Crypting the webservice responses in AXIS

ffellico · Apr 4, 2007

Hi.

I have a webservice in tomcat/axis with a method that send back a
byte[] response.

I have seen that to send back the array of bytes, AXIS trasform it in
a BASE64 String (i think only to trasport it); the client retreive the
original array without problems because on the client side the BASE64
String is automatically reconverted in the original array of bytes.

Before the BASE64 String is sended back, I am interested to encrypt it
(with a my routine) and naturally at the client side I need to decrypt
it, so the application can receive the correct file.

Can anyone suggest me a way to insert in suitable places the crypt/
decript code?

Alternatively, it is possible in some way to ask AXIS to crypt/decrypt
the responses automatically?

Thank you from Franco in Italy.

Lew · Apr 4, 2007

Alternatively, it is possible in some way to ask AXIS to crypt/decrypt
the responses automatically?

<http://ws.apache.org/wss4j/>
<http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0.pdf>
<http://java.sun.com/webservices/xwss/>
<http://xml.apache.org/security/>

GIYF.
"XML Security"
"Web Services Security"
"SAML"

=?ISO-8859-1?Q?Arne_Vajh=F8j?= · Apr 5, 2007

I have a webservice in tomcat/axis with a method that send back a
byte[] response.

I have seen that to send back the array of bytes, AXIS trasform it in
a BASE64 String (i think only to trasport it); the client retreive the
original array without problems because on the client side the BASE64
String is automatically reconverted in the original array of bytes.

Before the BASE64 String is sended back, I am interested to encrypt it
(with a my routine) and naturally at the client side I need to decrypt
it, so the application can receive the correct file.

Can anyone suggest me a way to insert in suitable places the crypt/
decript code?

Alternatively, it is possible in some way to ask AXIS to crypt/decrypt
the responses automatically?

Have the web service transform it:
unencrypted byte[] -> encrypted byte[]

And the client:
encrypted byte[] -> unencrypted byte[]

If you use a standard algorithm like 3DES or AES, then
it is even portable.

You can also look at using WSS (WS-Security), but at least in Axis 1
that was a pretty complex task.

Say if you want to go that route - I do have some working code on
the shelf.

I have not used WSS with Axis2 yet, so I can not say how difficult
that is.

Arne

Chunked responses	4	May 18, 2009
webservice interface in glassfish 3	1	Dec 15, 2011
Axis webservice returning an array of class	3	Mar 10, 2007
Problem to call a WEBSERVICE in another WEBSERVICE (AXIS/ TOMCAT)	2	Jun 1, 2006
Axis webservice - Redirecting calls with a handler	0	Feb 16, 2006
Axis Webservice - how to return XML-Document?	3	Jan 17, 2006
SJSAS WebService	0	Feb 12, 2006
Attachments in AXIS	0	Nov 20, 2006

Crypting the webservice responses in AXIS

ffellico

Lew

=?ISO-8859-1?Q?Arne_Vajh=F8j?=

Ask a Question

Similar Threads

Members online

Forum statistics

Latest Threads