SOAP security header using OASIS Web Services Security?

Hello,

I'm prototyping a SOAP client in VW. The WSDL provided to me specifies OASIS Web Services Security (below). The Web Services Wizard creates classes for all the WSDL elements, except the security header.

In searching for a solution, I found a 2008 post from Tamara Kogan saying VW doesn't currently support security headers.

My question is, is that still true, and if so, any suggestions for how to proceed? At this point I just need a quick proof of concept to show VW can access the service. I'll have time later to more fully understand the web services framework.

Thanks!
Bob


<wsp:Policy>
  <wssp:Identity>
    <wssp:SupportedTokens>
      <wssp:SecurityToken IncludeInMessage="true"
        TokenType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#UsernameToken">
        <wssp:UsePassword Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText"/>
      </wssp:SecurityToken>
    </wssp:SupportedTokens>
  </wssp:Identity>
</wsp:Policy>

Hello Bob,

We are going to release in VW 7.9 Web Services Security Demo. The Demo
provides an example how to add Security headers to a Soap message. The
#UsernameToken header is included in the client-server message exchange.
The Demo also provides X2O bindings for the following XML Schemas:
http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd
http://www.w3.org/TR/xmlenc-core/xenc-schema.xsd
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secex
t-1.0.xsd
http://docs.oasis-open.org/wss/oasis-wsswssecurity-secext-1.1.xsd
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utili
ty-1.0.xsd

With some fixes it  is possible to run the Demo in VW 7.8 but not on
earlier VW versions.

What VW version do you use?

Tamara Kogan
Smalltalk Development
Cincom Systems


-----Original Message-----
From: [hidden email] [mailto:[hidden email]] On
Behalf Of Bob Whitefield
Sent: Thursday, January 19, 2012 11:50 PM
To: [hidden email]
Subject: [vwnc] SOAP security header using OASIS Web Services Security?

Hello,

I'm prototyping a SOAP client in VW. The WSDL provided to me specifies
OASIS Web Services Security (below). The Web Services Wizard creates
classes for all the WSDL elements, except the security header.

In searching for a solution, I found a 2008 post from Tamara Kogan
saying VW doesn't currently support security headers.

My question is, is that still true, and if so, any suggestions for how
to proceed? At this point I just need a quick proof of concept to show
VW can access the service. I'll have time later to more fully understand
the web services framework.

Thanks!
Bob


<wsp:Policy>
  <wssp:Identity>
    <wssp:SupportedTokens>
      <wssp:SecurityToken IncludeInMessage="true"
       
TokenType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-usern
ame-token-profile-1.0#UsernameToken">
        <wssp:UsePassword
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-t
oken-profile-1.0#PasswordText"/>
      </wssp:SecurityToken>
    </wssp:SupportedTokens>
  </wssp:Identity>
</wsp:Policy>


--
View this message in context:
http://forum.world.st/SOAP-security-header-using-OASIS-Web-Services-Secu
rity-tp4312411p4312411.html
Sent from the VisualWorks mailing list archive at Nabble.com.
_______________________________________________
vwnc mailing list
[hidden email]
http://lists.cs.uiuc.edu/mailman/listinfo/vwnc

_______________________________________________
vwnc mailing list
[hidden email]
http://lists.cs.uiuc.edu/mailman/listinfo/vwnc

Tamara,

Thanks for your quick reply. That's very good news about the security demo.

We're currently prototyping in 7.8. Having a solution in 7.9 is exactly what I'd hoped to hear!

Bob

Kogan, Tamara wrote

Hello Bob,

We are going to release in VW 7.9 Web Services Security Demo. The Demo
provides an example how to add Security headers to a Soap message. The
#UsernameToken header is included in the client-server message exchange.
The Demo also provides X2O bindings for the following XML Schemas:
http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd
http://www.w3.org/TR/xmlenc-core/xenc-schema.xsd
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secex
t-1.0.xsd
http://docs.oasis-open.org/wss/oasis-wsswssecurity-secext-1.1.xsd
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utili
ty-1.0.xsd

With some fixes it  is possible to run the Demo in VW 7.8 but not on
earlier VW versions.

What VW version do you use?

Tamara Kogan
Smalltalk Development
Cincom Systems

Bob,

If you have access to VW 7.9 weekly builds you can load the
WSSecurityDemo.pcl from /examples directory.

Tamara Kogan
Smalltalk Development
Cincom Systems


-----Original Message-----
From: [hidden email] [mailto:[hidden email]] On
Behalf Of Bob Whitefield
Sent: Friday, January 20, 2012 9:33 AM
To: [hidden email]
Subject: Re: [vwnc] SOAP security header using OASIS Web Services
Security?

Tamara,

Thanks for your quick reply. That's very good news about the security
demo.

We're currently prototyping in 7.8. Having a solution in 7.9 is exactly
what I'd hoped to hear!

Bob



Kogan, Tamara wrote
>
> Hello Bob,
>
> We are going to release in VW 7.9 Web Services Security Demo. The Demo

> provides an example how to add Security headers to a Soap message. The

> #UsernameToken header is included in the client-server message
exchange.
--
View this message in context:
http://forum.world.st/SOAP-security-header-using-OASIS-Web-Services-Secu
rity-tp4312411p4313404.html
Sent from the VisualWorks mailing list archive at Nabble.com.
_______________________________________________
vwnc mailing list
[hidden email]
http://lists.cs.uiuc.edu/mailman/listinfo/vwnc

_______________________________________________
vwnc mailing list
[hidden email]
http://lists.cs.uiuc.edu/mailman/listinfo/vwnc