun JDK and ibm jdk do not support those algorithms that need a key whose size is longer than 128bit by default due to import control restrictions of some countries.

Workaround:

  1. First, change the algorithm to aes-256 via IBM webspherews toolkit for webspherews or configuration file for jbossws:<encrypt type="x509v3" alias="wse2" algorithm="aes-256" />

  2. Second, download the "JCE unlimited strength jurisdiction policy files" fron sun or IBM, and replace the original jars under JRE/lib/security folder

Another tip:

The configuration files schema of jbossws can be found at $ jbossws/src/main/resources/Schema folder.

 

3. wss4j vs. bouncycastle

Wss4j has not been fully tested with sun JCE provider and ibm jce provider. they suggest using bouncycastle as the default JCE provider, So download the JAR file and put it to classpath, then modify $ jre_home/lib/security/Java. security:

Security. provider.1 = org. bouncycastle. JCE. provider. bouncycastleprovider

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.