I need to consume RESTService which is protected by Kerberos authentication, I have my client application which is running on JBossAS 7 to consume this REST service using Eclispe Microprofile. I don't see any option to specify authentication type in Eclipse Microprofile specification, may I know how to specify it ?
Related
I have a web service running outside of .net that I need to invoke from a .NET client.
I was given a .NET client written in Visual Basic to test with.
The .NET client can access the web service with a clear-text SOAP message using basicHttpBinding.
I can configure a policy/binding for the external web service to use the Kerberos token for Message Level Protection and authentication. I can access this web service from the .NET client by modifying the configuration file to use wsHttpBinding.
Now, the requirement is to use the Kerberos token for authentication only and not sign/encrypt the SOAP message. That is, I only need the tags in the SOAP header. I have this configuration working on the external web service, but now I want to modify the configuration file so the .NET client only sends the and does not sign/encrypt any part of the SOAP message.
Is it possible to modify the .net client's .config file to do this?
My understanding is that basicHttpBinding can not be modified to use a Kerberos token (only UserName/Certificate).
I've tried disabling signing/encryption in wsHttpBinding via an attribute such as "defaultProtectionLevel=Sign/SignEncrypt/None", but this isn't available in wsHttpBinding (or I can't find it). I can only disable or enable message level protection and authentication with .
I've also tried building a customBinding, but can not disable signing/encryption and use the Kerberos token for authentication only.
Does anyone have a solution or some tips that could point me in the right direction to go about solving the above issues?
If I create a web service using JAX-RS (on netbeans), it is essentially an API to the web service?
The web service would be REST or SOAP based.
I realize that the API provides the interface to the web service's functions, but does JAX-RS expose the interface?
Actually, include the library for JAX-RS depends of the Application Server. If you use a application server in netbeans which is Java EE6 Certified, you don't need any additional libraries.
However, if you use netbeans and also Tomcat o a Java EE 5 server, netbeans automatically add the JAX-RS libraries, in this case, the reference implementation.
The user can also choose to do it by hand.
Read more:
Getting Started with RESTful Web Services
Developing RESTful Web Services with JAX-RS, Netbeans, Glassfish
I have a JAX-WS endpoint which uses WS-Security, specifically the WebLogic pre-written Wssp1.2-2007-Wss1.1-UsernameToken-Plain-X509-Basic256.xml policy. I have a working command-line client where I build all the client credential providers and trust managers. Everything works great.
Now I also need to have another EE module deployed separately to the same server. According to http://docs.oracle.com/cd/E12839_01/web.1111/e13713/message.htm#i251852 I'm supposed to code the EE client as-if there was no security related WS-Policy at all but it doesn't work. Either I'm completely failing on setting up the credential mapping (which wouldn't surprise me because the documentation is lacking) or what I think seems to be more likely, the credential mapping isn't actually happening because I'm talking to localhost.
How do you create an JAX-WS EE client that uses a WS-Security enabled service on localhost? (I'd also like to see an remote host example too)
I have a wcf service which is connected to an adfs as a relaying party. This adfs is acting as a identity provider. now in client side there is a Java client which want to call the wcf service but before that it have to authenticated in adfs with username and pass for token. I have successfully done it for .Net client but do not have any idea for java client..Can anyone help?
For web services, ADFS uses WS-Trust.
The Metro stack e.g. implements this but for a standalone client you probably need something like axis2 which implements this via Apache Rampart.
My friend asked to explain me what's the difference between Spring, axis2 and Jersey. Here I listed down a few differences that I'm aware of. Please comment/respond if you know more differences
Spring webservices:
A java web application with a servlet configured in
web.xml(org.springframework.ws.transport.http.MessageDispatcherServlet).
You can use spring annotated POJOs for creating web services
Supports both RESTful and SOAP based web services.
Since it’s a web application you can use http authentication mechanisms
for enabling security
Axis2:
The webservice application is a .aar file that will be deployed in
axis2.war
Use AXIOM for using non-primitive type arguments to web service calls
You can use JSR181 annotations to create webservices
You can use spring-dependency injection using axis2 extensions.
Supports both RESTful and SOAP based web services.
I guess you have to use ws-security implementation for
providing security
to your web services>
They claim hot deployment of webservices works but I haven’t seen
it working.
Jersey:
A regular web application with a servlet configured in web.xml.
Write custom message readers/writers for using
non-primitive type arguments to web
service calls
Since it’s a web application you can use http authentication mechanisms
for enabling security
Supports only RESTful implementation of web services
I have seen hot deployment working may be because it’s a web application
and the container can do hot
deployment
I'm not familiar with Jersey and Axis, but I can tell you something about Spring-WS.
You cannot use Spring-WS for restful webservices. Spring-WS is intended to be used for contract first webservices. You can however use the features of Spring 3.x and Spring-MVC for REST services.
As for authorization, you can easily wire in any sort of security (with Spring-Security for instance).
I'm a big fan of the 'automatic' (de) marshalling features of Spring-WS. Just annotate your methods with the correct types and it'll know what to do.