Java Web Service: Axis2 ws-security Basics

Source: Internet
Author: User
Tags soap sha1 web services xmlns java web

Introduction: Learn how to add the Rampart security module to the Apache Axis2 and start using the Ws-security attribute in a Web service.

Security is an important requirement for many enterprise services. Also, trying to achieve your own security is risky, as any minor negligence can lead to serious security vulnerabilities. These characteristics raise interest in the standardization of security handling, and many experts contribute to the standards and avoid any personal omissions. SOAP-based WEB services can use widely supported ws-security and related standards to meet their security needs, allowing for the appropriate configuration of security for each service.

The Apache AXIS2 supports these security standards through the Rampart module (see Resources). In this article, you will see how to install, configure, and use Rampart for AXIS2 to achieve the basic security features of sending a username and password in a service request. In subsequent articles in this series, you will understand how to use Rampart to implement more complex security.

Ws-security

Ws-security is a standard for adding security to SOAP WEB service message exchange (see Resources). It attaches security information to the message using a SOAP message header element, passing different types of declarations (including name, identity, key, group, privileges, features, and so on) and encryption and digital signature information in the form of a token (token). Ws-security supports multiple forms of tokens, multiple trusted domains, multiple signature formats, and multiple encryption techniques, so that in most cases the header information needs to contain specific formatting and algorithm recognition for each type of content. Additional information can result in a complex structure of the header information, as shown in Listing 1 (for a large number of edits)-a sample message that contains a signature and an encryption:

Listing 1. Sample messages that contain signatures and encryption

<soap:envelope xmlns:soap= "http://schemas.xmlsoap.org/soap/envelope/" ...>
<soap:Header>
<wsse:security soap:mustunderstand= "1" >
<wsu:timestamp wsu:id= "TIMESTAMP-D2E3C4AA-DA82-4138-973D-66B596D66B2F" >
<wsu:Created>2006-07-11T21:59:32Z</wsu:Created>
<wsu:Expires>2006-07-12T06:19:32Z</wsu:Expires>
</wsu:Timestamp>
<wsse:binarysecuritytoken valuetype= "...-x509-token-profile-1.0#x509v3"
Encodingtype= "...-wss-soap-message-security-1.0#base64binary"
Xmlns:wsu= "... oasis-200401-wss-wssecurity-utility-1.0.xsd"
Wsu:id= "securitytoken-faa295 ..." >MIIEC56MQswCQY...</wsse:BinarySecurityToken>
<xenc:encryptedkey xmlns:xenc= "http://www.w3.org/2001/04/xmlenc#" >
<xenc:encryptionmethod algorithm= "Http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
<keyinfo xmlns= "http://www.w3.org/2000/09/xmldsig#" >
<wsse:SecurityTokenReference>
<wsse:keyidentifier valuetype=
"... #X509SubjectKeyIdentifier" >LlYsHyhNnOVA9Aj7...</wsse:KeyIdentifier>
</wsse:SecurityTokenReference>
</KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>g+A2WJhsoGBKUydZ9Za...</xenc:CipherValue>
</xenc:CipherData>
<xenc:ReferenceList>
<xenc:datareference uri= "#EncryptedContent-ba0556c3-d443-4f34-bcd1-14cbc32cd689"/>
</xenc:ReferenceList>
</xenc:EncryptedKey>
<signature xmlns= "http://www.w3.org/2000/09/xmldsig#" >
<SignedInfo>
<ds:canonicalizationmethod
Algorithm= "http://www.w3.org/2001/10/xml-exc-c14n#"
xmlns:ds= "http://www.w3.org/2000/09/xmldsig#"/>
<signaturemethod algorithm= "Http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<reference uri= "#Id-c80f735c-62e9-4001-8094-702a4605e429" >
<Transforms>
<transform algorithm= "http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<digestmethod algorithm= "Http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>lKjc5nyLQDZAIu/hZb4B6mLquow=</DigestValue>
</Reference>
...
</SignedInfo>
<SignatureValue>TiLmWvlz3mswinLVQn58BgYS0368...</SignatureValue>
<KeyInfo>
<wsse:SecurityTokenReference>
<wsse:reference uri= "#SecurityToken-faa295 ..."
Valuetype= "...-x509-token-profile-1.0#x509v3"/>
</wsse:SecurityTokenReference>
</KeyInfo>
</Signature>
</wsse:Security>
</soap:Header>
<soap:body wsu:id= "ID-8DB9FF44-7BEF-4737-8091-CDAC51A34DB8" >
<xenc:encrypteddata id= "Encryptedcontent-ba05 ..."
Type= "Http://www.w3.org/2001/04/xmlenc#Content"
xmlns:xenc= "http://www.w3.org/2001/04/xmlenc#" >
<xenc:encryptionmethod algorithm= "HTTP://WWW.W3.ORG/2001/04/XMLENC#AES128-CBC"/>
<xenc:CipherData>
<xenc:CipherValue>mirmi0KuFEEI56eu2U3cICz...</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</soap:Body>
</soap:Envelope>

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.