Best Practices and Pitfalls


The following recapitulates some best practices and pitfalls regarding the use of WS-Security for interoperability.

Best Practices

  • Use compatible or certified software component versions. Don't assume the latest version of open source components always work with the existing code base.

  • Use specific encryption and digest algorithms that are proven to work for Java EE .NET interoperable products. Use Triple DES for session key encryption to enable WSE in the app.config for interoperability.

     <binarySecurityTokenManager   valueType=   "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3">   <sessionKeyAlgorithm name="TripleDES" /> </binarySecurityTokenManager> 

  • Use Optimal Asymmetric Encryption Padding (RSAOAEP RSA) as the encryption key algorithm to enable WSE in the app.config file for interoperability.

    [View full width]

    <binarySecurityTokenManager valueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1 .0#X509v3"> <keyAlgorithm name="RSAOAEP" /> </binarySecurityTokenManager>

  • Use built-in handlers or security policies wherever possible, instead of rewriting your own security processing logic. If you want to customize your own security processing logic, you may consider extending the existing handlers.

Pitfalls

  • Certificate management on both platforms can be problematic For example, if the digital certificate is expired, the error messages may disguise the problem as being invalid credentials or keys but not the expired certificates.

  • Use of security exception Don't just catch the exception. Make the error message meaningful. For example, the exception "no policy found" can be ambiguous and does not tell what the root cause is.




Java EE and. Net Interoperability(c) Integration Strategies, Patterns, and Best Practices
Java EE and .NET Interoperability: Integration Strategies, Patterns, and Best Practices
ISBN: 0131472232
EAN: 2147483647
Year: N/A
Pages: 170

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net