增强WebService安全性的方法
来源:互联网 发布:端口查询工具 编辑:程序博客网 时间:2024/05/03 13:37
XML and Web Services Security
Implementation Version: 2.0 EA
This XML and Web Services Security implementation, included as part of the JavaTM Web Services Developer Pack 1.6, provides a framework within which a JAX-RPC or SAAJ application developer will be able to secure applications in the following ways:
- Sign and/or verify parts of the SOAP messages and/or attachments.
This implementation of XML and Web Services Security uses Sun's XML-DSig (XML Digital Signature) implementation, JSR-105, which is based on the XML-Signature Syntax and Processing W3C standard.
Samples containing code for signing and/or verifying parts of the SOAP message and/or attachments are included with this release.
- Encrypt and/or decrypt part of the SOAP message and/or attachments.
This implementation of XML and Web Services Security uses Apache's XML-Enc (XML Encryption) implementation, which is based on the XML Encryption W3C standard.
Samples containing code for encrypting and/or decrypting parts of the SOAP message and/or attachments are included with this release.
- Send UserName tokens and X509 certificate tokens along with the message and/or attachment.
Sending these tokens with the message binds the identity of the tokens (and any other claims occurring in the security token) to the messages created by the tokens.
This implementation of XML and Web Services Security provides support for Username Token Profile, which is based on OASIS WSS Username Token Profile 1.0, and X509 Certificate Token Profile, which is based on OASIS WSS X509 Certificate Token Profile 1.0.
Samples containing code for sending user name and X509 certificate tokens along with the SOAP message are included with this release.
- Use XWS-Security APIs to secure stand alone applications that make use of SAAJ APIs only for their SOAP messaging and to secure JAX-RPC applications. The previous version of XWS-Security, shipped with JWSDP 1.5, exposed XWS-Security to end-users through JAX-RPC only.
This implementation of XML and Web Services Security provides APIs that can be used to secure stand alone Web services application as well as JAX-RPC applications. Because the Java standards for some of the XWS-Security technologies are currently undergoing definition under the Java Community Process, the security solution that is provided in the Java Web Services Developer Pack 1.6 is based on nonstandard APIs, which are subject to change with new revisions of the technology. To insulate stand alone XWS-Security users from the possible changes in the internal APIs, this release includes new APIs that abstract out some of the internal implementation details. These new APIs can be used to secure an outbound
SOAPMessage
and verify the security in an inboundSOAPMessage
.Samples containing code using these new APIs are included with this release.
- Implement Interoperable Web Services Security applications.
- Draft Spec for Interop1 (draft 5)
- Final Spec for Interop2 (draft 6)
This implementation of XML and Web Services Security fully supports the implementation of Web Services Security (WSS) Interop scenarios. The following are some of the interoperability scenarios documents that are supported by this implementation:
This distribution includes samples that show how a JAX-RPC and/or SAAJ application developer can use the XML and Web Services Security technology. As previously noted, these nonstandard APIs are subject to change and, as standards are defined in the Web Services Security space, we will be moving toward using the appropriate standard APIs instead of these nonstandard APIs.
How XWS-Security and JSRs 105 and 106 are related
XWS-Security APIs are used for securing Web services based on JAX-RPC and SAAJ. This release of XWS-Security is based on the JSR-105 standard for XML Digital Signature and on non-standard XML Encryption APIs.
JSR-105 (XML Digital Signature) APIs are included in this release of the JWSDP. JSR 105 is a standard API (in progress, at Proposed Final Draft stage) for generating and validating XML Signatures as specified by the W3C recommendation. JSR-105 APIs are used by Java applications and middleware that need to create and/or process XML Signatures. It is used by this release of XWS-Security and can also be used by non-Web Services technologies, for example, documents stored or transferred in XML. Both JSR 105 and JSR 106 (XML Digital Encryption APIs) are core-XML security components.
XWS-Security does not use the JSR 106 APIs. XWS-Security uses the Apache libraries for XML-Enc. In future releases, the goal of XWS-Security is to move toward using JSR 106 APIs.
Command-line tools
In this release, the following command-line tools are included:
pkcs12import
This tool helps with importing the contents (key/certificate pair) of a PKCS-12 file into a keystore.
keyexport
This tool can be used to export the private key corresponding to a specified entry of a keystore into a file.
Documentation
The documentation for this release consists of the following:
- Java Web Services Developer Pack 1.6 Documentation
- Release Notes
- Sample Applications
- Web Services FAQ on java.sun.com
- 增强WebService安全性的方法
- 通过SoapHeader来增强webService 的安全性
- 通过SOAPHeader增强WebService的安全性
- 通过SoapHeader来增强webService 的安全性
- webservice加密,通过SoapHeader来增强Web Service的安全性
- 增强Web的安全性
- 增强MIDAS的安全性
- 增强Web的安全性
- 增强云主机安全性的五大方法
- WebService 安全性的讨论
- WebService 安全性的讨论
- 增强 nginx 的 SSL 安全性
- WebService安全性的几种实现方法【身份识别】
- 使用增强安全性的Linux(转)
- XML 安全组件:增强电子商务的安全性
- 增强Web服务安全性的新技术
- 增强Web服务安全性的新技术
- 增强APP的安全性(一)
- 认识String类别与String类别操作方式
- Tomcat防止目录泄露
- B-树索引与位图索引
- PIX防火墙上的ACL with radius
- 手机中文码制问题的一点理解 (zt)
- 增强WebService安全性的方法
- 用Delphi做个类似MSN/QQ的通信工具
- 加班的八月
- 政府门户网站解决方案
- CString 操作指南zz
- Delphi下的COM编程
- 公司还有这么发工资的!!!!
- Bookmark Link 2005_09_16
- ASP.NET在线用户列表精确版——解决用户意外退出在线列表无法及时更新问题