Security

Apache Axis2 WS-Security message signing vulnerability (Version 1.5.1)

Submitted by Kamal Wickramanayake on July 18, 2010 - 12:32

Note: See the bottom of this page to download the sample code used.

Rampart is the Apache Axis2 module that implements the WS-Security features. To add such features to your Web service, Axis2 provides two different configuration mechanisms. One depends on WS-SecurityPolicy and is the approach that is preferred. The other approach is known as the “parameter based configuration”.

Sample X.509 certificate collection with public/private keys (for Java)

Submitted by Kamal Wickramanayake on July 10, 2010 - 09:39

If you want to test your Java application which requires digital certificates, here's a collection of such certificates with associated public/private keys in .jks format (the Java standard format - Java Key Store).

For example, you can use these to test Web services or enable SSL support of a Java server (and clients - if you want).

Using Spring Security in your Java web application

Submitted by Kamal Wickramanayake on July 9, 2010 - 07:50

Spring is a great application framework extensively used in Java applications. Spring Security is yet another open source product from the same company that provides extensive security features going beyond what is in the Java Enterprise Edition specifications (Servlets, EJB). Interestingly, you can use Spring Security in any application server you like without modifications to your application. So your security configuration is not going to be different in different environments, it  becomes portable too.

jkscertgen : Generate a full set of CA, service and client keys and certificates in Java keystores

Submitted by Kamal Wickramanayake on June 18, 2008 - 18:33

You are into Java security. You want to generate some X.509 certificates to test your application (or use in your production environment). Here's a simple X.509 certificate generator script that makes your life very simple. Download and execute, it will do all the following and you get the keys and signed certificates.