About Question enthuware.ocejws.v6.2.328 :
Posted: Wed Nov 05, 2014 1:02 pm
The question is:
I was thinking that Username/Password is for 'authentication', and that the symmetric key is for encryption/'confidentiality', but how does 'integrity' come in?We have got a Web Service that needs to be secured. The choice has been made to use WSIT-security in particulair the mechanism also known as:
"Username Authentication with Symmetric Keys".
What is/are the correct statement(s)?
Supplied correct answers:
- The WSIT client-side configuration file will contain the following policy:
<wsp:Policy wsu:Id="WebServicePortBindingPolicy"> <wsp:ExactlyOne>
<wsp:All>
<sc:CallbackHandlerConfiguration wspp:visibility="private">
<sc:CallbackHandler default="wsitUser" name="usernameHandler"/>
<sc:CallbackHandler default="changeit" name="passwordHandler"/>
</sc:CallbackHandlerConfiguration>
<sc:TrustStore wspp:visibility="private" peeralias="xws-security-server" storepass="changeit" type="JKS" location="C:\glassfish-4.0\glassfish\domains\domain1\config\cacerts.jks"/>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
- This WSIT-mechanism protects the Web Service for 'integrity' and 'confidentiality'.