WS-Security

Hi All,

Is there any protable solution for web service security avaibale?

I am using weblogic for deploying my webservices. my webservice file look something like this:

package com.test; import javax.jws.*; import weblogic.jws.Policies; import weblogic.jws.Policy; @WebService ( name = "HelloWorldPortType", serviceName = "HelloWorldService", targetNamespace = "http://mycomany.com" ) @Policies({ @Policy(uri="policy:Sign.xml"), @Policy(uri="policy:Encrypt.xml") }) public class HelloWorldService { public String sayHello(String name) { return "Hello there, " + name; } }

This service includes various weblogic specific import statements. Is there any way to avoid these imports and implement the WS-Security in a more portable way?

Thanks in advance.

Kalai.

Unfortunately there is no standard way to specify what WS-Security features should be applied to a web service. Each WS engine uses its own system, which means that there is a certain amount of non-portability. Axis is a bit better than what you're showing here, in that it uses external deployment descriptors that leave no trace in the source code.

Thanks Ulf Dittmer.

Is it possible to use WSS4J with weblogic. Does this will give portability across different soap engines? - This is the one which I am currently looking into.

Thanks.
Kalai.

WSS4J is the library that implements WS-Security; I believe (not quite sure) that all SOAP stacks use it. But the way it's integrated differs between servers, so I don't think that there's currently a way to achieve cross-platform compatibility.