Aug 05

This document discusses how the SOAP/HTTP Binding Component can be configured, in a service provider and in a service consumer, to use WS-Security 1.0 (2004) Username Token Profile support. WS-Security 1.0 (2004) provided support for the Username Token, which could be sent over the wire in the clear. This was insecure but Sun JAX-RPC libraries allowed this, since the standard allowed this. Through Project Metro release 1.4 it was impossibly to formulate a WS-Security policy that decorated a SOAP message with the Username Token headers, without requiring to also encrypt parts of the message. This prevented solutions built on top Metro 1.4, or earlier, from supporting cleartext Username Token. Metro 1.5 relaxed this requirement. The WS-Security policy configured using the GlassFish ESB NetBeans WS-Security wizard will be modified to require and provide a Plain text Username Token.

The document is here: 02_Configuring_HTTP_BC_for_WS-Security_UsernameToken.pdf

The companion archive containing all projects is here:

4 Responses to “GlassFish ESB v2.1, OpenESB – Configuring HTTP BC for Plain WS-Security 1.0 Username Token Support”

  1. Excellent article Michael,

    I just have one doubt, when I use soapUI, the program does not find the server and I can not prove the connection between my server and my server client services.
    How I can solve this problem in my Web Services?


  2. Marcelo says:

    Hello Michael,

    Thank you for your contribution to the area of ??Web Services security, how I can
    implement XML Signature and XML Encryption in your example?

    Best regards,

Leave a Reply

preload preload preload