View Attach Info

The SOAP Security Header Element#

The WS-BPEL specification recommends the use of WS-Security to secure workflows.

Alfresco implements the UsernameToken Profile of the WS-I Basic Security Profile 1.0. A SOAP message is given below showing a UsernameToken security header. There are four principal elements: Created and Expires timestamps, a Username and a Password.

The Username corresponds to the name of the Alfresco administration account used to retrieve the security ticket from the Authentication Service and the Password is the corresponding Ticket string.

The timestamps define the Time To Live (TTL) for the ticket. In this case any Web service request reaching Alfresco more than 5 minutes after the issue of the security ticket will result in an exception being thrown. The maximum permissible TTL is set programatically using the WSHandlerConstants.TTL_TIMESTAMP constant. Presumably it is pointless to set an Expires timestamp later in time than Created by an amount greater than the WSHandlerConstants.TTL_TIMESTAMP which defaults to 5 minutes. 

<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" 
              xmlns:xsd="http://www.w3.org/2001/XMLSchema" 
              xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
    <env:Header>
        <Security xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
            <Timestamp xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" 
                       ans1:Id="" 
                       xmlns:ans1="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" 
                       xmlns:ns1="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
	        <ans1:Created>2007-08-01T12:13:37+01:00</ans1:Created>
		<ans1:Expires>2007-08-01T12:18:37+01:00</ans1:Expires>
            </Timestamp>
	    <UsernameToken xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" 
                           xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
	        <Username>admin</Username>
		<Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">TICKET_de9b08df-4017-11dc-8ec5-41f7efb0a5f7</Password>
	    </UsernameToken>
	</Security>
    </env:Header>
    <env:Body>
        
    ....

    </env:Body>
</env:Envelope>

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-) was last changed on 13-May-2009 21:12 by clayton