WS-Security
WS-Security is one of the soap policies that can be enable on SOAP endpoints.
To configure such a policy, you need to add the following tag to you endpoint definition:
<http:endpoint xmlns:soap="http://servicemix.apache.org/soap/1.0" ...> <http:policies> <soap:ws-security ... /> </http:policies> </http:endpoint>
The full schema can be found here.
Inbound UsernameToken
<!-- Secured endpoint using ws-sec authentication --> <http:endpoint service="ex:receiver" endpoint="http-wssec" targetService="ex:receiver" role="consumer" locationURI="http://localhost:8192/WSSec/" defaultMep="http://www.w3.org/2004/08/wsdl/in-only" soap="true"> <http:policies> <soap:ws-addressing /> <!-- Enable ws-sec with UsernameToken --> <soap:ws-security receiveAction="UsernameToken" /> </http:policies> </http:endpoint>
Outbound Signature
<http:endpoint service="my:inputSender" endpoint="endpoint" role="provider" soap="true" locationURI="http://localhost:8192/service/"> <http:policies> <soap:ws-security sendAction="Signature" username="smx"> <soap:crypto> <bean class="org.apache.servicemix.soap.handlers.security.StandaloneCrypto"> <property name="keyStoreUrl" value="classpath:keystore.jks" /> <property name="keyStorePassword" value="servicemix" /> <property name="keyPassword" value="smx"/> </bean> </soap:crypto> </soap:ws-security> </http:policies> </http:endpoint>
Due to a bug, outbound signature only works with a version > 3.1 (3.1.1 or 3.2)