WebService Handler Properties

Property

Value

wss.ws.xxxx.requireencryptedrequest

<true | false> - xxxx is replaced with the webservice name or default.

If true, the SOAP request must be encrypted in order to invoke this service. Note that as all wss.ws.xxxx.* properties, if the xxxx is replaced with "default" then the configuration entry will be the default for all webservice calls through this Agent.

Default is false.

wss.ws.xxxx.requiresignedrequest

<true | false> - xxxx is replaced with the webservice name or default.

If true, the SOAP request must be signed in order to invoke this service.

Default is false.

wss.ws.xxxx.requiressl

<true | false> - xxxx is replaced with the webservice name or default.

If true, SSL encryption is required for calling this webservice – note that in order for it to work, the webservice call has to be passed through HTTP and the PP Dispatcher.

Default is false.

wss.ws.xxxx.encryptresponse

<true | false> - xxxx is replaced with the webservice name or default.

If true, the response will be encrypted with the certificate used to sign the request.

Default is false.

wss.ws.xxxx.signresponse

<Alias of signer | false> - xxxx is replaced with the webservice name or default.

If not false, it will be the alias of the key used to sign the response.

Default is false.

wss.ws.xxxx.usergroups

<List of user groups> - xxxx is replaced with the webservice name or default.

Contains a list of usergroups – the user making the call must belong to one of the specified user groups in order to make the call. Default is empty which means that no user group checking is done.

Default is an empty list.

wss.ws.xxxx.acl

<Name of ACL> - xxxx is replaced with the webservice name or default.

If specified, this is a name of an ACL that will be checked to verify that the user has access to this service – it works much like wss.ws.xxxx.usergroups, except the ACL itself contains mappings to groups/users.

Default is no ACL.

wss.ws.xxxx.signrequest

<Alias of signer | false> - xxxx is replaced with the webservice name or default.

If not false, this is the alias of a key used to sign the request. The SOAP request will then be signed using the specified key.

Default is false.

wss.ws.xxxx.encryptrequest

<Recipient | false> - xxxx is replaced with the webservice name or default.

If not false, this is the recipient which the SOAP request will be encrypted to – we will attempt to find the certificate either in the wss.encryptcerts list or in any of the loaded certificates from the wss.ws.xxxx keystores. If not found there, we will attempt to contact TDC's OCES LDAP server to load the certificate from there based on the email address, name or serial (PID/CVR/RID).

Default is false.

wss.ws.xxxx.signparts

<List of parts to sign> - xxxx is replaced with the webservice name or default.

Specify which parts of the SOAP message to include in the signature – can contain namespace and header name, along with the tag "Body" to sign the entire SOAP body.

Default is: "Body;{

http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\

}Timestamp;{

http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\

}BinarySecurityToken"
Which signes the entire SOAP body and the Timestamp and BinarySecurityToken headers.

wss.ws.xxxx.allowanonymouscalls

<true | false> - xxxx is replaced with the webservice name or default.


Default is false