WS Security is implemented in FIRMS by using WSS4J and custom handlers developed by the OMII. Security is implemented on both the client and the server side. Every message generated at the client and server are passed through the chain of security handlers and authenticated by a set of security handlers within the handler chain in the request flow of the web services.
Client side security is implemented by the WSOutboundHandler. This handler reads from crypto.properties file, PWCallback class and other information. This information is provided in the “FIRMS-conf” folder in the class path at the client side.
User has to change the omii.ks file location to OMIICLIENT installed directory in the crypto.properties file.
Server side security is implemented by a set of handlers in the request and response flow of the SOAP Messages. Deployment descriptors for FIRMS web services have the information required to implement WS Security.
SOAP Message security header is validated by the set of handlers in the request flow. The snippet below depicts the SOAP Message with WS Security of the created WSRM SOAP Message.
<?xml version="1.0" encoding="utf-8"?> <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"><soapenv:Header> <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis- open.org/wss/2004/01/oasis-200401-wss-wssecurity- secext-1.0.xsd"><wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss- soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis- open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="CertId-3875628" xmlns:wsu="http://docs.oasis- open.org/wss/2004/01/oasis-200401-wss-wssecurity- utility-1.0.xsd">MIIDJjCCAg6gAwIBAgICFAwwDQYJKoZIhvcNAQEEBQAwgYIxLTArBgNVBAMTJE9NSUkgVGVtcG9yYXJ5IENlcnRpZmljYXRlIEF1dGhvcml0eTESMBAGA1UECBMJSGFtcHNoaXJlMQswCQYDVQQGEwJVSzEhMB8GCSqGSIb3DQEJARYSc3VwcG9ydEBvbWlpLmFjLnVrMQ0wCwYDVQQKEwRPTUlJMB4XDTA2MDEwNTE5Mzg0N1oXDTA2MDIwNDE5Mzg0N1owgZ0xHjAcBgNVBAMTFWxvY2FsaG9zdC5sb2NhbGRvbWFpbjEQMA4GA1UECBMHSW5kaWFuYTEMMAoGA1UEBhMDVVNBMSEwHwYJKoZIhvcNAQkBFhJkeWVtbWVAaW5kaWFuYS5lZHUxGzAZBgNVBAoTEkluZGlhbmEgVW5pdmVyc2l0eTEbMBkGA1UECxMSSW5kaWFuYSBVbml2ZXJzaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCnPg77zY0Cn8n6zkzWRAZVbOhulbvsoBhrdaxlryxwMVIttpCWuU0HyWsOwUbtUhsKcaqDmYCvsv+a8s91q1Y3x8T8yDWNT7vhOtUQUleKpDe9YoN39OijitE/G8YWjNvQXBajEhb56TqQeGK/POQzFImTtE/0g5Q/x8SBisNSSQIDAQABow0wCzAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBBAUAA4IBAQA69jW8XVmIWMTHP5/hW7XaZgd/mrElQrncOURuCUB0z8zh/PuBVgXW2CIkhP/xkWMbpYfGMBUEsSxXe+q39Qb9KnKuc4NutkTl A/xwU4PqjxhUiKx8zfiLhTvYcld7nCKzd487CuKol2bMRUgJ4wEy2HJwddvujXNG/PUR7EYqbMGXwh8yLs4I1WhvkdGGp/y+UqYjL5aKJnVy/19SUCUFNlCfXGu1/pdM61G5KIzREs5cx/p4AAIQrOsxlLRsAs/MGYyV/jgjKGxd1hkiKFiXgxycfnbwjicoBcDqZdGYmF0mmU9w5MAYZUJ6cLrByjkKQ2KkJqoTlyBzekl/20xC</wsse:BinarySecurityToken><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa- sha1"/> <ds:Reference URI="#id-9449509"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <ds:DigestValue>I9TnvZIf+c5yrb4QotJbTzYR+6U=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue> XlUDo7xyLDLDkt2L9a7rXhoP6gAlFcUmictK3eRKkVhafwXyw+0I0bq+0aLoNqP2lPrEsX8OG5Cumd2AbsC3HS+KMW3vuoadZEhNMZg+byME9tfx4N2/+ehLci0YyiQP+btoe3S9Q9arEg6wQWmaguXrpebgD9irBuZNpMbl4Tg= </ds:SignatureValue> <ds:KeyInfo Id="KeyId-18997034"> <wsse:SecurityTokenReference wsu:Id="STRId-8573456" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss- wssecurity-utility-1.0.xsd"><wsse:Reference URI="#CertId-3875628" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/></wsse:SecurityTokenReference> </ds:KeyInfo> </ds:Signature></wsse:Security><nar:wsrm.application.message xmlns:nar="http://www.naradabrokering.org">Tracker :0.1662104721442097</nar:wsrm.application.message><add:MessageID xmlns:add="http://schemas.xmlsoap.org/ws/2004/08/addressing">cdf6f164-9d3d-4a09-8d86-01f5fcdb21a5</add:MessageID><add:From xmlns:add="http://schemas.xmlsoap.org/ws/2004/08/addressing"><add:Address>http://156.56.104.46:18080/axis/services/WsrmServiceA</add:Address></add:From><add:To xmlns:add="http://schemas.xmlsoap.org/ws/2004/08/addressing">http://156.56.104.135:18080/axis/services/WsrmServiceB</add:To></soapenv:Header><soapenv:Body wsu:Id="id-9449509" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><nar:wsrm.application.message xmlns:nar="http://www.naradabrokering.org">Tracker :0.1662104721442097</nar:wsrm.application.message></soapenv:Body></soapenv:Envelope> |