Конфигурация WS-Security
<con:wssContainer>
<con:crypto>
<con:source>keystore.jks</con:source>
<con:password>mypasswordiscool</con:password>
<con:type>KEYSTORE</con:type>
</con:crypto>
<con:outgoing>
<con:name>Outgoing</con:name>
<con:entry type=”Username” username=”longcomplicateduser” password=”weirdRandomP@33w4rD!”>
<con:configuration>
<addCreated>true</addCreated>
<addNonce>true</addNonce>
<passwordType>PasswordDigest</passwordType>
</con:configuration>
</con:entry>
<con:entry type=”Timestamp”>
<con:configuration>
<timeToLive>60</timeToLive>
<strictTimestamp>true</strictTimestamp>
</con:configuration>
</con:entry>
</con:outgoing>
</con:wssContainer>
<soap:Header>
<wsse:Security soap:mustUnderstand=”true” xmlns:wsse=”http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd” xmlns:wsu=”http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd”><wsu:Timestamp wsu:Id=”TS-4″><wsu:Created>2013-05-01T19:52:45.639Z</wsu:Created><wsu:Expires>2013-05-01T19:53:45.639Z</wsu:Expires></wsu:Timestamp><wsse:UsernameToken wsu:Id=”UsernameToken-3″><wsse:Username>longcomplicateduser</wsse:Username><wsse:Password Type=”http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest”>weirdRandomP@33w4rD!</wsse:Password><wsse:Nonce EncodingType=”http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary”>dfdfdf</wsse:Nonce><wsu:Created>2013-05-01T19:52:45.638Z</wsu:Created></wsse:UsernameToken></wsse:Security>
</soap:Header>
http://techdiary.bitourea.com/2007/03/step-by-step-tutorial-to-use-rampart.html
http://www.coderanch.com/t/422683/Web-Services/java/SOAP-Header-missing-Rampart-Axis
http://stackoverflow.com/questions/11794223/rampart-doesnt-add-necessary-headers-to-soap-envelope
SET AXIS2_HOME=/axis2-1.6.2 wsdl2java.bat -uri https://X.com?wsdl -o JavaPrj -p mypackage.is.cool -d xmlbeans -t -ss -ssi -sd -g -ns2p System.setProperty(“javax.net.ssl.keyStore”, “/data/PkiCertificate/tomcatkeystore.jks”); System.setProperty (“javax.net.ssl.keyStorePassword”, “changeit”); System.setProperty(“javax.net.ssl.trustStore”, “/data/PkiCertificate/clientstore.jks”); System.setProperty(“javax.net.ssl.trustStorePassword”, “changeit”); setx -m JAVA_HOME “jdk1.7.0_04″ setx -m javax.net.ssl.keyStore “/keystore.jks”); setx -m javax.net.ssl.keyStorePassword “passwordislong”); setx -m javax.net.ssl.trustStore “/keystore.jks”); setx -m javax.net.ssl.trustStorePassword “passwordislong”);
http://nl.globalsign.com/en/support/ssl+certificates/java/java+based+webserver/keytool+commands/
-Djavax.net.debug = SSL, TrustManager
http://docs.oracle.com/javaee/1.4/tutorial/doc/Security7.html
http://broadsign.com/docs/9-2-1/appendix/apache-axis2/
http://web.archiveorange.com/archive/v/fNNSSwpIzBWqt1TcJdT4
http://stackoverflow.com/questions/5871279/java-ssl-and-cert-keystore
http://javarevisited.blogspot.com/2012/09/difference-between-truststore-vs-keyStore-Java-SSL.html
PasswordDigest
http://www.ibm.com/developerworks/training/kp/j-kp-wssecurity/
http://ianso.blogspot.com/2009/12/building-ws-security-enabled-soap.html
Веб-сервисы Java: WS-Security без клиентских сертификатов
http://www.ibm.com/developerworks/java/library/j-jws17/index.html
Понимание спецификаций веб-сервисов, часть 4: WS-Security
http://www.ibm.com/developerworks/webservices/tutorials/ws-understand-web-services4/
Web-сервисы Java: подпись и шифрование Axis2 WS-Security
http://www.ibm.com/developerworks/java/library/j-jws5/index.html
Лучшие практики для веб-сервисов
http://www.ibm.com/developerworks/library/ws-best11/
Веб-сервисы Java: основы Axis2 WS-Security
http://www.ibm.com/developerworks/webservices/library/j-jws4/index.html
Веб-сервисы Java: высокая стоимость (WS-) Security
http://www.ibm.com/developerworks/java/library/j-jws6/index.html
Веб-службы Java: WS-Trust и WS-SecureConversation
http://www.ibm.com/developerworks/java/library/j-jws15/index.html
Веб-сервисы Java: WS-Security с CXF
http://www.ibm.com/developerworks/java/library/j-jws13/index.html
Веб-сервисы Java: детальное использование WS-Security
http://www.ibm.com/developerworks/java/library/j-jws7/index.html
Веб-службы Java: моделирование и проверка WS-SecurityPolicy
http://www.ibm.com/developerworks/java/library/j-jws21/index.html
Веб-сервисы Java: основы Axis2 WS-Security
http://www.ibm.com/developerworks/java/library/j-jws4/
http://blog.sweetxml.org/2007/12/rampart-basic-examples-how-you-add-ws.html
http://www.javaranch.com/journal/200709/web-services-authentication-axis2.html
http://stackoverflow.com/questions/14266237/adding-ws-security-to-wsdl2java-generated-classes
http://wso2.org/library/3415#step_1
http://ws.apache.org/tcpmon/index.html
Metro для Java (веб-сервисы)
- https://metro.java.net/
- https://metro.java.net/2.2.1-1/
- https://metro.java.net/discover/
- https://metro.java.net/guide/
Веб-сервисы Java: знакомство с Metro
http://www.ibm.com/developerworks/java/library/j-jws9/index.html
http://www.bouncycastle.org/java.html
Apache CXF Security
http://cxf.apache.org/docs/ws-security.html
Рекомендации по безопасности
http://ws.apache.org/wss4j/best_practice.html
Безопасность веб-служб для Java
http://ws.apache.org/wss4j/index.html
Безопасность AXIS2
http://axis.apache.org/axis2/java/rampart/index.html
CXF
http://www.ibm.com/developerworks/java/library/j-jws12/index.html
Веб-сервисы Java: понимание и моделирование WSDL 1.1
http://www.ibm.com/developerworks/java/library/j-jws20/index.html
Руководство по JAX-WS
http://axis.apache.org/axis2/java/core/docs/jaxws-guide.html
Краткое руководство по Axis2
http://axis.apache.org/axis2/java/core/docs/quickstartguide.html
Часто задаваемые вопросы Axis2
http://axis.apache.org/axis2/java/core/faq.html