Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsWhite Papers
Discussion GroupsFirst AidDatabasesJavaBeansGUIJava 3DVirtual MachineCORBASecurityToolsGeneral
Java DirectoryOpen Source ProjectsSample Book ChaptersUser GroupsWeb Resources
Related Topics
Databases.NETMore Topics ...
Java Forum / General / April 2007

Tip: Looking for answers? Try searching our database.

Crypting the webservice responses in AXIS

Thread view: 
Enable EMail AlertsStart New Thread
ffellico@gmail.com - 04 Apr 2007 10:35 GMT
Hi.

I have a webservice in tomcat/axis with a method that send back a
byte[] response.

I have seen that to send back the array of bytes, AXIS trasform it in
a BASE64 String (i think only to trasport it); the client retreive the
original array without problems because on the client side the BASE64
String is automatically reconverted in the original array of bytes.

Before the BASE64 String is sended back, I am interested to encrypt it
(with a my routine) and naturally at the client side I need to decrypt
it, so the application can receive the correct file.

Can anyone suggest me a way to insert in suitable places the crypt/
decript code?

Alternatively, it is possible in some way to ask AXIS to crypt/decrypt
the responses automatically?

Thank you from Franco in Italy.
Reply to this Message
Lew - 04 Apr 2007 13:10 GMT
> Alternatively, it is possible in some way to ask AXIS to crypt/decrypt
> the responses automatically?

<http://ws.apache.org/wss4j/>
<http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0.pdf>
<http://java.sun.com/webservices/xwss/>
<http://xml.apache.org/security/>

GIYF.
"XML Security"
"Web Services Security"
"SAML"

Signature

Lew

Reply to this Message
Arne Vajhøj - 05 Apr 2007 01:43 GMT
> I have a webservice in tomcat/axis with a method that send back a
> byte[] response.
[quoted text clipped - 13 lines]
> Alternatively, it is possible in some way to ask AXIS to crypt/decrypt
> the responses automatically?

Have the web service transform it:
  unencrypted byte[] -> encrypted byte[]

And the client:
  encrypted byte[] -> unencrypted byte[]

If you use a standard algorithm like 3DES or AES, then
it is even portable.

You can also look at using WSS (WS-Security), but at least in Axis 1
that was a pretty complex task.

Say if you want to go that route - I do have some working code on
the shelf.

I have not used WSS with Axis2 yet, so I can not say how difficult
that is.

Arne
Reply to this Message


Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.