You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-dev@axis.apache.org by Nencho Lupanov <ne...@googlemail.com> on 2007/05/08 17:31:15 UTC
TrasnportBinding with EncryptedParts
HI all,
Is it possible to use a TransportBinding with HttpsToken in a rampart
security policy
and still encrypt the body with the Encryptedelements assertion for example?
thanks,
Nencho
Re: TrasnportBinding with EncryptedParts
Posted by Nencho Lupanov <ne...@googlemail.com>.
Hi Dumindu,Kaushalye,
My point was that i am using transport binding and i still can see clear
sopa text
using tcpmonn.
So, Dumindu i know that i theory i couldn't b eable to do that but i
actually tested
this with some of the rampart policies that i attached to this mail so you
can check it if you want.
So is this a rampart bug?
Note that this is the soap message that i was able to capture with tcpmon:
POST /axis2/services/sample02 HTTP/1.1
SOAPAction: "urn:echo"
User-Agent: Axis2
Host: localhost:8080
Transfer-Encoding: chunked
Content-Type: text/xml; charset=UTF-8
562
<?xml version='1.0' encoding='UTF-8'?><soapenv:Envelope xmlns:wsa="
http://www.w3.org/2005/08/addressing" xmlns:soapenv="
http://schemas.xmlsoap.org/soap/envelope/"><soapenv:Header>
<wsse:Security xmlns:wsse="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
soapenv:mustUnderstand="1"><wsu:Timestamp xmlns:wsu="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="Timestamp-18096534"><wsu:Created>2007-05-09T14:34:09.687Z
</wsu:Created><wsu:Expires>2007-05-13T01:54:09.687Z
</wsu:Expires></wsu:Timestamp>
<wsse:UsernameToken xmlns:wsu="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="UsernameToken-4744654"><wsse:Username>alice</wsse:Username><wsse:Password
Type="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">bobPW</wsse:Password></wsse:UsernameToken></wsse:Security><wsa:To>http://localhost:8080/axis2/services/sample02</wsa:To><wsa:ReplyTo><wsa:Address>http://www.w3.org/2005/08/addressing/anonymous</wsa:Address></wsa:ReplyTo><wsa:MessageID>urn:uuid:4B8BD96A7282DD4A491178721249469</wsa:MessageID><wsa:Action>urn:echo</wsa:Action></soapenv:Header><soapenv:Body><ns1:echoxmlns:ns1="
http://sample02.policy.samples.rampart.apache.org/xsd"><param0>Helloworld</param0></ns1:echo></soapenv:Body></soapenv:Envelope>
0
You can see the whole think + the password
Thanks,
Nencho
2007/5/9, Dumindu Pallewela <pa...@gmail.com>:
>
> if the transport binding is https, you won't be able to monitor the
> soap messages with tcpmon in it's plain text format.
>
> Dumindu.
>
> On 5/9/07, Nencho Lupanov <ne...@googlemail.com> wrote:
> > Hi Manjula,
> >
> > for the transport binding yes i think the same as you,
> > but when i monitor the soap messages with tcpmon,
> > the data is not encrypted, so how exactly this transport binding
> > thing works for the confidentiality or is this some bug in the rampart
> > implementation?
> > thanks.
> >
> > Nencho
> >
> >
> > 2007/5/9, Manjula Peiris <ma...@wso2.com>:
> > >
> > > hi Nencho,
> > >
> > > I think when you are sending through a Secure transport like Https the
> > > Encryptedelements assertion is always satisfied. So no need to encrypt
> > > the body again.
> > >
> > > -Manjula.
> > >
> > >
> > > On Tue, 2007-05-08 at 18:31 +0300, Nencho Lupanov wrote:
> > > > HI all,
> > > >
> > > > Is it possible to use a TransportBinding with HttpsToken in a
> rampart
> > > > security policy
> > > > and still encrypt the body with the Encryptedelements assertion for
> > > example?
> > > > thanks,
> > > >
> > > > Nencho
> > >
> > >
> >
>
Re: TrasnportBinding with EncryptedParts
Posted by Kaushalye Kapuruge <ka...@wso2.com>.
But I think Nancho has a valid point here. Even though, for encryption
this seems not that trivial, what about SOAP message signature?
If we are to have non repudiation capabilities for messages exchanged we
still need to digitally sign messages in the message level. For example
if I'm getting a message from you via HTTPS I still need it to be signed
(e.g. Body).
Cheers,
Kaushalye
Dumindu Pallewela wrote:
> if the transport binding is https, you won't be able to monitor the
> soap messages with tcpmon in it's plain text format.
>
> Dumindu.
>
> On 5/9/07, Nencho Lupanov <ne...@googlemail.com> wrote:
>> Hi Manjula,
>>
>> for the transport binding yes i think the same as you,
>> but when i monitor the soap messages with tcpmon,
>> the data is not encrypted, so how exactly this transport binding
>> thing works for the confidentiality or is this some bug in the rampart
>> implementation?
>> thanks.
>>
>> Nencho
>>
>>
>> 2007/5/9, Manjula Peiris <ma...@wso2.com>:
>> >
>> > hi Nencho,
>> >
>> > I think when you are sending through a Secure transport like Https the
>> > Encryptedelements assertion is always satisfied. So no need to encrypt
>> > the body again.
>> >
>> > -Manjula.
>> >
>> >
>> > On Tue, 2007-05-08 at 18:31 +0300, Nencho Lupanov wrote:
>> > > HI all,
>> > >
>> > > Is it possible to use a TransportBinding with HttpsToken in a
>> rampart
>> > > security policy
>> > > and still encrypt the body with the Encryptedelements assertion for
>> > example?
>> > > thanks,
>> > >
>> > > Nencho
>> >
>> >
>>
>
Re: TrasnportBinding with EncryptedParts
Posted by Dumindu Pallewela <pa...@gmail.com>.
if the transport binding is https, you won't be able to monitor the
soap messages with tcpmon in it's plain text format.
Dumindu.
On 5/9/07, Nencho Lupanov <ne...@googlemail.com> wrote:
> Hi Manjula,
>
> for the transport binding yes i think the same as you,
> but when i monitor the soap messages with tcpmon,
> the data is not encrypted, so how exactly this transport binding
> thing works for the confidentiality or is this some bug in the rampart
> implementation?
> thanks.
>
> Nencho
>
>
> 2007/5/9, Manjula Peiris <ma...@wso2.com>:
> >
> > hi Nencho,
> >
> > I think when you are sending through a Secure transport like Https the
> > Encryptedelements assertion is always satisfied. So no need to encrypt
> > the body again.
> >
> > -Manjula.
> >
> >
> > On Tue, 2007-05-08 at 18:31 +0300, Nencho Lupanov wrote:
> > > HI all,
> > >
> > > Is it possible to use a TransportBinding with HttpsToken in a rampart
> > > security policy
> > > and still encrypt the body with the Encryptedelements assertion for
> > example?
> > > thanks,
> > >
> > > Nencho
> >
> >
>
Re: TrasnportBinding with EncryptedParts
Posted by Nencho Lupanov <ne...@googlemail.com>.
Hi Manjula,
for the transport binding yes i think the same as you,
but when i monitor the soap messages with tcpmon,
the data is not encrypted, so how exactly this transport binding
thing works for the confidentiality or is this some bug in the rampart
implementation?
thanks.
Nencho
2007/5/9, Manjula Peiris <ma...@wso2.com>:
>
> hi Nencho,
>
> I think when you are sending through a Secure transport like Https the
> Encryptedelements assertion is always satisfied. So no need to encrypt
> the body again.
>
> -Manjula.
>
>
> On Tue, 2007-05-08 at 18:31 +0300, Nencho Lupanov wrote:
> > HI all,
> >
> > Is it possible to use a TransportBinding with HttpsToken in a rampart
> > security policy
> > and still encrypt the body with the Encryptedelements assertion for
> example?
> > thanks,
> >
> > Nencho
>
>
Re: TrasnportBinding with EncryptedParts
Posted by Manjula Peiris <ma...@wso2.com>.
hi Nencho,
I think when you are sending through a Secure transport like Https the
Encryptedelements assertion is always satisfied. So no need to encrypt
the body again.
-Manjula.
On Tue, 2007-05-08 at 18:31 +0300, Nencho Lupanov wrote:
> HI all,
>
> Is it possible to use a TransportBinding with HttpsToken in a rampart
> security policy
> and still encrypt the body with the Encryptedelements assertion for example?
> thanks,
>
> Nencho