Tag Archives: security

GlassFish ESB, v2.1 – EJB SSL Mutual Auth and JBI WS-Addressing – Exploring Effects of Security Policies, Rev.0.3

In this document I explore the effects of selected web services security policies on SOAP message exchange in the GlassFish ESB v2.1.

This is a work-in-progress document, now at rev 0.3.

To provide early access I intend to release revisions of this document as significant new sections become available.

Rev 0.1: Content
•    Assumptions and Notes
•    Person Service XML Schema and WSDL Interface
•    Common XML Project
•    PersonSvc BPEL Module
•    PersonCli BPEL Module
•    JBI-based Person Service – Plain End-to-End
•    JBI-based Person Service – SSL with Server-side Authentication

Rev 0.2: Additional Content
•    JBI-based Person Service – SSL with Mutual Authentication (broken)
•    EJB-based Person Service – No security
•    EJB-based Person Service – SSL with Server-side Authentication

Rev 0.3: Additional Content
•    EJB-based Person Service – SSL with Mutual Authentication
•    JBI-based Person Service – Exploring WS-Addressing

More in CH05_WSSecurityExploration_r0.3.pdf at http://blogs.czapski.id.au/wp-content/uploads/2010/03/CH05_WSSecurityExploration_r0.3.2.pdf

GlassFish ESB, v2.1 – Exploring Effects of Security Policies, Rev.0.2, More SSL and EJB-based projects

In this document I explore the effects of selected web services security policies on SOAP message exchange in the GlassFish ESB v2.1.

This is a work-in-progress document, now at rev 0.2.

To provide early access I intend to release revisions of this document as significant new sections become available.

Revision 0.1: Content
* Assumptions and Notes
* Person Service XML Schema and WSDL Interface
* Common XML Project
* PersonSvc BPEL Module
* PersonCli BPEL Modules
* Person Service – Plain End-to-End
* Person Service – SSL with Server-side Authentication

Revision 0.2:Added Content
•    JBI-based Person Service – SSL with Mutual Authentication (broken)
•    EJB-based Person Service – No security
•    EJB-based Person Service – SSL with Server-side Authentication

More in CH05_WSSecurityExploration_r0.2.3.pdf at http://blogs.czapski.id.au/wp-content/uploads/2010/03/CH05_WSSecurityExploration_r0.2.3.pdf.

GlassFish ESB, v2.1 – Exploring Effects of Security Policies, Rev.0.1, SSL with Server-side Authentication

In this document I explore the effects of selected web services security policies on SOAP message exchange in the GlassFish ESB v2.1.

This is a work-in-progress document.

To provide early access I intend to release revisions of this document as significant new sections become available.

Revision 0.1: Content

  • Assumptions and Notes
  • Person Service XML Schema and WSDL Interface
  • Common XML Project
  • PersonSvc BPEL Module
  • PersonCli BPEL Modules
  • Person Service – Plain End-to-End
  • Person Service – SSL with Server-side Authentication

More in CH05_WSSecurityExploration_r0.1.pdf, at http://blogs.czapski.id.au/wp-content/uploads/2010/03/CH05_WSSecurityExploration_r0.1.pdf

Sending Secure Electronic Mail (S/MIME) in Java (CAPS) the Easy Way

Every now and then one needs to secure communications between parties. Some would say it is necessary to do that all the time and perhaps it is. The issues are the complexity and expense. The complexity comes from having to configure a bunch of tools to support things like encryption and digital signatures for more then a single party. The expense comes from typically having to purchase cryptographic instruments from well known Certification Authorities, and keep on purchasing them all over again every 1 or 2 years. This discussion introduces a class library that offers a set of simple methods for constructing and sending secure electronic mail using the Secure Multipurpose Internet Mail Extensions (S/MIME), the Bounce Castle Cryptographic Libraries and the Java programming language. The intent is to allow a Java CAPS developer, or a Java developer, to add Secure Electronic Mail functionality quickly and easily, and without having to make too much of a time investment learning about PKI-based security and related matters. This addresses the complexity issue. The expense issue is addressed in my Blog Entry, “Producing Free, Private X.509 Certificates for use with PKI-based Solutions”, at http://blogs.sun.com/javacapsfieldtech/entry/producing_free_private_x_509. That blog discusses how to roll out a private Certification Authority and obtain X.509 Certificates., and other cryptographic objects, for free.

This document discusses the use of cryptographic software and manipulation of cryptographic objects. Using or discussing cryptography software is illegal in some parts of the world. It is you responsibility to ensure that you comply with any import/export and use laws that apply to you.

SendingSecureEMailUsingJavaCAPS.pdf

The ZIP archive, referenced in the document, is SecMail_and_extra_libs.zip

Reference is also made to the article “Producing Free, Private X.509 Certificates for use with PKI-based Solutions”.