You are viewing a plain text version of this content. The canonical link for it is here.
Posted to wss4j-dev@ws.apache.org by Mi...@servicecanada.gc.ca on 2007/07/10 16:04:43 UTC
RE: Rampart configuration question
Thanks Ruchith,
Sorry everyone for crossposting, but I just now became aware that there is a rampart mailing list. I also realize that the source of the problem is in wss4j code. So I won't post further replies to the axis list. And for the people on the rampart and wss4j lists: should I post replies to both lists?
Anyway, I did try removing the encryptionPropFile entry, and it threw an exception.
org.apache.rampart.handler.WSDoAllHander
extends
org.apache.ws.security.handler.WSHandler
from wss4j, and in that file, at around line 420 is this code:
else if ((crypto = reqData.getSigCrypto()) == null) {
throw new WSSecurityException(
"WSHandler: Encryption: no crypto property file");
}
I tried to comment out that code and rebuild wss4j, but some of that library's classes depend on axis1, and I'm trying to compile against axis2, so I'm running into problems.
cheers,
md
> -----Original Message-----
> From: Ruchith Fernando [mailto:ruchith.fernando@gmail.com]
> Sent: Tuesday, July 10, 2007 5:07 AM
> To: axis-user@ws.apache.org
> Subject: Re: Rampart configuration question
>
>
> I agree we should not require the
> "<encryptionPropFile>client.properties</encryptionPropFile>" entry.
>
> Can you please try removing it?
>
> Thanks,
> Ruchith
>
> On 7/6/07, Michael.Davis@servicecanada.gc.ca
> <Mi...@servicecanada.gc.ca> wrote:
> > Hi,
> >
> > I'm trying to use Rampart to encrypt my message body using
> a symetric secret key.
> >
> > Sample 9, included with the Rampart distibution, does just
> this. The actual key is hard-coded in a callback function
> both on the client and the server. My understanding is that
> the key is the only piece of data needed to encode the message.
> >
> > I was wondering why this part of the client config file:
> >
> > <action>
> > <items>Encrypt</items>
> > <user>client</user>
> >
> <encryptionKeyIdentifier>EmbeddedKeyName</encryptionKeyIdentifier>
> >
> <EmbeddedKeyCallbackClass>org.apache.rampart.samples.sample09.
> PWCBHandler</EmbeddedKeyCallbackClass>
> >
> <encryptionPropFile>client.properties</encryptionPropFile>
> > <EmbeddedKeyName>SessionKey</EmbeddedKeyName>
> > </action>
> >
> > contains the encryptionPropFile property. The said property
> file contains this:
> >
> >
> org.apache.ws.security.crypto.provider=org.apache.ws.security.
> components.crypto.Merlin
> > org.apache.ws.security.crypto.merlin.keystore.type=jks
> > org.apache.ws.security.crypto.merlin.keystore.password=apache
> > org.apache.ws.security.crypto.merlin.file=client.jks
> >
> > Now, I can see why we need to configure the provider class.
> But why does Rampart need the keystore? I'm not using
> public/private keys or certificates, just one secret key.
> >
> > The code works, but I'd like to simplify it as much as
> possible. The properties and keystore files shouldn't be
> necessary, unless I'm misunderstanding something.
> >
> > Many thanks
> > Michael Davis
> >
> >
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> > For additional commands, e-mail: axis-user-help@ws.apache.org
> >
> >
>
>
> --
> www.ruchith.org
> www.wso2.org
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-user-help@ws.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
RE: Rampart configuration question
Posted by Mi...@servicecanada.gc.ca.
Hi again,
I figured out that there are just a couple of classes in wssj4 that depend on axis 1. I removed them, and commented out the code I listed below from WSHandler, rebuilt wss4j, and now it works - I can encode my message without a properties file or keystore file.
cheers,
md
> -----Original Message-----
> From: Davis, Michael
> Sent: Tuesday, July 10, 2007 10:05 AM
> To: 'axis-user@ws.apache.org'
> Cc: 'rampart-dev@ws.apache.org'; wss4j-dev@ws.apache.org
> Subject: RE: Rampart configuration question
>
>
> Thanks Ruchith,
>
> Sorry everyone for crossposting, but I just now became aware
> that there is a rampart mailing list. I also realize that the
> source of the problem is in wss4j code. So I won't post
> further replies to the axis list. And for the people on the
> rampart and wss4j lists: should I post replies to both lists?
>
> Anyway, I did try removing the encryptionPropFile entry, and
> it threw an exception.
>
> org.apache.rampart.handler.WSDoAllHander
> extends
> org.apache.ws.security.handler.WSHandler
> from wss4j, and in that file, at around line 420 is this code:
>
> else if ((crypto = reqData.getSigCrypto()) == null) {
> throw new WSSecurityException(
> "WSHandler: Encryption: no crypto property file");
> }
>
> I tried to comment out that code and rebuild wss4j, but some
> of that library's classes depend on axis1, and I'm trying to
> compile against axis2, so I'm running into problems.
>
> cheers,
> md
>
>
> > -----Original Message-----
> > From: Ruchith Fernando [mailto:ruchith.fernando@gmail.com]
> > Sent: Tuesday, July 10, 2007 5:07 AM
> > To: axis-user@ws.apache.org
> > Subject: Re: Rampart configuration question
> >
> >
> > I agree we should not require the
> > "<encryptionPropFile>client.properties</encryptionPropFile>" entry.
> >
> > Can you please try removing it?
> >
> > Thanks,
> > Ruchith
> >
> > On 7/6/07, Michael.Davis@servicecanada.gc.ca
> > <Mi...@servicecanada.gc.ca> wrote:
> > > Hi,
> > >
> > > I'm trying to use Rampart to encrypt my message body using
> > a symetric secret key.
> > >
> > > Sample 9, included with the Rampart distibution, does just
> > this. The actual key is hard-coded in a callback function
> > both on the client and the server. My understanding is that
> > the key is the only piece of data needed to encode the message.
> > >
> > > I was wondering why this part of the client config file:
> > >
> > > <action>
> > > <items>Encrypt</items>
> > > <user>client</user>
> > >
> > <encryptionKeyIdentifier>EmbeddedKeyName</encryptionKeyIdentifier>
> > >
> > <EmbeddedKeyCallbackClass>org.apache.rampart.samples.sample09.
> > PWCBHandler</EmbeddedKeyCallbackClass>
> > >
> > <encryptionPropFile>client.properties</encryptionPropFile>
> > > <EmbeddedKeyName>SessionKey</EmbeddedKeyName>
> > > </action>
> > >
> > > contains the encryptionPropFile property. The said property
> > file contains this:
> > >
> > >
> > org.apache.ws.security.crypto.provider=org.apache.ws.security.
> > components.crypto.Merlin
> > > org.apache.ws.security.crypto.merlin.keystore.type=jks
> > > org.apache.ws.security.crypto.merlin.keystore.password=apache
> > > org.apache.ws.security.crypto.merlin.file=client.jks
> > >
> > > Now, I can see why we need to configure the provider class.
> > But why does Rampart need the keystore? I'm not using
> > public/private keys or certificates, just one secret key.
> > >
> > > The code works, but I'd like to simplify it as much as
> > possible. The properties and keystore files shouldn't be
> > necessary, unless I'm misunderstanding something.
> > >
> > > Many thanks
> > > Michael Davis
> > >
> > >
> >
> ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> > > For additional commands, e-mail: axis-user-help@ws.apache.org
> > >
> > >
> >
> >
> > --
> > www.ruchith.org
> > www.wso2.org
> >
> >
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> > For additional commands, e-mail: axis-user-help@ws.apache.org
> >
> >
>
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
RE: Rampart configuration question
Posted by Mi...@servicecanada.gc.ca.
Hi again,
I figured out that there are just a couple of classes in wssj4 that depend on axis 1. I removed them, and commented out the code I listed below from WSHandler, rebuilt wss4j, and now it works - I can encode my message without a properties file or keystore file.
cheers,
md
> -----Original Message-----
> From: Davis, Michael
> Sent: Tuesday, July 10, 2007 10:05 AM
> To: 'axis-user@ws.apache.org'
> Cc: 'rampart-dev@ws.apache.org'; wss4j-dev@ws.apache.org
> Subject: RE: Rampart configuration question
>
>
> Thanks Ruchith,
>
> Sorry everyone for crossposting, but I just now became aware
> that there is a rampart mailing list. I also realize that the
> source of the problem is in wss4j code. So I won't post
> further replies to the axis list. And for the people on the
> rampart and wss4j lists: should I post replies to both lists?
>
> Anyway, I did try removing the encryptionPropFile entry, and
> it threw an exception.
>
> org.apache.rampart.handler.WSDoAllHander
> extends
> org.apache.ws.security.handler.WSHandler
> from wss4j, and in that file, at around line 420 is this code:
>
> else if ((crypto = reqData.getSigCrypto()) == null) {
> throw new WSSecurityException(
> "WSHandler: Encryption: no crypto property file");
> }
>
> I tried to comment out that code and rebuild wss4j, but some
> of that library's classes depend on axis1, and I'm trying to
> compile against axis2, so I'm running into problems.
>
> cheers,
> md
>
>
> > -----Original Message-----
> > From: Ruchith Fernando [mailto:ruchith.fernando@gmail.com]
> > Sent: Tuesday, July 10, 2007 5:07 AM
> > To: axis-user@ws.apache.org
> > Subject: Re: Rampart configuration question
> >
> >
> > I agree we should not require the
> > "<encryptionPropFile>client.properties</encryptionPropFile>" entry.
> >
> > Can you please try removing it?
> >
> > Thanks,
> > Ruchith
> >
> > On 7/6/07, Michael.Davis@servicecanada.gc.ca
> > <Mi...@servicecanada.gc.ca> wrote:
> > > Hi,
> > >
> > > I'm trying to use Rampart to encrypt my message body using
> > a symetric secret key.
> > >
> > > Sample 9, included with the Rampart distibution, does just
> > this. The actual key is hard-coded in a callback function
> > both on the client and the server. My understanding is that
> > the key is the only piece of data needed to encode the message.
> > >
> > > I was wondering why this part of the client config file:
> > >
> > > <action>
> > > <items>Encrypt</items>
> > > <user>client</user>
> > >
> > <encryptionKeyIdentifier>EmbeddedKeyName</encryptionKeyIdentifier>
> > >
> > <EmbeddedKeyCallbackClass>org.apache.rampart.samples.sample09.
> > PWCBHandler</EmbeddedKeyCallbackClass>
> > >
> > <encryptionPropFile>client.properties</encryptionPropFile>
> > > <EmbeddedKeyName>SessionKey</EmbeddedKeyName>
> > > </action>
> > >
> > > contains the encryptionPropFile property. The said property
> > file contains this:
> > >
> > >
> > org.apache.ws.security.crypto.provider=org.apache.ws.security.
> > components.crypto.Merlin
> > > org.apache.ws.security.crypto.merlin.keystore.type=jks
> > > org.apache.ws.security.crypto.merlin.keystore.password=apache
> > > org.apache.ws.security.crypto.merlin.file=client.jks
> > >
> > > Now, I can see why we need to configure the provider class.
> > But why does Rampart need the keystore? I'm not using
> > public/private keys or certificates, just one secret key.
> > >
> > > The code works, but I'd like to simplify it as much as
> > possible. The properties and keystore files shouldn't be
> > necessary, unless I'm misunderstanding something.
> > >
> > > Many thanks
> > > Michael Davis
> > >
> > >
> >
> ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> > > For additional commands, e-mail: axis-user-help@ws.apache.org
> > >
> > >
> >
> >
> > --
> > www.ruchith.org
> > www.wso2.org
> >
> >
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> > For additional commands, e-mail: axis-user-help@ws.apache.org
> >
> >
>