You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Web Service security (WS-security) is an SOAP-based security standard that provides web services with message-level integrity, confidentiality and authentication.
With WS-security, the Simple Object Access Protocol (SOAP) message contains a SOAP header, which includes signature, encryption information, protocols for processing the secured information, and security tokens for credential propagation.

Geronimo 2.2 has two WS-security providers: Axis2 for Tomcat Web container and CXF for Jetty. They enable the following WS-security features in Web service development for Geronimo:

  • XML Security - allowsa one to send along with the message a digital signature of it, which assures that no one modified the message content between the sender and receiver.
  • XML Encryption -allows one to encrypt the message body or only its part using the given cryptography algorithm.
  • Username Tokens - adds username and password values to the message header.
  • Security Assertions Markup Language (SAML) Tokens - configured on web services via Geronimo deployment descriptors and/or annotations.
  • Timestamps - specifies how long the security data remains valid.
  • No labels