You are viewing a plain text version of this content. The canonical link for it is here.
Posted to wss4j-dev@ws.apache.org by Shawn McKinney <sm...@sbcglobal.net> on 2005/10/20 16:20:32 UTC
WSDoAllReceiver on WAS 6
Has anyone tested WSS4J on WAS6? We're running WAS6
on various platforms and this issue has cropped up on
AIX and Linux.
First the specifics -
Websphere version: 6 no fixpacks applied
WSS4J version: 1.1.0
Axis version: 1.2
I've trimmed down my test to simply place a username
token in the SOAP header using WSDoAllSender. Client
.wsdd below:
<handler
type="java:org.apache.ws.axis.security.WSDoAllSender"
>
<parameter name="action" value="UsernameToken"/>
<parameter name="passwordCallbackClass"
value="com.fnf.xes.framework.axis.security.client.PWClientCallback"/>
<parameter name="passwordType"
value="PasswordText" />
</handler>
The server has been similarly configured on the
WSDoAllReceiver side:
<requestFlow name="XESSecurity">
<handler
type="java:org.apache.ws.axis.security.WSDoAllReceiver">
<parameter name="passwordCallbackClass"
value="com.fnf.xes.framework.axis.security.server.PWServerCallback"/>
<parameter name="action" value="UsernameToken"/>
</handler>
When I run a test I get the following error back from
Axis:
WSDoAllReceiver: Request does not contain required
Security header
at
org.apache.axis.message.SOAPFaultBuilder.createFault(SOAPFaultBuilder.java:221)
at
org.apache.axis.message.SOAPFaultBuilder.endElement(SOAPFaultBuilder.java:128)
at
org.apache.axis.encoding.DeserializationContext.endElement(DeserializationContext.java:1087)
at
org.apache.crimson.parser.Parser2.maybeElement(Parser2.java:1712)
at
org.apache.crimson.parser.Parser2.content(Parser2.java:1963)
at
org.apache.crimson.parser.Parser2.maybeElement(Parser2.java:1691)
at
org.apache.crimson.parser.Parser2.content(Parser2.java:1963)
at
org.apache.crimson.parser.Parser2.maybeElement(Parser2.java:1691)
at
org.apache.crimson.parser.Parser2.parseInternal(Parser2.java:667)
at
org.apache.crimson.parser.Parser2.parse(Parser2.java:337)
at
org.apache.crimson.parser.XMLReaderImpl.parse(XMLReaderImpl.java:448)
at
javax.xml.parsers.SAXParser.parse(SAXParser.java:345)
at
org.apache.axis.encoding.DeserializationContext.parse(DeserializationContext.java:227)
at
org.apache.axis.SOAPPart.getAsSOAPEnvelope(SOAPPart.java:696)
at
org.apache.axis.Message.getSOAPEnvelope(Message.java:424)
at
org.apache.axis.handlers.soap.MustUnderstandChecker.invoke(MustUnderstandChecker.java:62)
at
org.apache.axis.client.AxisClient.invoke(AxisClient.java:206)
at
org.apache.axis.client.Call.invokeEngine(Call.java:2765)
at
org.apache.axis.client.Call.invoke(Call.java:2748)
at
org.apache.axis.client.Call.invoke(Call.java:1784)
at
samples.message.TestIFXMsg.doit(TestIFXMsg.java:162)
at
samples.message.TestIFXMsg.main(TestIFXMsg.java:184)
I know the username token is being placed in the
message as I am running the request through the tpMon
tool. Here is the request trace (w/out soap body):
POST /axis2/services/IFXService2 HTTP/1.0
Content-Type: text/xml; charset=utf-8
Accept: application/soap+xml, application/dime,
multipart/related, text/*
User-Agent: Axis/1.2
Host: 10.132.226.12:80
Cache-Control: no-cache
Pragma: no-cache
SOAPAction: ""
Content-Length: 2197
<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<soapenv:Header>
<wsse:Security
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
soapenv:mustUnderstand="1">
<wsse:UsernameToken><wsse:Username>jefadmin</wsse:Username><wsse:Password
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">trusted</wsse:Password></wsse:UsernameToken></wsse:Security></soapenv:Header>
Anybody have an idea of what is going wrong here? I
can run the same message through Axis & WSS4J on WAS
5.1.1 w/out any problems whatsover.
Thanks,
Shawn McKinney
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: WSDoAllReceiver on WAS 6
Posted by Shawn McKinney <sm...@sbcglobal.net>.
--- Werner Dittmann wrote:
> pls have a look at the FAQ, this is the known
> problem
> with the Crimson parse. Thes parser has problems
> with its namespace implementation. Pls try to use
> Xerces
> instead.
Werner - that fixed it! I am curious why IBM would be
using the Sun parser in WAS 6. Thanks very much for
your reply.
Shawn
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: WSDoAllReceiver on WAS 6
Posted by Shawn McKinney <sm...@sbcglobal.net>.
--- Werner Dittmann wrote:
> pls have a look at the FAQ, this is the known
> problem
> with the Crimson parse. Thes parser has problems
> with its namespace implementation. Pls try to use
> Xerces
> instead.
Werner - that fixed it! I am curious why IBM would be
using the Sun parser in WAS 6. Thanks very much for
your reply.
Shawn
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: WSDoAllReceiver on WAS 6
Posted by Werner Dittmann <We...@t-online.de>.
Shawn,
pls have a look at the FAQ, this is the known problem
with the Crimson parse. Thes parser has problems
with its namespace implementation. Pls try to use Xerces
instead.
Regards,
Werner
Shawn McKinney wrote:
> Has anyone tested WSS4J on WAS6? We're running WAS6
> on various platforms and this issue has cropped up on
> AIX and Linux.
>
> First the specifics -
>
> Websphere version: 6 no fixpacks applied
> WSS4J version: 1.1.0
> Axis version: 1.2
>
> I've trimmed down my test to simply place a username
> token in the SOAP header using WSDoAllSender. Client
> .wsdd below:
>
> <handler
> type="java:org.apache.ws.axis.security.WSDoAllSender"
>
> <parameter name="action" value="UsernameToken"/>
> <parameter name="passwordCallbackClass"
> value="com.fnf.xes.framework.axis.security.client.PWClientCallback"/>
> <parameter name="passwordType"
> value="PasswordText" />
> </handler>
>
> The server has been similarly configured on the
> WSDoAllReceiver side:
>
> <requestFlow name="XESSecurity">
> <handler
> type="java:org.apache.ws.axis.security.WSDoAllReceiver">
> <parameter name="passwordCallbackClass"
> value="com.fnf.xes.framework.axis.security.server.PWServerCallback"/>
> <parameter name="action" value="UsernameToken"/>
> </handler>
>
>
> When I run a test I get the following error back from
> Axis:
>
> WSDoAllReceiver: Request does not contain required
> Security header
> at
> org.apache.axis.message.SOAPFaultBuilder.createFault(SOAPFaultBuilder.java:221)
> at
> org.apache.axis.message.SOAPFaultBuilder.endElement(SOAPFaultBuilder.java:128)
> at
> org.apache.axis.encoding.DeserializationContext.endElement(DeserializationContext.java:1087)
> at
> org.apache.crimson.parser.Parser2.maybeElement(Parser2.java:1712)
> at
> org.apache.crimson.parser.Parser2.content(Parser2.java:1963)
> at
> org.apache.crimson.parser.Parser2.maybeElement(Parser2.java:1691)
> at
> org.apache.crimson.parser.Parser2.content(Parser2.java:1963)
> at
> org.apache.crimson.parser.Parser2.maybeElement(Parser2.java:1691)
> at
> org.apache.crimson.parser.Parser2.parseInternal(Parser2.java:667)
> at
> org.apache.crimson.parser.Parser2.parse(Parser2.java:337)
> at
> org.apache.crimson.parser.XMLReaderImpl.parse(XMLReaderImpl.java:448)
> at
> javax.xml.parsers.SAXParser.parse(SAXParser.java:345)
> at
> org.apache.axis.encoding.DeserializationContext.parse(DeserializationContext.java:227)
> at
> org.apache.axis.SOAPPart.getAsSOAPEnvelope(SOAPPart.java:696)
> at
> org.apache.axis.Message.getSOAPEnvelope(Message.java:424)
> at
> org.apache.axis.handlers.soap.MustUnderstandChecker.invoke(MustUnderstandChecker.java:62)
> at
> org.apache.axis.client.AxisClient.invoke(AxisClient.java:206)
> at
> org.apache.axis.client.Call.invokeEngine(Call.java:2765)
> at
> org.apache.axis.client.Call.invoke(Call.java:2748)
> at
> org.apache.axis.client.Call.invoke(Call.java:1784)
> at
> samples.message.TestIFXMsg.doit(TestIFXMsg.java:162)
> at
> samples.message.TestIFXMsg.main(TestIFXMsg.java:184)
>
> I know the username token is being placed in the
> message as I am running the request through the tpMon
> tool. Here is the request trace (w/out soap body):
>
> POST /axis2/services/IFXService2 HTTP/1.0
> Content-Type: text/xml; charset=utf-8
> Accept: application/soap+xml, application/dime,
> multipart/related, text/*
> User-Agent: Axis/1.2
> Host: 10.132.226.12:80
> Cache-Control: no-cache
> Pragma: no-cache
> SOAPAction: ""
> Content-Length: 2197
>
> <?xml version="1.0" encoding="UTF-8"?>
> <soapenv:Envelope
> xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
> <soapenv:Header>
> <wsse:Security
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
> soapenv:mustUnderstand="1">
> <wsse:UsernameToken><wsse:Username>jefadmin</wsse:Username><wsse:Password
> Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">trusted</wsse:Password></wsse:UsernameToken></wsse:Security></soapenv:Header>
>
> Anybody have an idea of what is going wrong here? I
> can run the same message through Axis & WSS4J on WAS
> 5.1.1 w/out any problems whatsover.
>
> Thanks,
>
> Shawn McKinney
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: WSDoAllReceiver on WAS 6
Posted by Werner Dittmann <We...@t-online.de>.
Shawn,
pls have a look at the FAQ, this is the known problem
with the Crimson parse. Thes parser has problems
with its namespace implementation. Pls try to use Xerces
instead.
Regards,
Werner
Shawn McKinney wrote:
> Has anyone tested WSS4J on WAS6? We're running WAS6
> on various platforms and this issue has cropped up on
> AIX and Linux.
>
> First the specifics -
>
> Websphere version: 6 no fixpacks applied
> WSS4J version: 1.1.0
> Axis version: 1.2
>
> I've trimmed down my test to simply place a username
> token in the SOAP header using WSDoAllSender. Client
> .wsdd below:
>
> <handler
> type="java:org.apache.ws.axis.security.WSDoAllSender"
>
> <parameter name="action" value="UsernameToken"/>
> <parameter name="passwordCallbackClass"
> value="com.fnf.xes.framework.axis.security.client.PWClientCallback"/>
> <parameter name="passwordType"
> value="PasswordText" />
> </handler>
>
> The server has been similarly configured on the
> WSDoAllReceiver side:
>
> <requestFlow name="XESSecurity">
> <handler
> type="java:org.apache.ws.axis.security.WSDoAllReceiver">
> <parameter name="passwordCallbackClass"
> value="com.fnf.xes.framework.axis.security.server.PWServerCallback"/>
> <parameter name="action" value="UsernameToken"/>
> </handler>
>
>
> When I run a test I get the following error back from
> Axis:
>
> WSDoAllReceiver: Request does not contain required
> Security header
> at
> org.apache.axis.message.SOAPFaultBuilder.createFault(SOAPFaultBuilder.java:221)
> at
> org.apache.axis.message.SOAPFaultBuilder.endElement(SOAPFaultBuilder.java:128)
> at
> org.apache.axis.encoding.DeserializationContext.endElement(DeserializationContext.java:1087)
> at
> org.apache.crimson.parser.Parser2.maybeElement(Parser2.java:1712)
> at
> org.apache.crimson.parser.Parser2.content(Parser2.java:1963)
> at
> org.apache.crimson.parser.Parser2.maybeElement(Parser2.java:1691)
> at
> org.apache.crimson.parser.Parser2.content(Parser2.java:1963)
> at
> org.apache.crimson.parser.Parser2.maybeElement(Parser2.java:1691)
> at
> org.apache.crimson.parser.Parser2.parseInternal(Parser2.java:667)
> at
> org.apache.crimson.parser.Parser2.parse(Parser2.java:337)
> at
> org.apache.crimson.parser.XMLReaderImpl.parse(XMLReaderImpl.java:448)
> at
> javax.xml.parsers.SAXParser.parse(SAXParser.java:345)
> at
> org.apache.axis.encoding.DeserializationContext.parse(DeserializationContext.java:227)
> at
> org.apache.axis.SOAPPart.getAsSOAPEnvelope(SOAPPart.java:696)
> at
> org.apache.axis.Message.getSOAPEnvelope(Message.java:424)
> at
> org.apache.axis.handlers.soap.MustUnderstandChecker.invoke(MustUnderstandChecker.java:62)
> at
> org.apache.axis.client.AxisClient.invoke(AxisClient.java:206)
> at
> org.apache.axis.client.Call.invokeEngine(Call.java:2765)
> at
> org.apache.axis.client.Call.invoke(Call.java:2748)
> at
> org.apache.axis.client.Call.invoke(Call.java:1784)
> at
> samples.message.TestIFXMsg.doit(TestIFXMsg.java:162)
> at
> samples.message.TestIFXMsg.main(TestIFXMsg.java:184)
>
> I know the username token is being placed in the
> message as I am running the request through the tpMon
> tool. Here is the request trace (w/out soap body):
>
> POST /axis2/services/IFXService2 HTTP/1.0
> Content-Type: text/xml; charset=utf-8
> Accept: application/soap+xml, application/dime,
> multipart/related, text/*
> User-Agent: Axis/1.2
> Host: 10.132.226.12:80
> Cache-Control: no-cache
> Pragma: no-cache
> SOAPAction: ""
> Content-Length: 2197
>
> <?xml version="1.0" encoding="UTF-8"?>
> <soapenv:Envelope
> xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
> <soapenv:Header>
> <wsse:Security
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
> soapenv:mustUnderstand="1">
> <wsse:UsernameToken><wsse:Username>jefadmin</wsse:Username><wsse:Password
> Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">trusted</wsse:Password></wsse:UsernameToken></wsse:Security></soapenv:Header>
>
> Anybody have an idea of what is going wrong here? I
> can run the same message through Axis & WSS4J on WAS
> 5.1.1 w/out any problems whatsover.
>
> Thanks,
>
> Shawn McKinney
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: Question on WSS4J 1.5 Crypto Provider Configuration
Posted by José Ferreiro <jo...@gmail.com>.
Hello Santosh,
Your line:
<wsse:UsernameToken xmlns:wsu="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="SecurityToken-9e141676-2400-4c6d-ab87-1d5af61729b3">
is based on the namespace:
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
you may open the URL by double clicking in the link:
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
By reading the provided documentation it follows that the attribute ID:
<xsd:attribute name="Id" type="xsd:ID">
<xsd:annotation>
<xsd:documentation>This global attribute supports annotating
arbitrary elements with an ID.</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
Then we may conclude that this type defines the fault code value for
Timestamp message expiration
(wsu:Id="SecurityToken-9e141676-2400-4c6d-ab87-1d5af61729b3).
Hope this helps.
Jose Ferreiro
On 7/20/08, Werner Dittmann <We...@t-online.de> wrote:
>
> Strange - same mail with different subjects - what do intend here?
>
> Regards,
> Werner
>
> sh_santosh schrieb:
>
>>
>>
>> Dear all,
>>
>> Hi Jose / all,
>>
>> just one word away.
>>
>> I am NOT able generate
>> 'SecurityToken-9e141676-2400-4c6d-ab87-1d5af61729b3' inside the
>> wsse:UsernameToken tag.
>> In place of this i am able to generate only '
>> wsu:Id="UsernameToken-2691004"
>> '
>>
>> <wsse:UsernameToken
>> xmlns:wsu="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
>> "
>>
>> wsu:Id="SecurityToken-9e141676-2400-4c6d-ab87-1d5af61729b3">
>>
>> What is this 'SecurityToken-9e141676-2400-4c6d-ab87-1d5af61729b3' ?
>>
>> How can I generate it in Java (using Axis 1.3 and wss4j) ?
>>
>> Required Security Header by other end( .Net WSE 3.0) ----
>>
>> <?xml version="1.0" encoding="utf-8"?>
>> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
>> xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
>> xmlns:wsse="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
>> "
>> xmlns:wsu="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
>> ">
>> <soap:Header>
>> <wsa:Action>
>> http://www.test.com/api/ws/internal/testInfo
>> </wsa:Action>
>> <wsa:MessageID>
>> urn:uuid:ca7e475b-484a-4bb8-974f-eb573438bb43
>> </wsa:MessageID>
>> <wsa:ReplyTo>
>> <wsa:Address>
>>
>> http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
>> </wsa:Address>
>> </wsa:ReplyTo>
>> <wsa:To>
>> http://localhost:8080/testapi/testwsapi.asmx
>> </wsa:To>
>> <wsse:Security soap:mustUnderstand="1">
>> <wsu:Timestamp
>>
>> wsu:Id="Timestamp-c70b72e2-561c-4b18-bc4b-acf8c3896b14">
>>
>> <wsu:Created>2008-02-28T15:33:56Z</wsu:Created>
>>
>> <wsu:Expires>2008-02-28T15:38:56Z</wsu:Expires>
>> </wsu:Timestamp>
>> <wsse:UsernameToken
>> xmlns:wsu="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
>> "
>>
>> wsu:Id="SecurityToken-9e141676-2400-4c6d-ab87-1d5af61729b3">
>> <wsse:Username>santosh.ncstk@gmail.com
>> </wsse:Username>
>> <wsse:Password
>> Type="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText
>> ">
>> SomePassword
>> </wsse:Password>
>>
>> <wsse:Nonce>5SImW1gykzSPdeiWzcCdaQ==</wsse:Nonce>
>>
>> <wsu:Created>2008-02-28T15:33:56Z</wsu:Created>
>> </wsse:UsernameToken>
>> </wsse:Security>
>> </soap:Header>
>> <soap:Body>
>> <SAN_Info
>> xmlns="http://www.test.com/api/testing/ws/internal
>> ">
>> <SAN_Request VendorId="TestVendor"
>> VendorPassword="SomePassword"
>> xmlns="
>> http://www.test.com/api/testing/testinforequest">
>> <Brand>SANBUS</Brand>
>> <TourCode>GE</TourCode>
>> <Code>80135</Code>
>> </SAN_Request>
>> </SAN_Info>
>> </soap:Body>
>> </soap:Envelope>
>>
>> Generated Security header By my side (Java- Axis 1.3 and wss4j
>> )-----------------
>> <?xml version="1.0" encoding="UTF-8"?>
>> <soapenv:Envelope
>> xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
>> xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
>> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
>> <soapenv:Header>
>> <wsse:Security
>> xmlns:wsse="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
>> "
>> soapenv:mustUnderstand="1">
>> <wsse:UsernameToken
>> xmlns:wsu="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
>> "
>> wsu:Id="UsernameToken-2691004">
>> <wsse:Username>
>> santosh.ncstk@gmail.com
>> </wsse:Username>
>> <wsse:Password
>> Type="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText
>> ">
>> SomePassword
>> </wsse:Password>
>>
>> <wsse:Nonce>bGmGuPDxQw2kkR5R0zC/hA==</wsse:Nonce>
>>
>> <wsu:Created>2008-07-10T16:46:47.046Z</wsu:Created>
>> </wsse:UsernameToken>
>> <wsu:Timestamp
>> xmlns:wsu="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
>> "
>> wsu:Id="Timestamp-25899876">
>>
>> <wsu:Created>2008-07-10T16:46:47.015Z</wsu:Created>
>>
>> <wsu:Expires>2008-07-10T16:51:47.015Z</wsu:Expires>
>> </wsu:Timestamp>
>> </wsse:Security>
>> <wsa:MessageID soapenv:mustUnderstand="0">
>> uuid:c83b29b0-4e9f-11dd-8e1f-d019b0e90563
>> </wsa:MessageID>
>> <wsa:To soapenv:mustUnderstand="0">
>> http://localhost:8080/testapi/testwsapi.asmx
>> </wsa:To>
>> <wsa:Action soapenv:mustUnderstand="0">
>> http://www.test.com/api/testing/testinforequest
>> </wsa:Action>
>> <wsa:From soapenv:mustUnderstand="0">
>> <wsa:Address>
>>
>> http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
>> </wsa:Address>
>> </wsa:From>
>> <wsa:ReplyTo soapenv:mustUnderstand="0">
>> <wsa:Address>
>>
>> http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
>> </wsa:Address>
>> </wsa:ReplyTo>
>> </soapenv:Header>
>> <soapenv:Body>
>> <SAN_Info
>> xmlns="http://www.test.com/api/testing/ws/internal
>> ">
>> <SAN_Request VendorId="TestVendor"
>> VendorPassword="SomePassword"
>> xmlns="
>> http://www.test.com/api/testing/testinforequest">
>> <Brand>SANBUS</Brand>
>> <TourCode>GE</TourCode>
>> <Code>80135</Code>
>> </SAN_Request>
>> </SAN_Info>
>> </soapenv:Body>
>> </soapenv:Envelope>
>>
>>
>> My client-config.wsdd ---------
>>
>> <?xml version="1.0" encoding="UTF-8"?>
>> <deployment xmlns="http://xml.apache.org/axis/wsdd/"
>> xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
>> <transport name="http"
>> pivot="java:org.apache.axis.transport.http.HTTPSender"/>
>> <globalConfiguration>
>> <requestFlow>
>> <handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
>> <parameter name="action" value="Timestamp UsernameToken"/>
>> <parameter name="user" value="santosh.ncstk@gmail.com"/>
>> <parameter name="passwordCallbackClass"
>> value="com.api.testing.ws.internal.PWCallback"/>
>> <parameter name="passwordType" value="PasswordText"/>
>> <parameter name="password" value="ppx13Z11"/>
>> <parameter name="mustUnderstand" value="true" />
>> <parameter name="addUTElements" value="Nonce Created"/>
>> </handler>
>> </requestFlow>
>> </globalConfiguration>
>> </deployment>
>>
>>
>> By seeing the security header, we can say that it is
>> username-token-profile-1.0.
>>
>> How to solve this.
>>
>>
>>
>> Please help me.
>>
>>
>>
>> Regards
>> Santosh
>>
>>
>>
>>
>>
>> Shawn McKinney wrote:
>>
>>> Hello,
>>>
>>> I have question:
>>> How do (can) we change the default crypto provider
>>> used by WSS4J for a particular Java runtime instance?
>>>
>>> We are using WSS4J 1.5 and would like to enable WSS4J
>>> to use the default crypto provider provided by Sun or
>>> IBM in a Java runtime. The idea here is we want to
>>> make it as easy as possible for our developers to test
>>> transactions using WS-Security running in Axis.
>>> We run Axis/WSS4J in JBoss, Tomcat and Websphere
>>> containers and would like to be able to test using the
>>> standard providers found in either JVM implementation
>>> without having to configure the BouncyCastle provider.
>>>
>>> Please note the aim here isn't to phase out or replace
>>> our use of BouncyCastle provider in production as we
>>> are quite happy with its capabilities. Rather we want
>>> to remove a step (steamline setup) for developers that
>>> want to test using our security configuration.
>>>
>>> Our default client-side configuration is to enable
>>> Username token, ecrypted:
>>>
>>> <parameter name="action" value="UsernameToken Encrypt
>>> Timestamp"/>
>>>
>>> Thanks in advance for your reply.
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
>>> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>>>
>>>
>>>
>>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
>
Re: Question on WSS4J 1.5 Crypto Provider Configuration
Posted by Werner Dittmann <We...@t-online.de>.
Strange - same mail with different subjects - what do intend here?
Regards,
Werner
sh_santosh schrieb:
>
>
> Dear all,
>
> Hi Jose / all,
>
> just one word away.
>
> I am NOT able generate 'SecurityToken-9e141676-2400-4c6d-ab87-1d5af61729b3'
> inside the wsse:UsernameToken tag.
> In place of this i am able to generate only ' wsu:Id="UsernameToken-2691004"
> '
>
> <wsse:UsernameToken
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
>
> wsu:Id="SecurityToken-9e141676-2400-4c6d-ab87-1d5af61729b3">
>
> What is this 'SecurityToken-9e141676-2400-4c6d-ab87-1d5af61729b3' ?
>
> How can I generate it in Java (using Axis 1.3 and wss4j) ?
>
> Required Security Header by other end( .Net WSE 3.0) ----
>
> <?xml version="1.0" encoding="utf-8"?>
> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
> xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
>
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
>
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
> <soap:Header>
> <wsa:Action>
> http://www.test.com/api/ws/internal/testInfo
> </wsa:Action>
> <wsa:MessageID>
> urn:uuid:ca7e475b-484a-4bb8-974f-eb573438bb43
> </wsa:MessageID>
> <wsa:ReplyTo>
> <wsa:Address>
>
> http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
> </wsa:Address>
> </wsa:ReplyTo>
> <wsa:To>
> http://localhost:8080/testapi/testwsapi.asmx
> </wsa:To>
> <wsse:Security soap:mustUnderstand="1">
> <wsu:Timestamp
>
> wsu:Id="Timestamp-c70b72e2-561c-4b18-bc4b-acf8c3896b14">
>
> <wsu:Created>2008-02-28T15:33:56Z</wsu:Created>
>
> <wsu:Expires>2008-02-28T15:38:56Z</wsu:Expires>
> </wsu:Timestamp>
> <wsse:UsernameToken
>
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
>
> wsu:Id="SecurityToken-9e141676-2400-4c6d-ab87-1d5af61729b3">
>
> <wsse:Username>santosh.ncstk@gmail.com</wsse:Username>
> <wsse:Password
>
> Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">
> SomePassword
> </wsse:Password>
>
> <wsse:Nonce>5SImW1gykzSPdeiWzcCdaQ==</wsse:Nonce>
>
> <wsu:Created>2008-02-28T15:33:56Z</wsu:Created>
> </wsse:UsernameToken>
> </wsse:Security>
> </soap:Header>
> <soap:Body>
> <SAN_Info
> xmlns="http://www.test.com/api/testing/ws/internal">
> <SAN_Request VendorId="TestVendor"
> VendorPassword="SomePassword"
>
> xmlns="http://www.test.com/api/testing/testinforequest">
> <Brand>SANBUS</Brand>
> <TourCode>GE</TourCode>
> <Code>80135</Code>
> </SAN_Request>
> </SAN_Info>
> </soap:Body>
> </soap:Envelope>
>
> Generated Security header By my side (Java- Axis 1.3 and wss4j
> )-----------------
>
> <?xml version="1.0" encoding="UTF-8"?>
> <soapenv:Envelope
> xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
> xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
> <soapenv:Header>
> <wsse:Security
>
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
> soapenv:mustUnderstand="1">
> <wsse:UsernameToken
>
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
> wsu:Id="UsernameToken-2691004">
> <wsse:Username>
> santosh.ncstk@gmail.com
> </wsse:Username>
> <wsse:Password
>
> Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">
> SomePassword
> </wsse:Password>
>
> <wsse:Nonce>bGmGuPDxQw2kkR5R0zC/hA==</wsse:Nonce>
>
> <wsu:Created>2008-07-10T16:46:47.046Z</wsu:Created>
> </wsse:UsernameToken>
> <wsu:Timestamp
>
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
> wsu:Id="Timestamp-25899876">
>
> <wsu:Created>2008-07-10T16:46:47.015Z</wsu:Created>
>
> <wsu:Expires>2008-07-10T16:51:47.015Z</wsu:Expires>
> </wsu:Timestamp>
> </wsse:Security>
> <wsa:MessageID soapenv:mustUnderstand="0">
> uuid:c83b29b0-4e9f-11dd-8e1f-d019b0e90563
> </wsa:MessageID>
> <wsa:To soapenv:mustUnderstand="0">
> http://localhost:8080/testapi/testwsapi.asmx
> </wsa:To>
> <wsa:Action soapenv:mustUnderstand="0">
> http://www.test.com/api/testing/testinforequest
> </wsa:Action>
> <wsa:From soapenv:mustUnderstand="0">
> <wsa:Address>
>
> http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
> </wsa:Address>
> </wsa:From>
> <wsa:ReplyTo soapenv:mustUnderstand="0">
> <wsa:Address>
>
> http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
> </wsa:Address>
> </wsa:ReplyTo>
> </soapenv:Header>
> <soapenv:Body>
> <SAN_Info
> xmlns="http://www.test.com/api/testing/ws/internal">
> <SAN_Request VendorId="TestVendor"
> VendorPassword="SomePassword"
>
> xmlns="http://www.test.com/api/testing/testinforequest">
> <Brand>SANBUS</Brand>
> <TourCode>GE</TourCode>
> <Code>80135</Code>
> </SAN_Request>
> </SAN_Info>
> </soapenv:Body>
> </soapenv:Envelope>
>
>
> My client-config.wsdd ---------
>
> <?xml version="1.0" encoding="UTF-8"?>
> <deployment xmlns="http://xml.apache.org/axis/wsdd/"
> xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
> <transport name="http"
> pivot="java:org.apache.axis.transport.http.HTTPSender"/>
> <globalConfiguration>
> <requestFlow>
> <handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
> <parameter name="action" value="Timestamp UsernameToken"/>
> <parameter name="user" value="santosh.ncstk@gmail.com"/>
> <parameter name="passwordCallbackClass"
> value="com.api.testing.ws.internal.PWCallback"/>
> <parameter name="passwordType" value="PasswordText"/>
> <parameter name="password" value="ppx13Z11"/>
> <parameter name="mustUnderstand" value="true" />
> <parameter name="addUTElements" value="Nonce Created"/>
> </handler>
> </requestFlow>
> </globalConfiguration>
> </deployment>
>
>
> By seeing the security header, we can say that it is
> username-token-profile-1.0.
>
> How to solve this.
>
>
>
> Please help me.
>
>
>
> Regards
> Santosh
>
>
>
>
>
>
> Shawn McKinney wrote:
>> Hello,
>>
>> I have question:
>>
>> How do (can) we change the default crypto provider
>> used by WSS4J for a particular Java runtime instance?
>>
>>
>> We are using WSS4J 1.5 and would like to enable WSS4J
>> to use the default crypto provider provided by Sun or
>> IBM in a Java runtime. The idea here is we want to
>> make it as easy as possible for our developers to test
>> transactions using WS-Security running in Axis.
>>
>> We run Axis/WSS4J in JBoss, Tomcat and Websphere
>> containers and would like to be able to test using the
>> standard providers found in either JVM implementation
>> without having to configure the BouncyCastle provider.
>>
>> Please note the aim here isn't to phase out or replace
>> our use of BouncyCastle provider in production as we
>> are quite happy with its capabilities. Rather we want
>> to remove a step (steamline setup) for developers that
>> want to test using our security configuration.
>>
>> Our default client-side configuration is to enable
>> Username token, ecrypted:
>>
>> <parameter name="action" value="UsernameToken Encrypt
>> Timestamp"/>
>>
>> Thanks in advance for your reply.
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
>> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>>
>>
>>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: Question on WSS4J 1.5 Crypto Provider Configuration
Posted by sh_santosh <sa...@gmail.com>.
Dear all,
Hi Jose / all,
just one word away.
I am NOT able generate 'SecurityToken-9e141676-2400-4c6d-ab87-1d5af61729b3'
inside the wsse:UsernameToken tag.
In place of this i am able to generate only ' wsu:Id="UsernameToken-2691004"
'
<wsse:UsernameToken
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="SecurityToken-9e141676-2400-4c6d-ab87-1d5af61729b3">
What is this 'SecurityToken-9e141676-2400-4c6d-ab87-1d5af61729b3' ?
How can I generate it in Java (using Axis 1.3 and wss4j) ?
Required Security Header by other end( .Net WSE 3.0) ----
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<soap:Header>
<wsa:Action>
http://www.test.com/api/ws/internal/testInfo
</wsa:Action>
<wsa:MessageID>
urn:uuid:ca7e475b-484a-4bb8-974f-eb573438bb43
</wsa:MessageID>
<wsa:ReplyTo>
<wsa:Address>
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
</wsa:Address>
</wsa:ReplyTo>
<wsa:To>
http://localhost:8080/testapi/testwsapi.asmx
</wsa:To>
<wsse:Security soap:mustUnderstand="1">
<wsu:Timestamp
wsu:Id="Timestamp-c70b72e2-561c-4b18-bc4b-acf8c3896b14">
<wsu:Created>2008-02-28T15:33:56Z</wsu:Created>
<wsu:Expires>2008-02-28T15:38:56Z</wsu:Expires>
</wsu:Timestamp>
<wsse:UsernameToken
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="SecurityToken-9e141676-2400-4c6d-ab87-1d5af61729b3">
<wsse:Username>santosh.ncstk@gmail.com</wsse:Username>
<wsse:Password
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">
SomePassword
</wsse:Password>
<wsse:Nonce>5SImW1gykzSPdeiWzcCdaQ==</wsse:Nonce>
<wsu:Created>2008-02-28T15:33:56Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
</soap:Header>
<soap:Body>
<SAN_Info
xmlns="http://www.test.com/api/testing/ws/internal">
<SAN_Request VendorId="TestVendor"
VendorPassword="SomePassword"
xmlns="http://www.test.com/api/testing/testinforequest">
<Brand>SANBUS</Brand>
<TourCode>GE</TourCode>
<Code>80135</Code>
</SAN_Request>
</SAN_Info>
</soap:Body>
</soap:Envelope>
Generated Security header By my side (Java- Axis 1.3 and wss4j
)-----------------
<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<soapenv:Header>
<wsse:Security
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
soapenv:mustUnderstand="1">
<wsse:UsernameToken
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="UsernameToken-2691004">
<wsse:Username>
santosh.ncstk@gmail.com
</wsse:Username>
<wsse:Password
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">
SomePassword
</wsse:Password>
<wsse:Nonce>bGmGuPDxQw2kkR5R0zC/hA==</wsse:Nonce>
<wsu:Created>2008-07-10T16:46:47.046Z</wsu:Created>
</wsse:UsernameToken>
<wsu:Timestamp
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="Timestamp-25899876">
<wsu:Created>2008-07-10T16:46:47.015Z</wsu:Created>
<wsu:Expires>2008-07-10T16:51:47.015Z</wsu:Expires>
</wsu:Timestamp>
</wsse:Security>
<wsa:MessageID soapenv:mustUnderstand="0">
uuid:c83b29b0-4e9f-11dd-8e1f-d019b0e90563
</wsa:MessageID>
<wsa:To soapenv:mustUnderstand="0">
http://localhost:8080/testapi/testwsapi.asmx
</wsa:To>
<wsa:Action soapenv:mustUnderstand="0">
http://www.test.com/api/testing/testinforequest
</wsa:Action>
<wsa:From soapenv:mustUnderstand="0">
<wsa:Address>
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
</wsa:Address>
</wsa:From>
<wsa:ReplyTo soapenv:mustUnderstand="0">
<wsa:Address>
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
</wsa:Address>
</wsa:ReplyTo>
</soapenv:Header>
<soapenv:Body>
<SAN_Info
xmlns="http://www.test.com/api/testing/ws/internal">
<SAN_Request VendorId="TestVendor"
VendorPassword="SomePassword"
xmlns="http://www.test.com/api/testing/testinforequest">
<Brand>SANBUS</Brand>
<TourCode>GE</TourCode>
<Code>80135</Code>
</SAN_Request>
</SAN_Info>
</soapenv:Body>
</soapenv:Envelope>
My client-config.wsdd ---------
<?xml version="1.0" encoding="UTF-8"?>
<deployment xmlns="http://xml.apache.org/axis/wsdd/"
xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
<transport name="http"
pivot="java:org.apache.axis.transport.http.HTTPSender"/>
<globalConfiguration>
<requestFlow>
<handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
<parameter name="action" value="Timestamp UsernameToken"/>
<parameter name="user" value="santosh.ncstk@gmail.com"/>
<parameter name="passwordCallbackClass"
value="com.api.testing.ws.internal.PWCallback"/>
<parameter name="passwordType" value="PasswordText"/>
<parameter name="password" value="ppx13Z11"/>
<parameter name="mustUnderstand" value="true" />
<parameter name="addUTElements" value="Nonce Created"/>
</handler>
</requestFlow>
</globalConfiguration>
</deployment>
By seeing the security header, we can say that it is
username-token-profile-1.0.
How to solve this.
Please help me.
Regards
Santosh
Shawn McKinney wrote:
>
> Hello,
>
> I have question:
>
> How do (can) we change the default crypto provider
> used by WSS4J for a particular Java runtime instance?
>
>
> We are using WSS4J 1.5 and would like to enable WSS4J
> to use the default crypto provider provided by Sun or
> IBM in a Java runtime. The idea here is we want to
> make it as easy as possible for our developers to test
> transactions using WS-Security running in Axis.
>
> We run Axis/WSS4J in JBoss, Tomcat and Websphere
> containers and would like to be able to test using the
> standard providers found in either JVM implementation
> without having to configure the BouncyCastle provider.
>
> Please note the aim here isn't to phase out or replace
> our use of BouncyCastle provider in production as we
> are quite happy with its capabilities. Rather we want
> to remove a step (steamline setup) for developers that
> want to test using our security configuration.
>
> Our default client-side configuration is to enable
> Username token, ecrypted:
>
> <parameter name="action" value="UsernameToken Encrypt
> Timestamp"/>
>
> Thanks in advance for your reply.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
>
>
--
View this message in context: http://www.nabble.com/Question-on-WSS4J-1.5-Crypto-Provider-Configuration-tp18238105p18544876.html
Sent from the WSS4J mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: Question on WSS4J 1.5 Crypto Provider Configuration
Posted by Shawn McKinney <sm...@sbcglobal.net>.
> Shawn, is your question whether you can set this,
> across the board,
> for resolving things like various cryptographic
> algorithms used in the
> runtime?
Yes that is my question.
> What you'll need to do is set the setAddJceProviders
> flag to false, on
> the WSSConfig class:
>
> WSSConfig.setAddJceProviders(false);
OK, We'll give this a shot and reply back here how it
works out for us.
Thanks Fred and Colm for replies.
--- Fred Dushin <fa...@apache.org> wrote:
> I think that may only set the provider for the
> keystore creation
> operations.
>
> Shawn, is your question whether you can set this,
> across the board,
> for resolving things like various cryptographic
> algorithms used in the
> runtime?
>
> I'm fairly certain there's no way to do this, and
> more importantly, no
> way to do it in the XMLSec libraries (I might be
> wrong about the
> latter, as I'm not completely familiar with that
> toolkit, and its
> level of configurability).
>
> Now, that being said, we did add support in 1.5.4 to
> disable the
> programmatic registration of Bouncycastle as a JCE
> provider, though a
> proper solution is awaiting some re-design of the
> APIs, probably for
> WSS4J 2.0.
>
> What you'll need to do is set the setAddJceProviders
> flag to false, on
> the WSSConfig class:
>
> WSSConfig.setAddJceProviders(false);
>
> This is a static operation, so you'll need to make
> sure this gets
> called before any WSS4J operations are called.
>
> Like I said, this is not really a proper solution in
> the general case,
> but we need to do some work to re-design the
> lifecycle management of
> some of the WSS4J objects in the WSS4J core, but
> that's not planned in
> the 1.5.x series, so the static hack is what you'd
> have to use.
>
> -Fred
>
> On Jul 3, 2008, at 5:56 AM, O hEigeartaigh, Colm
> wrote:
>
> >
> > You could try adding this to your crypto
> properties file:
> >
> >
>
org.apache.ws.security.crypto.merlin.keystore.provider=<provider
> name
> > here>
> >
> > Colm.
> >
> > -----Original Message-----
> > From: Shawn McKinney
> [mailto:smmtech@sbcglobal.net]
> > Sent: 02 July 2008 14:57
> > To: wss4j-dev@ws.apache.org
> > Subject: Question on WSS4J 1.5 Crypto Provider
> Configuration
> >
> > Hello,
> >
> > I have question:
> >
> > How do (can) we change the default crypto provider
> > used by WSS4J for a particular Java runtime
> instance?
> >
> >
> > We are using WSS4J 1.5 and would like to enable
> WSS4J
> > to use the default crypto provider provided by Sun
> or
> > IBM in a Java runtime. The idea here is we want
> to
> > make it as easy as possible for our developers to
> test
> > transactions using WS-Security running in Axis.
> >
> > We run Axis/WSS4J in JBoss, Tomcat and Websphere
> > containers and would like to be able to test using
> the
> > standard providers found in either JVM
> implementation
> > without having to configure the BouncyCastle
> provider.
> >
> > Please note the aim here isn't to phase out or
> replace
> > our use of BouncyCastle provider in production as
> we
> > are quite happy with its capabilities. Rather we
> want
> > to remove a step (steamline setup) for developers
> that
> > want to test using our security configuration.
> >
> > Our default client-side configuration is to enable
> > Username token, ecrypted:
> >
> > <parameter name="action" value="UsernameToken
> Encrypt
> > Timestamp"/>
> >
> > Thanks in advance for your reply.
> >
> >
>
---------------------------------------------------------------------
> > To unsubscribe, e-mail:
> wss4j-dev-unsubscribe@ws.apache.org
> > For additional commands, e-mail:
> wss4j-dev-help@ws.apache.org
> >
> > ----------------------------
> > IONA Technologies PLC (registered in Ireland)
> > Registered Number: 171387
> > Registered Address: The IONA Building, Shelbourne
> Road, Dublin 4,
> > Ireland
> >
> >
>
---------------------------------------------------------------------
> > To unsubscribe, e-mail:
> wss4j-dev-unsubscribe@ws.apache.org
> > For additional commands, e-mail:
> wss4j-dev-help@ws.apache.org
> >
> >
>
>
>
---------------------------------------------------------------------
> To unsubscribe, e-mail:
> wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail:
> wss4j-dev-help@ws.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: Question on WSS4J 1.5 Crypto Provider Configuration
Posted by Fred Dushin <fa...@apache.org>.
I think that may only set the provider for the keystore creation
operations.
Shawn, is your question whether you can set this, across the board,
for resolving things like various cryptographic algorithms used in the
runtime?
I'm fairly certain there's no way to do this, and more importantly, no
way to do it in the XMLSec libraries (I might be wrong about the
latter, as I'm not completely familiar with that toolkit, and its
level of configurability).
Now, that being said, we did add support in 1.5.4 to disable the
programmatic registration of Bouncycastle as a JCE provider, though a
proper solution is awaiting some re-design of the APIs, probably for
WSS4J 2.0.
What you'll need to do is set the setAddJceProviders flag to false, on
the WSSConfig class:
WSSConfig.setAddJceProviders(false);
This is a static operation, so you'll need to make sure this gets
called before any WSS4J operations are called.
Like I said, this is not really a proper solution in the general case,
but we need to do some work to re-design the lifecycle management of
some of the WSS4J objects in the WSS4J core, but that's not planned in
the 1.5.x series, so the static hack is what you'd have to use.
-Fred
On Jul 3, 2008, at 5:56 AM, O hEigeartaigh, Colm wrote:
>
> You could try adding this to your crypto properties file:
>
> org.apache.ws.security.crypto.merlin.keystore.provider=<provider name
> here>
>
> Colm.
>
> -----Original Message-----
> From: Shawn McKinney [mailto:smmtech@sbcglobal.net]
> Sent: 02 July 2008 14:57
> To: wss4j-dev@ws.apache.org
> Subject: Question on WSS4J 1.5 Crypto Provider Configuration
>
> Hello,
>
> I have question:
>
> How do (can) we change the default crypto provider
> used by WSS4J for a particular Java runtime instance?
>
>
> We are using WSS4J 1.5 and would like to enable WSS4J
> to use the default crypto provider provided by Sun or
> IBM in a Java runtime. The idea here is we want to
> make it as easy as possible for our developers to test
> transactions using WS-Security running in Axis.
>
> We run Axis/WSS4J in JBoss, Tomcat and Websphere
> containers and would like to be able to test using the
> standard providers found in either JVM implementation
> without having to configure the BouncyCastle provider.
>
> Please note the aim here isn't to phase out or replace
> our use of BouncyCastle provider in production as we
> are quite happy with its capabilities. Rather we want
> to remove a step (steamline setup) for developers that
> want to test using our security configuration.
>
> Our default client-side configuration is to enable
> Username token, ecrypted:
>
> <parameter name="action" value="UsernameToken Encrypt
> Timestamp"/>
>
> Thanks in advance for your reply.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
> ----------------------------
> IONA Technologies PLC (registered in Ireland)
> Registered Number: 171387
> Registered Address: The IONA Building, Shelbourne Road, Dublin 4,
> Ireland
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
RE: Question on WSS4J 1.5 Crypto Provider Configuration
Posted by "O hEigeartaigh, Colm" <Co...@iona.com>.
You could try adding this to your crypto properties file:
org.apache.ws.security.crypto.merlin.keystore.provider=<provider name
here>
Colm.
-----Original Message-----
From: Shawn McKinney [mailto:smmtech@sbcglobal.net]
Sent: 02 July 2008 14:57
To: wss4j-dev@ws.apache.org
Subject: Question on WSS4J 1.5 Crypto Provider Configuration
Hello,
I have question:
How do (can) we change the default crypto provider
used by WSS4J for a particular Java runtime instance?
We are using WSS4J 1.5 and would like to enable WSS4J
to use the default crypto provider provided by Sun or
IBM in a Java runtime. The idea here is we want to
make it as easy as possible for our developers to test
transactions using WS-Security running in Axis.
We run Axis/WSS4J in JBoss, Tomcat and Websphere
containers and would like to be able to test using the
standard providers found in either JVM implementation
without having to configure the BouncyCastle provider.
Please note the aim here isn't to phase out or replace
our use of BouncyCastle provider in production as we
are quite happy with its capabilities. Rather we want
to remove a step (steamline setup) for developers that
want to test using our security configuration.
Our default client-side configuration is to enable
Username token, ecrypted:
<parameter name="action" value="UsernameToken Encrypt
Timestamp"/>
Thanks in advance for your reply.
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
----------------------------
IONA Technologies PLC (registered in Ireland)
Registered Number: 171387
Registered Address: The IONA Building, Shelbourne Road, Dublin 4, Ireland
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Question on WSS4J 1.5 Crypto Provider Configuration
Posted by Shawn McKinney <sm...@sbcglobal.net>.
Hello,
I have question:
How do (can) we change the default crypto provider
used by WSS4J for a particular Java runtime instance?
We are using WSS4J 1.5 and would like to enable WSS4J
to use the default crypto provider provided by Sun or
IBM in a Java runtime. The idea here is we want to
make it as easy as possible for our developers to test
transactions using WS-Security running in Axis.
We run Axis/WSS4J in JBoss, Tomcat and Websphere
containers and would like to be able to test using the
standard providers found in either JVM implementation
without having to configure the BouncyCastle provider.
Please note the aim here isn't to phase out or replace
our use of BouncyCastle provider in production as we
are quite happy with its capabilities. Rather we want
to remove a step (steamline setup) for developers that
want to test using our security configuration.
Our default client-side configuration is to enable
Username token, ecrypted:
<parameter name="action" value="UsernameToken Encrypt
Timestamp"/>
Thanks in advance for your reply.
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org