Join us at engage.eucalyptus.com
Hi, I download the AmazonEC2.wsdl file and conver it into javacodes, I am able to construct the SOAP's body message, But i didn't find methods to add WS-Security info (including Private key perm and X.509 Cert ) into SOAP's header.
Is there anybody aware of the issue?
By macoo,thanks!
I realize this question is very old, but its important enough that it should be answered.
Web-service description language (WSDL) files do not provide methods to add security to the SOAP header; WSDLs usually support only business methods that the application needs. Web-services security is a capability of the underlying framework and is either supported or not by the web-service (usually it is).
In order for you to use WS-Security in your request/responses to the web-service, you must use a library or tool that allows you to configure the security and adds the necessary artifacts/elements to the SOAP header automatically based on your configuration.
For example, if you use an IDE like Netbeans (or Eclipse), you can pull the WSDL into your project and generate all the stubs necessary to call the business methods. You can then go into the IDE's configuration panels for the project and configure the necessary WS-Security options you want to use. The IDE will configure the project so that when SOAP requests are built, they might be digitally signed, encrypted, etc. Same thing for the responses. If the web-service supports WS-Security, you can configure the stubs to expect digitally signed/encrypted responses.
This is how WS-Security is layered onto a web-service application; what you will NOT find are, WSDL operations to add security to the messages. Hope that helps.
Arshad Noor
StrongAuth, Inc.
You should check this resource on ms information security, I use it all the time and I've learned so much about it already. I am actually thinking about continuing my training in this direction, this will yield amazing job opportunities, I know this already.