Announcement Announcement Module
No announcement yet.
WS-Security in WSDL Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • WS-Security in WSDL

    How are the WS-Security details represented in wsdl file?

    Can Spring DynamicWsdl11Definition generate the required security details in wsdl based on the security policy file?


  • #2
    did you figured it out this?

    Is it mandatory to include security in wsdl ??


    • #3
      No,I have not fugured it out.

      It's not mandatory but i perfer communicating security details through wsdl rather than out of band. By putting it in wsdl, a tool can generate the appropriate client proxy for handling security.


      • #4
        By reading other threads thru google we need to add soap header definition in the wsdl including oasis xsds/ None of the example are clear. Its weired we are only the one looking for this?


        • #5
          I am also looking for this, and I think the correct way to do it is to use WS-Policy, or more specific, WS-SecurityPolicy. I have posted a question on this mailinglist yesterday asking if anyone has any experience using WS-Policy, but have so far not received any responses.



          • #6
            When I use SOAP UI as client it does adds security tokens ( digest password)
            for me even though wsdl doesn't contain any security tokens defined.
            But If use XmLspy it doesn't know how to add security info as part of soap header info. At this point I am not sure should I not worry about adding security token in wsdl or not??


            • #7
              Hi Guys,
              I have posted questions in another forums and they mentioned that its very uncoomon to add Security policy info into Wsdl.



              • #8
                If we do not add security to wsdl, how will the clients know about it? I do not want to communicate that to my clients manually.

                It will be much better if everything about our service is expressed in one single wsdl file.

                I remember wsdl 2.0 added support for these WS Specs using Features & Properties. I am also hearing somethink like WSPL ( Web Services Policy Language) which can be used to specify WS-Policies.

                Overall, it's not very clear on how to proceed. Any help will be appreciated.


                • #9
                  WS-MetadataExchange defines a way for clients to find both the WSDL and the security policy for an endpoint.