You are viewing a plain text version of this content. The canonical link for it is here.
Posted to wss4j-dev@ws.apache.org by "Vijay Chiniwar (HCL Financial Services)" <Vi...@hcl.in> on 2007/03/22 16:19:14 UTC
verifying signature at proxy
DISCLAIMER:
-----------------------------------------------------------------------------------------------------------------------
The contents of this e-mail and any attachment(s) are confidential and intended for the named recipient(s) only.
It shall not attach any liability on the originator or HCL or its affiliates. Any views or opinions presented in
this email are solely those of the author and may not necessarily reflect the opinions of HCL or its affiliates.
Any form of reproduction, dissemination, copying, disclosure, modification, distribution and / or publication of
this message without the prior written consent of the author of this e-mail is strictly prohibited. If you have
received this email in error please delete it and notify the sender immediately. Before opening any mail and
attachments please check them for viruses and defect.
-----------------------------------------------------------------------------------------------------------------------
AW: verifying signature at proxy
Posted by "Dittmann, Werner" <we...@siemens.com>.
Hi,
WSS4J does not support proxy mode. A WSS4J server (the proxy has
a server and a client side) always tries to process _all_ security relevant
headers and information. Thus if the security header contains some
encryption related sub-headers WSS4J tries to decrypt it.
To support proxy mode WSS4J would need a specific driver similar
to the existion WSDoAll* drivers that would process only those parts
that are listed i the "action" parameters.
Currently WSS4J uses the action parameter at the server side to verify
if the actions match.
Regards,
Werner
________________________________
Von: Vijay Chiniwar (HCL Financial Services) [mailto:Vijay.Chiniwar@hcl.in]
Gesendet: Donnerstag, 22. März 2007 16:19
An: wss4j-dev@ws.apache.org
Betreff: verifying signature at proxy
Hi,
I am having the following senarios
Senario1: The client sends the message using the (signature encrypt) to the server directly
Senario2: Client sends the message to the proxy server, the proxy server verifies only the signature and transfer the encrypted message to the webservice, where it is decrypted
I was successfully able to complete senario1
However while execution of senario2
I am not able to verify only the signature, i cant have my private key at the proxy server as its used in banking transactions,
When i try to verify the signature i get the error
"WSSecurityEngine: No crypto propery file supplied for decryption". I have not specified any keys for decryption. however if i include my private key in the keystore, things work smoothly. but i dont want to have the private key of webservice at the proxy server, is there any way of achieving this
Thanks and Regards
Vijay Chiniwar
+49-69-910-61769
AW: verifying signature at proxy
Posted by "Dittmann, Werner" <we...@siemens.com>.
Hi,
WSS4J does not support proxy mode. A WSS4J server (the proxy has
a server and a client side) always tries to process _all_ security relevant
headers and information. Thus if the security header contains some
encryption related sub-headers WSS4J tries to decrypt it.
To support proxy mode WSS4J would need a specific driver similar
to the existion WSDoAll* drivers that would process only those parts
that are listed i the "action" parameters.
Currently WSS4J uses the action parameter at the server side to verify
if the actions match.
Regards,
Werner
________________________________
Von: Vijay Chiniwar (HCL Financial Services) [mailto:Vijay.Chiniwar@hcl.in]
Gesendet: Donnerstag, 22. März 2007 16:19
An: wss4j-dev@ws.apache.org
Betreff: verifying signature at proxy
Hi,
I am having the following senarios
Senario1: The client sends the message using the (signature encrypt) to the server directly
Senario2: Client sends the message to the proxy server, the proxy server verifies only the signature and transfer the encrypted message to the webservice, where it is decrypted
I was successfully able to complete senario1
However while execution of senario2
I am not able to verify only the signature, i cant have my private key at the proxy server as its used in banking transactions,
When i try to verify the signature i get the error
"WSSecurityEngine: No crypto propery file supplied for decryption". I have not specified any keys for decryption. however if i include my private key in the keystore, things work smoothly. but i dont want to have the private key of webservice at the proxy server, is there any way of achieving this
Thanks and Regards
Vijay Chiniwar
+49-69-910-61769