[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: HTTP_Set_AUTH and WS-Security



Can anyone tell me if WS-Security works without SSL?

-----Original Message-----
From: ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx
[mailto:ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx] On Behalf Of Julius Kaj
Sent: Sunday, March 06, 2011 10:56 AM
To: HTTPAPI and FTPAPI Projects
Subject: SV: HTTP_Set_AUTH and WS-Security

Not sure if it's applicable, but it may be worth checking out the Apache
Rampart/C project<http://axis.apache.org/axis2/c/rampart/>.



Regards,

Kaj





-----Oprindelig meddelelse-----
Fra: ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx
[mailto:ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx] På vegne af Magne Kofoed
Sendt: 4. marts 2011 23:09
Til: 'HTTPAPI and FTPAPI Projects'
Emne: SV: HTTP_Set_AUTH and WS-Security



Scott created a rpg serviceprogram for jdbc.

The same could be done with wss4j.



http://ws.apache.org/wss4j/



What is WSS4J?

Apache WSS4J is an implementation of the OASIS Web Services Security

(WS-Security) from OASIS Web Services Security TC. WSS4J is primarily a Java

library that can be used to sign and verify SOAP Messages with WS-Security

information. WSS4J will use Apache Axis and Apache XML-Security projects and

will be interoperable with JAX-RPC based server/clients and .NET

server/clients.



WSS4J implements

*Web Services Security: SOAP Message Security 1.1

*Username Token Profile 1.1

*X.509 Certificate Token Profile 1.1









-----Opprinnelig melding-----

Fra: ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx

[mailto:ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx] På vegne av Steve

Sendt: 4. mars 2011 21:35

Til: 'HTTPAPI and FTPAPI Projects'

Emne: RE: HTTP_Set_AUTH and WS-Security



Thanks for the Info.  I just thought I'd throw that one out there incase you

had any Insight.



Much Appreciated.

Steve



-----Original Message-----

From: ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx

[mailto:ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx] On Behalf Of Magne Kofoed

Sent: Friday, March 04, 2011 2:21 PM

To: 'HTTPAPI and FTPAPI Projects'

Subject: SV: HTTP_Set_AUTH and WS-Security



This is no longer about httpapi, but try this link:



Websphere 7 Certificate Key Size Limits

http://www.ibm.com/developerworks/forums/thread.jspa?threadID=355619



Best regards,

Magne





-----Opprinnelig melding-----

Fra: ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx

[mailto:ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx] På vegne av Steve

Sendt: 4. mars 2011 20:49

Til: 'HTTPAPI and FTPAPI Projects'

Emne: RE: HTTP_Set_AUTH and WS-Security



We are not going to SSL just yet.



On SSL.: Is it true that Websphere will only accept 2k certificates?



                    We wanted to use 4K.  Does anyone have a point of
reference for

certificates?



-----Original Message-----

From: ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx

[mailto:ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx] On Behalf Of Magne Kofoed

Sent: Friday, March 04, 2011 1:32 PM

To: 'HTTPAPI and FTPAPI Projects'

Subject: SV: HTTP_Set_AUTH and WS-Security



Hi Steve,



http_setauth is used for "normal" http server authentication and I have not

seen this used with WS-Security and UsernameToken.



WS-Security is used to encrypt the soap xml.

Its main focus is the use of XML Signature and XML Encryption to provide

end-to-end security.



I tried to implement Ws-Security using rpg a couple of years ago, but did

not succeed. So we skipped the soap xml encryption and used the ws-security

user and password together with SSL.



Maybe there is a solution on this now, with i/os 6.1 and new api's?



Best regards,

Magne







-----Opprinnelig melding-----

Fra: ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx

[mailto:ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx] På vegne av Steve

Sendt: 4. mars 2011 15:30

Til: 'HTTPAPI and FTPAPI Projects'

Emne: HTTP_Set_AUTH and WS-Security





   http_setAuth( HTTP_AUTH_BASIC

            : %trim(Userid)

            : %trim(Passwd) );



Am I missing something or using the wrong statement. ??



I added this into my program thinking it was what I needed to  generate the

security string in my Soap message But I didn't get anything.



This is what is required using soap:



<soapenv:Header><wsse:Security soapenv:mustUnderstand="1"

xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecuri

ty-secext-1.0.xsd"><wsse:UsernameToken wsu:Id="UsernameToken-1"

xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit

y-utility-1.0.xsd"><wsse:Username>userid</wsse:Username><wsse:Password

Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token

-profile-1.0#PasswordText">passwd</wsse:Password><wsse:Nonce

EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-m

essage-security-1.0#Base64Binary">uY0FMEfI6dzTVHg6/DFazQ==</wsse:Nonce><wsu:

Created>2011-02-15T22:21:24.555Z</wsu:Created></wsse:UsernameToken></wsse:Se

curity></soapenv:Header>



With WS-Security turned off everything is fine.





-----------------------------------------------------------------------

This is the FTPAPI mailing list.  To unsubscribe, please go to:

http://www.scottklement.com/mailman/listinfo/ftpapi

-----------------------------------------------------------------------



-----------------------------------------------------------------------

This is the FTPAPI mailing list.  To unsubscribe, please go to:

http://www.scottklement.com/mailman/listinfo/ftpapi

-----------------------------------------------------------------------



-----------------------------------------------------------------------

This is the FTPAPI mailing list.  To unsubscribe, please go to:

http://www.scottklement.com/mailman/listinfo/ftpapi

-----------------------------------------------------------------------



-----------------------------------------------------------------------

This is the FTPAPI mailing list.  To unsubscribe, please go to:

http://www.scottklement.com/mailman/listinfo/ftpapi

-----------------------------------------------------------------------



-----------------------------------------------------------------------

This is the FTPAPI mailing list.  To unsubscribe, please go to:

http://www.scottklement.com/mailman/listinfo/ftpapi

-----------------------------------------------------------------------



-----------------------------------------------------------------------

This is the FTPAPI mailing list.  To unsubscribe, please go to:

http://www.scottklement.com/mailman/listinfo/ftpapi

-----------------------------------------------------------------------

-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------