Webservice Security, UsernameToken and Elytron configuration

38 views

Skip to first unread message

Hans-Jürgen

unread,

Mar 10, 2025, 7:40:52 AM3/10/25

to WildFly

I call my @WebService with WSS Security

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Header>

<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:UsernameToken wsu:Id="UsernameToken">
<wsse:Username>user</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>

</soapenv:Header>
<soapenv:Body>

Migrating to Wildfly 34 I want to use elytron to do authorisation.

Is there any documentation or example, who to do this by using standalone.xml? I managed to secure a html-Form with <mechanism-configuration> <mechanism mechanism-name="FORM">, security-domain and realm but this does not work with WSS Usernametoken.

Rebecca Searls

unread,

Mar 13, 2025, 1:02:55 PM3/13/25

to WildFly

I suggest taking a look at this example code to get started
https://github.com/wildfly-security-incubator/elytron-examples.git
example jaas-realm

Reply all

Reply to author

Forward

0 new messages