In this document I explore the effects of selected web services security policies on SOAP message exchange in the GlassFish ESB v2.x.
This is a work-in-progress document, now at rev 0.4.1.
To provide early access I intend to release revisions of this document as significant new sections become available.
Rev 0.1: Content
• Assumptions and Notes
• Person Service XML Schema and WSDL Interface
• Common XML Project
• PersonSvc BPEL Module
• PersonCli BPEL Module
• JBI-based Person Service – Plain End-to-End
• JBI-based Person Service – SSL with Server-side Authentication
Rev 0.2: Additional Content
• JBI-based Person Service – SSL with Mutual Authentication (broken)
• EJB-based Person Service – No security
• EJB-based Person Service – SSL with Server-side Authentication
Rev 0.3: Additional Content
• EJB-based Person Service – SSL with Mutual Authentication
• JBI-based Person Service – Exploring WS-Addressing
Rev 0.4: Additional and Changed Content
• Modified sections 5.8 and 5.9 (SSL Server side and mutual authentication)
• Using WS-Addressing for Explicit Dynamic Routing
• Pre-requisite Cryptographic Objects [TBC]
• Upgrading Metro to version 1.5 [TBC]
• Username Token Profile 1.0 (2004) Policy [TBC]
More in CH05_WSSecurityExploration_r0.4.1.pdf at http://blogs.czapski.id.au/wp-content/uploads/2010/03/CH05_WSSecurityExploration_r0.4.1.pdf
The archive, CH05_WSSecurityExploration_r0.4.1.zip, containing all projects developed so far is to be found at http://blogs.czapski.id.au/wp-content/uploads/2010/03/CH05_WSSecurityExploration_r0.4.1.zip.