Friday, 29. July 2005
PermaLink Journeying through WS-Security and .Net/Java interop07/29/2005 08:35 PM
Ahhh, the joys of Web services security and interoperability.  WS-Security is not a part of anyone's implementation yet, so you have to download add-ons for both .Net and Java.  Here are a few pointers on what is possible on both. In .Net, I'm a bit surprised MS hasn't folded their WSE toolkit into a .Net update.  There are quite a few ways to do authentication, though as is typical of MS, quite a few of them requires some sort of Windows infrastructure (MSIE or Windows machines).  Passing a username/password is as simple as creating a NetworkCredentials object and telling the autogenerated web service proxy to use it.  On the web service side, you can use the User.Identity object to find out who the authenticated user is.

In the Java world, you can use one of two libraries: WSSE and WSS4J.  Setting username/passwords in WSSE is simpler, but calling a web method is more complicated because you have to do the Invokes yourself.  In WSS4J, calling a web method is simpler, but the password handling is somewhat more difficult because you have to create a JAAS style password callback class.  However, bear in mind that both these libraries only implement the WS-Security UsernameToken class.  The .Net WSE toolkit allows you to use X.509 certificates, etc.

On the subject of interop, Simon Guest put up some useful info on how to get Apache Axis web services on Java to talk to .Net web services and vice-versa, and he does it using a custom TCP port (not the usual HTTP transport most people use).

And on the gripe side, anyone notice that Axis 1.2 doesn't work when talking to Amazon Web Services any more?  Web Services was meant to be the holy grail of interoperability, but it feels more like "run once, debug everywhere, put workarounds as neede" Java  Maybe it'll be better w/ the next generation of web services...
Comments :v
No comments.
Start Pages
Lotus Notes FAQ
devWorks:Lotus
java.net
freshmeat.net
slashdot
NewsForge
HowToForge
RSS News Feed RSS Comments Feed CoComment Integrated
The BlogRoll
Android Bloggers
Romain Guy
Domino Bloggers
Andrew Pollack
Ed Brill
Java Bloggers
Adrian Cockcroft's Blog
Howard Lewis Ship
JBoss Matrix
Matt Raible
Tomás Lin
Misc Bloggers
MineThatData
Windows Bloggers
The Synchronizer
Windows Mobile Blog
Calendar
November 2024
Su
Mo
Tu
We
Th
Fr
Sa
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
Search
Contact Me
email - Ken Yee
About Ken
Full-stack developer (consultant) working with .Net, Java, Android, Javascript (jQuery, Meteor.js, AngularJS), Lotus Domino