Announcement Announcement Module
Collapse
No announcement yet.
WS-Security support Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • WS-Security support

    Hi,

    In one of our projects, we're calling an external webservice. The requests to this webservice should be signed with the aid of WS-Security. The (synchronous) responses are not signed. This signing is done with a certificate stored in a JKS. Currently this is implemented with Axis2 and Rampart that handles the WS-Security part.

    Is this scenario with WS-Security supported (out-of-the-box) by SI ?
    If yes, how should this be configured ?
    If not, are there any plans to support it in one of the next releases ?

    Regards, Stefan Lecho.

  • #2
    Spring Integration uses Spring WS for the WS source, target and gateways. You should check on the WS forums for discussions on the topic. I know that Spring WS supports WS-Security in 1.5 so I think you'll be successful.

    Comment


    • #3
      Hi Stefan,

      You'll need to leverage the Spring-WS API for that.

      When Spring Integration comes into discussion, you can inject a WebServiceMessageCallback in your (Simple|Marshalling)WebServiceHandler. At this point, this will require using a bean rather than the namespace element. In this callback, you can secure your outgoing message as with any outgoing Spring-WS message.

      Regards,
      Marius

      Comment


      • #4
        Could someone please open a JIRA issue to include namespace support for the callback?

        Thanks,
        Mark

        Comment


        • #5
          http://jira.springframework.org/browse/INT-257

          Comment


          • #6
            The 'request-callback' attribute is now available on the <ws-handler/> element (as of r690 in SVN).

            -Mark

            Comment


            • #7
              please add wssecurityinterceptor support on WSOutboundGateway

              Spring-WS has nice support for WS-Security that cannot be used in Spring Integration because of the lack of namespace support. I am trying to validate a signed response using wsOutboundGateway. request-callback only helps to sign a request. How can I validate a response?

              Comment


              • #8
                In general the statement "x cannot be used for lack of namespace support" is false.

                That said, lack of namespace support can make your configuration unreasonably verbose, so if you have a good suggestion for namespace support for something, please create an issue. Preferrably this issue should have an example of your configuration without namespace support, and a suggestion to how the configuration would look with namespace.

                Comment

                Working...
                X