SOAP Web Service Tutorials - Herong's Tutorial Examples
∟WS-Security - SOAP Message Security Extension
This chapter provides tutorial examples and notes on WS-Security (WSS) as a SOAP message security extension. Topics include introduction of WS-Security; 'wsse:Security' SOAP header element; Username security token; SoapUI WS-Security configuration; '#PasswordDigest' generation and verification.
What Is WS-Security (WSS)
Using XML Signature and Encryption with WSS
SOAP Header Element "Security"
What Is WS-Security Username Token Profile
SoapUI Configuration for Username Token
Generating Username Token with SoapUI
Validating wsse:Password Digest String
Password Digest Validation Program
Takeaways:
- "WS-Security" is a SOAP extension standard that defines building blocks
to implement SOAP message content integrity and confidentiality.
- "WS-Security" uses the "XML Signature Syntax and Processing" specification for signing XML elements in SOAP messages.
- "WS-Security" uses the "XML Encryption Syntax and Processing" specification for encrypting XML elements in SOAP messages.
- "WS-Security" introduces "wsse:Security" SOAP header elements to pass
security related information in SOAP XML messages.
- "WS-Security" introduces "wsse:UsernameToken" sub element to pass usernames and passwords to authenticate SOAP message sender.
- "WS-Security" introduces "wsse:Nonce" sub element to pass random numbers as message identifiers to prevent replay attacks.
- "WS-Security" introduces "wsu:Created" sub element to pass timestamps to indicate message freshness to prevent replay attacks.
- "WS-Security" introduces "#PasswordDigest" = "Base64 ( SHA-1 ( nonce + created + password ) )"
to hide original passwords and maintain the integrity of "wsse:Nonce" and "wsu:Created".
- "WS-Security" features can be tested using SoapUI.
Table of Contents
About This Book
Introduction to Web Service
Introduction to SOAP (Simple Object Access Protocol)
SOAP Message Structure
SOAP Message Transmission and Processing
SOAP Data Model
SOAP Encoding
SOAP RPC Presentation
SOAP Properties Model
SOAP MEP (Message Exchange Patterns)
SOAP HTTP Binding
SOAP PHP Implementations
PHP SOAP Extension Client Programs
PHP SOAP Extension Server Programs
PHP SOAP Web Service Example - getTemp
SOAP Perl Implementations
Perl SOAP::Lite - SOAP Server-Client Communication Module
Perl Socket Test Program for HTTP and SOAP
Perl SOAP::Lite for NumberToWords SOAP 1.1 Web Service
Perl SOAP::Lite for SOAP 1.2 Web Services
Perl SOAP::Lite for WSDL
Python SOAP Client: Zeep
SOAP Java Implementations
Java Socket and HttpURLConnection for SOAP
SAAJ - SOAP with Attachments API for Java
SoapUI - SOAP Web Service Testing Tool
►WS-Security - SOAP Message Security Extension
WS-Security X.509 Certificate Token
Perl SOAP::Lite for GetSpeech SOAP 1.1 Web Service
Perl SOAP::Lite 0.710 for SOAP 1.2 Web Services
Perl SOAP::Lite 0.710 for WSDL
Web Services and SOAP Terminology
Archived Tutorials
References
Full Version in PDF/EPUB