WS-Security

WS-Security is one of the soap policies that can be enable on SOAP endpoints.

To configure such a policy, you need to add the following tag to you endpoint definition:

<http:endpoint xmlns:soap="http://servicemix.apache.org/soap/1.0" ...>
  <http:policies>
    <soap:ws-security ... />
  </http:policies>
</http:endpoint>

The full schema can be found here.

Inbound UsernameToken

<!-- Secured endpoint using ws-sec authentication -->
<http:endpoint service="ex:receiver"
               endpoint="http-wssec"
               targetService="ex:receiver"
               role="consumer"
               locationURI="http://localhost:8192/WSSec/"
               defaultMep="http://www.w3.org/2004/08/wsdl/in-only"
               soap="true">
  <http:policies>
    <soap:ws-addressing />
    <!-- Enable ws-sec with UsernameToken -->
    <soap:ws-security receiveAction="UsernameToken" />
  </http:policies>
</http:endpoint>

Outbound Signature

<http:endpoint service="my:inputSender" 
               endpoint="endpoint"
               role="provider"
               soap="true"
               locationURI="http://localhost:8192/service/">
      <http:policies>
       <soap:ws-security sendAction="Signature" username="smx">
        <soap:crypto>
         <bean class="org.apache.servicemix.soap.handlers.security.StandaloneCrypto">
          <property name="keyStoreUrl" value="classpath:keystore.jks" />
          <property name="keyStorePassword" value="servicemix" />
          <property name="keyPassword" value="smx"/>
        </bean>
      </soap:crypto>
    </soap:ws-security>
  </http:policies>
</http:endpoint>

Due to a bug, outbound signature only works with a version > 3.1 (3.1.1 or 3.2)

  • No labels