You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ws.apache.org by Apache Wiki <wi...@apache.org> on 2005/10/25 21:53:03 UTC
[Ws Wiki] Update of "RonReynolds/XmlSigSetup" by RonReynolds
Dear Wiki user,
You have subscribed to a wiki page or wiki category on "Ws Wiki" for change notification.
The following page has been changed by RonReynolds:
http://wiki.apache.org/ws/RonReynolds/XmlSigSetup
New page:
(almost done)
== How to set up XML-Signature using WSS4J and Axis 1.2.1 ==
1. create a keystore file for the server {{{
keytool -genkey
-alias server
-dname "CN=My Server"
-keypass serverKeyPW
-keystore server.keystore
-storepass serverStorePW }}}
2. create a keystore (and public-key/private-key pair) for the client {{{
keytool -genkey
-alias client1
-dname "CN=Client 1"
-keypass client1KeyPW
-keystore client1.keystore
-storepass client1StorePW }}}
3. generate a self-signed certificate for the client (stored within the keystore) {{{
keytool -selfcert
-alias client1
-keypass client1KeyPW
-keystore client1.keystore
-storepass client1StorePW }}}
4. export the self-signed X.509 certificate {{{
keytool -export
-alias client1
-keystore client1.keystore
-storepass client1StorePW
-file client.x509 }}}
5. import the certificate into the server's keystore {{{
keytool -import
-alias client1
-file client.x509
-keystore server.keystore
-storepass serverStorePW }}}
6. repeat the above for each client you want the server to accept signed messages from
7. add the following to the server's server-config.wsdd {{{
<service name="MyWebservice" provider="java:RPC" style="document" use="literal">
<!-- WS-Security handlers -->
<requestFlow>
<handler type="java:org.apache.ws.axis.security.WSDoAllReceiver">
<parameter name="action" value="Signature"/>
<parameter name="actor" value="clientSig"/>
<parameter name="signaturePropFile" value="server-crypto.properties" />
</handler>
</requestFlow>
...
}}}
8. create a server-crypto.properties file with the following contents: {{{
org.apache.ws.security.crypto.provider = org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type = jks
org.apache.ws.security.crypto.merlin.keystore.password = serverStorePW
org.apache.ws.security.crypto.merlin.file = server.keystore
}}}
9. place the server.keystore and server-crypto.properties files in the WEB-INF/classes directory and the server-config.wsdd file in the WEB-INF directory.
10. on the client side you'll need a similar client-config.wsdd to tell Axis to generate the signature {{{
<?xml version="1.0"?>
<deployment xmlns="http://xml.apache.org/axis/wsdd/" xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
<transport name="http" pivot="java:org.apache.axis.transport.http.HTTPSender"/>
<globalConfiguration>
<requestFlow>
<handler type="java:org.apache.ws.axis.security.WSDoAllSender">
<parameter name="action" value="Signature"/>
<parameter name="actor" value="clientSig"/>
<parameter name="user" value="client1"/>
<parameter name="passwordCallbackClass" value="Client1PWCallback"/>
<parameter name="signaturePropFile" value="client1-crypto.properties" />
</handler>
</requestFlow>
</globalConfiguration>
</deployment>
}}} and a similar client1-crypto.properties file to tell it what key to sign with {{{
org.apache.ws.security.crypto.provider = org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type = jks
org.apache.ws.security.crypto.merlin.keystore.password = client1StorePW
org.apache.ws.security.crypto.merlin.file = client1.keystore
}}}
11. you also need to create the password callback classes... (TODO)