Say; your self signed certificate has been expired & you want to renew it by keeping same private key. Lets try out as following. Step 1 Find out the PrivateKeyEntry of the expired keystore (wso2carbon.jks) >keytool -list -keystore wso2carbon.jks | grep PrivateKeyEntry It is given as the alias called “wso2carbon” Lets list the certificate […]
Category: WS-Security
In my previous posts, we talked about securing BE service with WSO2ESB. But, there are some issues with way that we have configured when it comes to production developments. In this blog post, we are trying to overcome from them. OK, let see what has happened with previous blog posts. 1. This post; we discussed how […]
Lets say, we have a backend web service that has been secured with Username Token security policy and user name token must be sent to access it. But your client application (which is not in this domain), would send user name and password in different manner (not in Username token). Therefore client would not be able to talk […]
WSO2 ESB is a popular proxy service engine that you can use to proxy the backend services and expose them as SOAP based web services. It provides QoS for proxy services that you can apply WS-Security policies in an easier manner. There are several pre-defined WS-Security policies in the ESB, that you can apply for […]
WSO2 ESB can be used for implementing various security patterns in your SOA. It supports message level security with WS-Security specification. In this blog post, we are going to use WSO2 ESB to invoke a secured BE service. Lets assume BE service is secured with WS-Security Policy. Policy contains both signature and encryption and […]
Most of web services have been secured using various WS-security methods. Therefore we need to implements clients that support WS-Security to invoke these web services. If you are using Rampart or WSS4J for WS-Security for processing in client side, you may need to create a password callback class for following 1. Get the password to […]