How to configure WSS security?

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

How to configure WSS security?

duncan
I was hoping someone could point me in the right direction for configuring the WSS security configuration for the web services. I'm initially attempting with patient discovery e.g. adaptercomponentmpisecuredservice

I found the following WSS config files, but they look like glassfish samples and don't match what we are seeing in the request after switching to the secured MPI adaptor i.e. not x509 as per the config files

$Glassfish/domains/domain1/config/wss-server-config-2.0.xml

Initially we are only trying to set up signed security (no encryption).

Any samples would be appreciated.
Reply | Threaded
Open this post in threaded view
|

Re: How to configure WSS security?

mohannad
I am also trying to do this. Any guidance would be appreciated.
Reply | Threaded
Open this post in threaded view
|

RE: How to configure WSS security?

matt w

I’m possibly not understanding the question. WSS security is typically implemented with libraries which have their own configuration paradigms. For example the CXF web service stack uses WSS4J which has all kinds of documentation on the CXF site (http://cxf.apache.org/docs/ws-security.html), as well as a working example in CONNECT code! While glassfish natively uses another library through metro (the JAX-WS RI from Oracle/Sun) called WSIT. You could probably start with WSIT here: https://metro.java.net/guide/ch13.html, although I have to be honest the CXF method is closer to the front of my mind at this point.

 

From: mohannad [via CONNECT Forums] [mailto:ml-node+[hidden email]]
Sent: Thursday, November 14, 2013 5:36 PM
To: Weaver, Matthew (CGI Federal)
Subject: Re: How to configure WSS security?

 

I am also trying to do this. Any guidance would be appreciated.


If you reply to this email, your message will be added to the discussion below:

http://forums.connectopensource.org/How-to-configure-WSS-security-tp7579220p7579228.html

To start a new topic under CONNECT Users, email [hidden email]
To unsubscribe from CONNECT Forums, click here.
NAML

Reply | Threaded
Open this post in threaded view
|

RE: How to configure WSS security?

duncan
Thanks Matt for those links.

I had a quick read through that cxf ws security link you provided and not sure it really clears things up that much.

Is it actually possible to configure the existing Connect secured adaptors using config files (xml) or does it require Java changes?

If it can be configured using xml, are there any examples configs that can be provided?

Duncan
Reply | Threaded
Open this post in threaded view
|

RE: How to configure WSS security?

matt w

Hi Duncan, I guess I was thinking you were already developing some type of adapter.

 

It would require code changes to modify the way that CONNECT secured adapters work, particularly in the context of removing the SAML 2.0 HoK implementation for a basic authentication implementation. I think you can remove the “pointer” to the HoK impl in some of the spring configuration in the webservices.xml or cxf-servlet.xml, however you would probably have to provide some code to look up values from configuration for basic auth and Im not exactly sure where you would plug that code in. Perhaps it would be it’s own callback handler.

 

Just thinking out loud here, if you were to write some code, you might be able to reuse some of the interfaces and base classes that CONNECT already provides. Traditionally, CONNECT configured secured messages all the same way, and unsecured messages all the same way, however I recently ran into a problem where we wanted WSA on an unsecured interface. To resolve this I was able to create a new ClientFactory and have it add a the WSA decorator to the unsecured client. You can see an example here: https://github.com/msweaver/Plugins/tree/CONN-668/XDSbPlugin/AdapterDocRegistry2Soap12Web/src/main/java/gov/hhs/fha/nhinc/adapterdocregistry. So one solution might be to develop a “basic auth” decorator and add it via a client factory as shown?

 

From: duncan [via CONNECT Forums] [mailto:ml-node+[hidden email]]
Sent: Monday, November 18, 2013 10:19 PM
To: Weaver, Matthew (CGI Federal)
Subject: RE: How to configure WSS security?

 

Thanks Matt for those links.

I had a quick read through that cxf ws security link you provided and not sure it really clears things up that much.

Is it actually possible to configure the existing Connect secured adaptors using config files (xml) or does it require Java changes?

If it can be configured using xml, are there any examples configs that can be provided?

Duncan


If you reply to this email, your message will be added to the discussion below:

http://forums.connectopensource.org/How-to-configure-WSS-security-tp7579220p7579239.html

To start a new topic under CONNECT Users, email [hidden email]
To unsubscribe from CONNECT Forums, click here.
NAML