You are viewing a plain text version of this content. The canonical link for it is here.
Posted to fx-dev@ws.apache.org by Steve Behrendt <st...@weg.com.br> on 2005/07/01 19:51:11 UTC
RES: How to configure UsernameTokenSignature
Werner,
>AFAIK the Secnario 3a (or 2a?) of the interop scenarios
>show ho to use the stuff.
The Problem is that the stuff is only shown with encryption etc. But I only want to use a signature base on the UsernameToken - for an implementation with Microsoft .NET.
But when I call the method of the service, the handler (PasswordCallBackHandler) is not passed.
My Handler:
<deployment xmlns="http://xml.apache.org/axis/wsdd/"
xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
<globalConfiguration >
<requestFlow>
<handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
<parameter name="action" value="UsernameTokenSignature" />
<parameter name="passwordCallbackClass" value="net.weg.service.PWCallback.java" />
</handler>
</requestFlow>
</globalConfiguration>
<transport name="java" pivot="java:org.apache.axis.transport.java.JavaSender"/>
<transport name="http" pivot="java:org.apache.axis.transport.http.HTTPSender"/>
<transport name="local" pivot="java:org.apache.axis.transport.local.LocalSender"/>
</deployment>
and thats a part of my client:
PWCallback pwCallback = new PWCallback();
ServiceInterfaceStub axisPort = (ServiceInterfaceStub)service;
axisPort._setProperty(WSHandlerConstants.USER, usuario); //fixe o usuario
axisPort._setProperty(WSHandlerConstants.PW_CALLBACK_REF,pwCallback); //fixe a classe //do handler
The Message is sent, but hasn't a Header with the UsenameToken or the Signature.
For a little bit of help,
i'm very gratefully.
STEVE
-----Mensagem original-----
De: Dittmann, Werner [mailto:werner.dittmann@siemens.com]
Enviada em: quarta-feira, 29 de junho de 2005 11:33
Para: Steve Behrendt; fx-dev@ws.apache.org
Assunto: AW: How to configure UsernameTokenSignature
Steve,
AFAIK the Secnario 3a (or 2a?) of the interop scenarios
show ho to use the stuff.
We've not fully tested interop with Microsoft or others.
Regards,
Werner
> -----Ursprüngliche Nachricht-----
> Von: Steve Behrendt [mailto:steve@weg.com.br]
> Gesendet: Mittwoch, 29. Juni 2005 14:36
> An: fx-dev@ws.apache.org
> Betreff: RES: How to configure UsernameTokenSignature
>
>
> Hi,
>
> Is there now an existing implementation of the
> UsernameTokenSignature "Problem"?
> Because my implementation is using only a UsernameToken and I
> want to implement more security, but without using keys.
>
> Greets,
> Steve
>
> -----Mensagem original-----
> De: Davanum Srinivas [mailto:davanum@gmail.com]
> Enviada em: terça-feira, 21 de junho de 2005 10:53
> Para: Dittmann, Werner
> Cc: Granqvist, Hans; fx-dev@ws.apache.org
> Assunto: Re: How to configure UsernameTokenSignature
>
>
> Hi Werner,
>
> updated the specs directory. Please take a look and let me know if you
> need something else.
>
> -- dims
>
> On 6/21/05, Dittmann, Werner <we...@siemens.com> wrote:
> > Hans,
> >
> > are the drafts publicly available? Can't find
> > them on the OASIS WSS pages.
> >
> > Regards,
> > Werner
> >
> > > -----Ursprüngliche Nachricht-----
> > > Von: Granqvist, Hans [mailto:hgranqvist@verisign.com]
> > > Gesendet: Montag, 20. Juni 2005 17:31
> > > An: fx-dev@ws.apache.org
> > > Betreff: RE: How to configure UsernameTokenSignature
> > >
> > >
> > > > <quote>
> > > > The Username Token profile does not currently define a key
> > > > derivation algorithm. The OASIS WSS TC is expected to address
> > > > this issue in a subsequent specification. </quote>
> > >
> > > The latest (March 2005 and onward) WSS 1.1 draft of the
> > > UsernameToken profile defines key derivation in section 4.
> > >
> > > Hans
> > >
> >
>
>
> --
> Davanum Srinivas -http://blogs.cocoondev.org/dims/
>
Re: RES: How to configure UsernameTokenSignature
Posted by Werner Dittmann <We...@t-online.de>.
Steve,
just remove the action that you don't want from the scenarios, e.g
the encrypt.
On the Callback problem: as the deployment setup overwrights the
progeamatic setup the "passwordCallbackClass parameter"
will be used by the handler. As I can see you define a java
source file here - not a class. pls check your setup and fix
it.
Regards,
Werner
Steve Behrendt schrieb:
> Werner,
>
>
>>AFAIK the Secnario 3a (or 2a?) of the interop scenarios
>>show ho to use the stuff.
>
>
> The Problem is that the stuff is only shown with encryption etc. But I only want to use a signature base on the UsernameToken - for an implementation with Microsoft .NET.
> But when I call the method of the service, the handler (PasswordCallBackHandler) is not passed.
>
> My Handler:
>
> <deployment xmlns="http://xml.apache.org/axis/wsdd/"
> xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
>
> <globalConfiguration >
> <requestFlow>
> <handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
> <parameter name="action" value="UsernameTokenSignature" />
> <parameter name="passwordCallbackClass" value="net.weg.service.PWCallback.java" />
> </handler>
> </requestFlow>
> </globalConfiguration>
>
> <transport name="java" pivot="java:org.apache.axis.transport.java.JavaSender"/>
> <transport name="http" pivot="java:org.apache.axis.transport.http.HTTPSender"/>
> <transport name="local" pivot="java:org.apache.axis.transport.local.LocalSender"/>
>
> </deployment>
>
> and thats a part of my client:
>
> PWCallback pwCallback = new PWCallback();
> ServiceInterfaceStub axisPort = (ServiceInterfaceStub)service;
>
> axisPort._setProperty(WSHandlerConstants.USER, usuario); //fixe o usuario
> axisPort._setProperty(WSHandlerConstants.PW_CALLBACK_REF,pwCallback); //fixe a classe //do handler
>
> The Message is sent, but hasn't a Header with the UsenameToken or the Signature.
>
>
> For a little bit of help,
> i'm very gratefully.
>
> STEVE
>
>
> -----Mensagem original-----
> De: Dittmann, Werner [mailto:werner.dittmann@siemens.com]
> Enviada em: quarta-feira, 29 de junho de 2005 11:33
> Para: Steve Behrendt; fx-dev@ws.apache.org
> Assunto: AW: How to configure UsernameTokenSignature
>
>
> Steve,
>
> AFAIK the Secnario 3a (or 2a?) of the interop scenarios
> show ho to use the stuff.
>
> We've not fully tested interop with Microsoft or others.
>
> Regards,
> Werner
>
>
>>-----Ursprüngliche Nachricht-----
>>Von: Steve Behrendt [mailto:steve@weg.com.br]
>>Gesendet: Mittwoch, 29. Juni 2005 14:36
>>An: fx-dev@ws.apache.org
>>Betreff: RES: How to configure UsernameTokenSignature
>>
>>
>>Hi,
>>
>>Is there now an existing implementation of the
>>UsernameTokenSignature "Problem"?
>>Because my implementation is using only a UsernameToken and I
>>want to implement more security, but without using keys.
>>
>>Greets,
>>Steve
>>
>>-----Mensagem original-----
>>De: Davanum Srinivas [mailto:davanum@gmail.com]
>>Enviada em: terça-feira, 21 de junho de 2005 10:53
>>Para: Dittmann, Werner
>>Cc: Granqvist, Hans; fx-dev@ws.apache.org
>>Assunto: Re: How to configure UsernameTokenSignature
>>
>>
>>Hi Werner,
>>
>>updated the specs directory. Please take a look and let me know if you
>>need something else.
>>
>>-- dims
>>
>>On 6/21/05, Dittmann, Werner <we...@siemens.com> wrote:
>>
>>>Hans,
>>>
>>>are the drafts publicly available? Can't find
>>>them on the OASIS WSS pages.
>>>
>>>Regards,
>>>Werner
>>>
>>>
>>>>-----Ursprüngliche Nachricht-----
>>>>Von: Granqvist, Hans [mailto:hgranqvist@verisign.com]
>>>>Gesendet: Montag, 20. Juni 2005 17:31
>>>>An: fx-dev@ws.apache.org
>>>>Betreff: RE: How to configure UsernameTokenSignature
>>>>
>>>>
>>>>
>>>>><quote>
>>>>>The Username Token profile does not currently define a key
>>>>>derivation algorithm. The OASIS WSS TC is expected to address
>>>>>this issue in a subsequent specification. </quote>
>>>>
>>>>The latest (March 2005 and onward) WSS 1.1 draft of the
>>>>UsernameToken profile defines key derivation in section 4.
>>>>
>>>>Hans
>>>>
>>>
>>
>>--
>>Davanum Srinivas -http://blogs.cocoondev.org/dims/
>>
>
>