Details

    • Type: New Feature
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 1.0 M1
    • Component/s: Core
    • Labels:
      None

      Description

      WS-Security support is one the most requested features for Spring-WS. While implementing this new feature, we should focus on the features included in WS-I's Basic Security profile.

      Since Spring already has an excellent security framework in the form of Acegi, it seems best to leverage it. Furthermore, we can probably use Apache's WSS4J framework to handle the message.

      Some links:
      SOAP Message Security 1.0 Specification: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0.pdf
      Username Token profile V1.0: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0.pdf
      X.509 Token Profile V1.0: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0.pdf
      WS-I Basic Security Profile: http://www.ws-i.org/Profiles/BasicSecurityProfile-1.0.html
      Apache's WSS4J: http://ws.apache.org/wss4j/

        Activity

        Hide
        arjen.poutsma Arjen Poutsma added a comment -

        This is in subversion now. The implementation is based on XML Web Service Security (https://xwss.dev.java.net/). The airline sample has an secure operation as well.

        Show
        arjen.poutsma Arjen Poutsma added a comment - This is in subversion now. The implementation is based on XML Web Service Security ( https://xwss.dev.java.net/ ). The airline sample has an secure operation as well.

          People

          • Assignee:
            arjen.poutsma Arjen Poutsma
            Reporter:
            arjen.poutsma Arjen Poutsma
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: