You are viewing a plain text version of this content. The canonical link for it is here.
Posted to wss4j-dev@ws.apache.org by Raphaël Di Cicco <ra...@netcourrier.com> on 2008/04/14 17:25:52 UTC
Adapting my "Java only" webservice security to a .net client
Hello,
I have the following configuration :
tomcat 5.5.25
axis 1.4
wss4j 1.5.3
JDK1.5
JKS and self signed certificates
I was able to secure the connection between my java client and the server by
using the following conguration :
SERVER WSDD
<service name="UploadCoverCreation" provider="java:RPC" attachment="NONE"
xmlns:ict="urn:dtos.client.ws.ic.axa.com">
<parameter name="allowedMethods" value="getVersion,invoke"/>
<parameter name="className" value="com.axa.ic.ws.UploadCoverCreationWS"/>
<requestFlow>
<handler type="java:org.apache.ws.axis.security.WSDoAllReceiver">
<parameter name="passwordCallbackClass"
value="com.ic.ws.helpers.PWCallback"/>
<parameter name="action" value="UsernameToken Encrypt"/>
<parameter name="decryptionPropFile" value="crypto_server.properties" />
</handler>
</requestFlow>
...
</service>
CRYPTO SERVER PROPERTIES
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=keystorepassword
org.apache.ws.security.crypto.merlin.keystore.alias=serverUser
org.apache.ws.security.crypto.merlin.alias.password=myserverpassword
org.apache.ws.security.crypto.merlin.file=serverkeystore.jks
CLIENT WSDD
<?xml version="1.0" encoding="UTF-8"?>
<deployment xmlns="http://xml.apache.org/axis/wsdd/"
xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
<transport name="http"
pivot="java:org.apache.axis.transport.http.HTTPSender"/>
<globalConfiguration >
<requestFlow>
<handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
<parameter name="action" value="UsernameToken Encrypt"/>
<parameter name="passwordCallbackClass"
value="com.axa.ic.ws.client.helpers.PWCallback"/>
<parameter name="passwordType" value="PasswordText" />
<parameter name="addUTElement" value="Nonce Created" />
<parameter name="encryptionPropFile" value="crypto_client.properties"
/>
<parameter name="encryptionKeyIdentifier" value="X509KeyIdentifier" />
<parameter name="encryptionUser" value="serverUser" />
<parameter name="encryptionParts"
value="{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}UsernameToken"
/>
</handler>
</requestFlow>
</globalConfiguration >
</deployment>
The hard part comes now... I have to make this work with a .Net 1.1 client.
I understand the .net framework must use WSE but I'm unsure which version :
2.0 or 3.0 ?
I also know that I must use the Timestamp action for it to be compatible.
Beeing a complete newbie to .Net I looked for a sample or tutorial that
could fit to my project but could not find any. I'm especially confused
about certificates, which format should I use to be compatible on both
sides, and also about the policy file from the .net side that seems rather
complex.
So I was wondering if any of you had success with such configuration. Some
pointers or code samples would be greatly appreciated in order for me to
advance to interoperability.
Thank you,
Raphaël
--
View this message in context: http://www.nabble.com/Adapting-my-%22Java-only%22-webservice-security-to-a-.net-client-tp16678577p16678577.html
Sent from the WSS4J mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: Adapting my "Java only" webservice security to a .net client
Posted by Nandana Mihindukulasooriya <na...@gmail.com>.
Hi Raphael,
> There is specially the folder interop/keys that contains the keys in the jks
> format and keys in the pfx format. They explain how they generated them
> (from jks -> pfx), but it is still unclear for me about the formats.
>
> Maybe some of the wss4j developers may provide us more information!
> Because it is not easy to transfer the keys generated with the keytool to
> the Microsoft world.
We have a small tool which converts JKS -> PFX and vice versa. If you
want to convert keys for testing purposes you can use that to convert
key stores. You can check the online instance here [1].
thanks,
/nandana
[1] - http://tools.wso2.org/ksb/
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org
Re: Adapting my "Java only" webservice security to a .net client
Posted by Jari Fredriksson <ja...@iki.fi>.
On 9.4.2010 11:28, EdaOgut wrote:
>
>
> Hello,
>
> I will call web service which is implemanted by .NET Framework 3.0.
> How can I create my client proxy class ? for calling .net web service from
> java client.
>
Every web service should have a WSDL description. With that, the Java
classes can be generated, no matter the tool you use.
--
http://www.iki.fi/jarif/
You own a dog, but you can only feed a cat.
Re: Adapting my "Java only" webservice security to a .net client
Posted by EdaOgut <ed...@gmail.com>.
Hello,
I will call web service which is implemanted by .NET Framework 3.0.
How can I create my client proxy class ? for calling .net web service from
java client.
Regards,
Eda.
Raphaël Di Cicco wrote:
>
> Hello José,
>
> that certainly helps a lot. I didn't notice the interop folder before.
> I will go into details with what you propose and should get back to you.
>
> Thank you
>
--
View this message in context: http://old.nabble.com/Adapting-my-%22Java-only%22-webservice-security-to-a-.net-client-tp16678577p28189175.html
Sent from the WSS4J mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: Adapting my "Java only" webservice security to a .net client
Posted by Raphaël Di Cicco <ra...@netcourrier.com>.
Hello José,
that certainly helps a lot. I didn't notice the interop folder before.
I will go into details with what you propose and should get back to you.
Thank you
--
View this message in context: http://www.nabble.com/Adapting-my-%22Java-only%22-webservice-security-to-a-.net-client-tp16678577p16697072.html
Sent from the WSS4J mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
[Axis2] QName conflict - present in two jar files
Posted by "Qureshi, Affan" <AQ...@epsilon.com>.
Hi,
I am trying to build my project but I am getting a strange error. The compiler complains about not finding certain methods of javax.xml.namespace.QName class in the generated Stub. I found that this class is present in two jar files: stax-api.jar and xml-api.jar.
I tried to remove it from one of them but it still didn't work.
Btw the same set up worked in a standalone application but once I integrated the code into my web-app it started giving me this error.
Any ideas what I am doing wrong?
Thanks!
Affan
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org
Re: Adapting my "Java only" webservice security to a .net client
Posted by SG...@intellicare.com.
José,
"José Ferreiro" <jo...@gmail.com> wrote on 04/15/2008 04:25:27 AM:
> May I ask you which security scenario did you use in your
> Axis2/Rampart project:
>
> TIMESTAMP, ENCRYPTION, SIGNATURE?
All three. I've attached my WSDL and Rampart config in case that's of
interest. These are pretty generic, basically copied from
this book: http://www.agileskills2.org/DWSAA/index.html (which I've found
quite helpful as an Axis2 newbie).
> Which certificates did you use (own ones or sample ones).
I generated my own certificate and authority and then generated and
self-signed my own certificates for securing the service.
I've got some questions about what the best practice is for this - I'm
going to start a new thread about that.
> I assume you used the framework .net 2.0 with WSE 3.0 . Is this correct?
Haven't gotten that far yet, but that's what I will be using.
- Steve
(See attached file: TestService.wsdl)
(See attached file: rampart-config.xml)
______________________________________________
Steve Gruverman
IntelliCare, Inc. | A Medco Health Solutions Company
500 Southborough Drive | South Portland ME 04106
Re: Adapting my "Java only" webservice security to a .net client
Posted by José Ferreiro <jo...@gmail.com>.
Hello Steve,
I am glad my indications could help you to produce a Axis2/Rampart service
where a .net client could connect to the service!
May I ask you which security scenario did you use in your Axis2/Rampart
project:
TIMESTAMP, ENCRYPTION, SIGNATURE?
Which certificates did you use (own ones or sample ones).
I assume you used the framework .net 2.0 with WSE 3.0 . Is this correct?
Thank you
José Ferreiro
On Mon, Apr 14, 2008 at 10:17 PM, <SG...@intellicare.com> wrote:
> Jose,
>
> Wow - I just got a new project where our Axis2/Rampart web services will
> be
> consumed by .NET client. You answered most of the questions I had.
>
> Many thanks!
>
> - Steve
>
> ______________________________________________
>
>
>
"Think little goals and expect little achievements. Think big goals and win
big success." David Joseph Schwartz
Re: Adapting my "Java only" webservice security to a .net client
Posted by SG...@intellicare.com.
Jose,
Wow - I just got a new project where our Axis2/Rampart web services will be
consumed by .NET client. You answered most of the questions I had.
Many thanks!
- Steve
______________________________________________
Steve Gruverman
IntelliCare, Inc. | A Medco Health Solutions Company
500 Southborough Drive | South Portland ME 04106
"José Ferreiro" <jo...@gmail.com> wrote on 04/14/2008 03:53:16 PM:
> Hello Raphaël,
>
> I will suggest you to download WSE 3.0 (Web Services Enhancements)
> which requires .net 2.0 framework (although you said you need a
> client using .net 1.1).
>
> ...
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org
Re: Adapting my "Java only" webservice security to a .net client
Posted by José Ferreiro <jo...@gmail.com>.
Hello Raphaël,
I will suggest you to download WSE 3.0 (Web Services Enhancements) which
requires .net 2.0 framework (although you said you need a client using .net
1.1).
I will strongly recommend you to use .net 2.0 framework.
If you need to use .net 1.1. I think you may use it with WSE 2.0.
The thing is that WSE 3.0 should be more robust than WSE 2.0 in terms of
stability and above all more compliant in terms of the WS-security standard
point of view from OASIS.
You are correct when saying that you need to use the TIMESTAMP parameter.
When you will install the WSE 2.0 or WSE 3.0, there is some examples
provided with the package.
Please also note that WSS4J package provides examples under the folder
"interop".
There is specially the folder interop/keys that contains the keys in the jks
format and keys in the pfx format. They explain how they generated them
(from jks -> pfx), but it is still unclear for me about the formats.
Maybe some of the wss4j developers may provide us more information!
Because it is not easy to transfer the keys generated with the keytool to
the Microsoft world.
You may use the WSDL Proxy class tool (WseWsdl3.exe - this comes with WSE
3.0 ) from microsoft to generate the proxy code for the Web service client
from the existing WSDL file you have.
Please note that your wsdl should be compliant with WS-I, in order to
achieve maximal interoperability between the two technologies (Microsoft WSE
3.0 - Axis 1.4, wss4j) (http://www.ws-i.org/).
To develop the .net client you may use Visual C# 2005 Express
Edition<http://msdn.microsoft.com/vstudio/express/visualcsharp/>(free),
there is also a c-sharp plugin for Eclipse if you decide to write
your client in C-sharp language.
Well Raphaël, hope I provide some directions to inspire you.
Kind regards,
José Ferreiro
On 4/14/08, Raphaël Di Cicco <ra...@netcourrier.com> wrote:
>
>
> Hello,
>
> I have the following configuration :
> tomcat 5.5.25
> axis 1.4
> wss4j 1.5.3
> JDK1.5
> JKS and self signed certificates
>
> I was able to secure the connection between my java client and the server
> by
> using the following conguration :
>
> SERVER WSDD
> <service name="UploadCoverCreation" provider="java:RPC" attachment="NONE"
> xmlns:ict="urn:dtos.client.ws.ic.axa.com">
> <parameter name="allowedMethods" value="getVersion,invoke"/>
> <parameter name="className" value="com.axa.ic.ws.UploadCoverCreationWS"/>
> <requestFlow>
> <handler type="java:org.apache.ws.axis.security.WSDoAllReceiver">
> <parameter name="passwordCallbackClass"
> value="com.ic.ws.helpers.PWCallback"/>
> <parameter name="action" value="UsernameToken Encrypt"/>
> <parameter name="decryptionPropFile" value="crypto_server.properties"
> />
> </handler>
> </requestFlow>
> ...
> </service>
>
> CRYPTO SERVER PROPERTIES
>
> org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
> org.apache.ws.security.crypto.merlin.keystore.type=jks
> org.apache.ws.security.crypto.merlin.keystore.password=keystorepassword
> org.apache.ws.security.crypto.merlin.keystore.alias=serverUser
> org.apache.ws.security.crypto.merlin.alias.password=myserverpassword
> org.apache.ws.security.crypto.merlin.file=serverkeystore.jks
>
> CLIENT WSDD
> <?xml version="1.0" encoding="UTF-8"?>
> <deployment xmlns="http://xml.apache.org/axis/wsdd/"
> xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
> <transport name="http"
> pivot="java:org.apache.axis.transport.http.HTTPSender"/>
> <globalConfiguration >
> <requestFlow>
> <handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
> <parameter name="action" value="UsernameToken Encrypt"/>
> <parameter name="passwordCallbackClass"
> value="com.axa.ic.ws.client.helpers.PWCallback"/>
> <parameter name="passwordType" value="PasswordText" />
> <parameter name="addUTElement" value="Nonce Created" />
> <parameter name="encryptionPropFile" value="crypto_client.properties"
> />
> <parameter name="encryptionKeyIdentifier" value="X509KeyIdentifier" />
> <parameter name="encryptionUser" value="serverUser" />
> <parameter name="encryptionParts"
> value="{Element}{
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}UsernameToken
> "
> />
> </handler>
> </requestFlow>
> </globalConfiguration >
> </deployment>
>
>
> The hard part comes now... I have to make this work with a .Net 1.1
> client.
> I understand the .net framework must use WSE but I'm unsure which version
> :
> 2.0 or 3.0 ?
> I also know that I must use the Timestamp action for it to be compatible.
> Beeing a complete newbie to .Net I looked for a sample or tutorial that
> could fit to my project but could not find any. I'm especially confused
> about certificates, which format should I use to be compatible on both
> sides, and also about the policy file from the .net side that seems rather
> complex.
>
> So I was wondering if any of you had success with such configuration. Some
> pointers or code samples would be greatly appreciated in order for me to
> advance to interoperability.
>
> Thank you,
> Raphaël
> --
> View this message in context:
> http://www.nabble.com/Adapting-my-%22Java-only%22-webservice-security-to-a-.net-client-tp16678577p16678577.html
> Sent from the WSS4J mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
>
--
José Ferreiro
"Think little goals and expect little achievements. Think big goals and win
big success." David Joseph Schwartz
Re: Adapting my "Java only" webservice security to a .net client
Posted by José Ferreiro <jo...@gmail.com>.
Hello Raphaël,
I will suggest you to download WSE 3.0 (Web Services Enhancements) which
requires .net 2.0 framework (although you said you need a client using .net
1.1).
I will strongly recommend you to use .net 2.0 framework.
If you need to use .net 1.1. I think you may use it with WSE 2.0.
The thing is that WSE 3.0 should be more robust than WSE 2.0 in terms of
stability and above all more compliant in terms of the WS-security standard
point of view from OASIS.
You are correct when saying that you need to use the TIMESTAMP parameter.
When you will install the WSE 2.0 or WSE 3.0, there is some examples
provided with the package.
Please also note that WSS4J package provides examples under the folder
"interop".
There is specially the folder interop/keys that contains the keys in the jks
format and keys in the pfx format. They explain how they generated them
(from jks -> pfx), but it is still unclear for me about the formats.
Maybe some of the wss4j developers may provide us more information!
Because it is not easy to transfer the keys generated with the keytool to
the Microsoft world.
You may use the WSDL Proxy class tool (WseWsdl3.exe - this comes with WSE
3.0 ) from microsoft to generate the proxy code for the Web service client
from the existing WSDL file you have.
Please note that your wsdl should be compliant with WS-I, in order to
achieve maximal interoperability between the two technologies (Microsoft WSE
3.0 - Axis 1.4, wss4j) (http://www.ws-i.org/).
To develop the .net client you may use Visual C# 2005 Express
Edition<http://msdn.microsoft.com/vstudio/express/visualcsharp/>(free),
there is also a c-sharp plugin for Eclipse if you decide to write
your client in C-sharp language.
Well Raphaël, hope I provide some directions to inspire you.
Kind regards,
José Ferreiro
On 4/14/08, Raphaël Di Cicco <ra...@netcourrier.com> wrote:
>
>
> Hello,
>
> I have the following configuration :
> tomcat 5.5.25
> axis 1.4
> wss4j 1.5.3
> JDK1.5
> JKS and self signed certificates
>
> I was able to secure the connection between my java client and the server
> by
> using the following conguration :
>
> SERVER WSDD
> <service name="UploadCoverCreation" provider="java:RPC" attachment="NONE"
> xmlns:ict="urn:dtos.client.ws.ic.axa.com">
> <parameter name="allowedMethods" value="getVersion,invoke"/>
> <parameter name="className" value="com.axa.ic.ws.UploadCoverCreationWS"/>
> <requestFlow>
> <handler type="java:org.apache.ws.axis.security.WSDoAllReceiver">
> <parameter name="passwordCallbackClass"
> value="com.ic.ws.helpers.PWCallback"/>
> <parameter name="action" value="UsernameToken Encrypt"/>
> <parameter name="decryptionPropFile" value="crypto_server.properties"
> />
> </handler>
> </requestFlow>
> ...
> </service>
>
> CRYPTO SERVER PROPERTIES
>
> org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
> org.apache.ws.security.crypto.merlin.keystore.type=jks
> org.apache.ws.security.crypto.merlin.keystore.password=keystorepassword
> org.apache.ws.security.crypto.merlin.keystore.alias=serverUser
> org.apache.ws.security.crypto.merlin.alias.password=myserverpassword
> org.apache.ws.security.crypto.merlin.file=serverkeystore.jks
>
> CLIENT WSDD
> <?xml version="1.0" encoding="UTF-8"?>
> <deployment xmlns="http://xml.apache.org/axis/wsdd/"
> xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
> <transport name="http"
> pivot="java:org.apache.axis.transport.http.HTTPSender"/>
> <globalConfiguration >
> <requestFlow>
> <handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
> <parameter name="action" value="UsernameToken Encrypt"/>
> <parameter name="passwordCallbackClass"
> value="com.axa.ic.ws.client.helpers.PWCallback"/>
> <parameter name="passwordType" value="PasswordText" />
> <parameter name="addUTElement" value="Nonce Created" />
> <parameter name="encryptionPropFile" value="crypto_client.properties"
> />
> <parameter name="encryptionKeyIdentifier" value="X509KeyIdentifier" />
> <parameter name="encryptionUser" value="serverUser" />
> <parameter name="encryptionParts"
> value="{Element}{
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}UsernameToken
> "
> />
> </handler>
> </requestFlow>
> </globalConfiguration >
> </deployment>
>
>
> The hard part comes now... I have to make this work with a .Net 1.1
> client.
> I understand the .net framework must use WSE but I'm unsure which version
> :
> 2.0 or 3.0 ?
> I also know that I must use the Timestamp action for it to be compatible.
> Beeing a complete newbie to .Net I looked for a sample or tutorial that
> could fit to my project but could not find any. I'm especially confused
> about certificates, which format should I use to be compatible on both
> sides, and also about the policy file from the .net side that seems rather
> complex.
>
> So I was wondering if any of you had success with such configuration. Some
> pointers or code samples would be greatly appreciated in order for me to
> advance to interoperability.
>
> Thank you,
> Raphaël
> --
> View this message in context:
> http://www.nabble.com/Adapting-my-%22Java-only%22-webservice-security-to-a-.net-client-tp16678577p16678577.html
> Sent from the WSS4J mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
>
--
José Ferreiro
"Think little goals and expect little achievements. Think big goals and win
big success." David Joseph Schwartz