You are viewing a plain text version of this content. The canonical link for it is here.

Posted to muse-user@ws.apache.org by PO...@gmx.net on 2007/10/31 15:32:22 UTC

Webservice Muse Security Problem

Hello

I try to run the ApacheMuse example of the tutorial http://ws.apache.org/muse/docs/2.2.0/tutorial/index.html . The problem is that I deployd it in the OMII tomcat webserver. This server has its own security features (X.509 Certificates and Keystores)
http://www.omii.ac.uk/docs/3.4.0/user_guide/omii_user_guide.htm#security/security2.htm
Now I dont know how configure my Webservice so that it can be run in that webserver. Hopefully someone can help me.

regards pod

-- 
GMX FreeMail: 1 GB Postfach, 5 E-Mail-Adressen, 10 Free SMS.
Alle Infos und kostenlose Anmeldung: http://www.gmx.net/de/go/freemail

---------------------------------------------------------------------
To unsubscribe, e-mail: muse-user-unsubscribe@ws.apache.org
For additional commands, e-mail: muse-user-help@ws.apache.org

Re: Webservice Muse Security Problem

Posted by PO...@gmx.net.

Hi

But what about the server-config.wsdd??
Omii has a server-config.wsdd


e.g to deploy that 


import uk.ac.omii.security.wss4j.helpers.AuthenticatedCertificateHelper ;
import uk.ac.omii.security.utils.DNParser;
import java.security.cert.X509Certificate;
public class HelloService {
    public String hello() throws Exception {
        X509Certificate clientCert =
                AuthenticatedCertificateHelper.getCurrentUser() ;
        DNParser dn = new DNParser(clientCert.getSubjectDN().getName());
        return "Hello " + dn.getCN() + "!" ;
    }

}


the wsdd file below is needed. It has its own security handlers. The muse war file I deployed didnt have a server-config.wsdd. Am I wrong that I have to make an own server-config.wsdd an put it in the WEB-INF directory of the war file and fill in some security info??


<deployment xmlns="http://xml.apache.org/axis/wsdd/"
            xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
  <service name="HelloService" provider="java:RPC">
    <requestFlow>
      <handler type=               "java:uk.ac.omii.security.wss4j.handler.PolicyEnforcementHandler">
        <parameter name="action" value="Timestamp Signature"/>
        <parameter name="signaturePropFile" value="crypto.properties"/>
        <parameter name="signatureKeyIdentifier" value="DirectReference" />
        <parameter name="passwordCallbackClass"
                   value="uk.ac.omii.security.utils.PWCallback"/>
        <parameter name="signatureParts"                   value="{}{http://schemas.xmlsoap.org/soap/envelope/}Body;{}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp"
        />
      </handler>
    </requestFlow>
    <responseFlow>
      <handler type=
              "java:uk.ac.omii.security.wss4j.handler.WSOutboundHandler">
        <parameter name="action" value="Timestamp Signature"/>
        <parameter name="signaturePropFile" value="crypto.properties"/>
        <parameter name="signatureKeyIdentifier" value="DirectReference" />
        <parameter name="passwordCallbackClass"
                           value="uk.ac.omii.security.utils.PWCallback"/>
        <parameter name="signatureParts"                   value="{}{http://schemas.xmlsoap.org/soap/envelope/}Body;{}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;"
        />
      </handler>
    </responseFlow>
    <parameter name="className" value="HelloService"/>
    <parameter name="allowedMethods" value="*"/>
  </service>
</deployment>

 






-------- Original-Nachricht --------
> Datum: Wed, 31 Oct 2007 15:58:58 -0000 (GMT)
> Von: rochfokj@cs.tcd.ie
> An: muse-user@ws.apache.org
> Betreff: Re: Webservice Muse Security Problem

> Hi,
> I dont think you need to do anything different when deploying the service
> but there'll be a few extra things to do on the client side.
> 
> Have you tried getting the details of the local certs/keys/truststore from
> the crypto.props file and setting up the client accordingly?
> 
> e.g.
> 
> System.setProperty("javax.net.ssl.trustStore", "C:\\Documents and
> Settings\\user\\clientTruststore");
> System.setProperty("javax.net.ssl.trustStorePassword", "somePassword");
> 
> and
> 
> System.setProperty("javax.net.ssl.keyStore", "C:\\Documents and
> Settings\\user\\clientKeystore");
> System.setProperty("javax.net.ssl.keyStorePassword", "someOtherPassword");
> 
> regards
> Keith
> 
> > Hello
> >
> > I try to run the ApacheMuse example of the tutorial
> > http://ws.apache.org/muse/docs/2.2.0/tutorial/index.html . The problem
> is
> > that I deployd it in the OMII tomcat webserver. This server has its own
> > security features (X.509 Certificates and Keystores)
> >
> http://www.omii.ac.uk/docs/3.4.0/user_guide/omii_user_guide.htm#security/security2.htm
> > Now I dont know how configure my Webservice so that it can be run in
> that
> > webserver. Hopefully someone can help me.
> >
> > regards pod
> >
> > --
> > GMX FreeMail: 1 GB Postfach, 5 E-Mail-Adressen, 10 Free SMS.
> > Alle Infos und kostenlose Anmeldung: http://www.gmx.net/de/go/freemail
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: muse-user-unsubscribe@ws.apache.org
> > For additional commands, e-mail: muse-user-help@ws.apache.org
> >
> >
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: muse-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: muse-user-help@ws.apache.org

-- 
Der GMX SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen! 
Ideal für Modem und ISDN: http://www.gmx.net/de/go/smartsurfer

---------------------------------------------------------------------
To unsubscribe, e-mail: muse-user-unsubscribe@ws.apache.org
For additional commands, e-mail: muse-user-help@ws.apache.org

Re: Webservice Muse Security Problem

Posted by ro...@cs.tcd.ie.

Hi,
I dont think you need to do anything different when deploying the service
but there'll be a few extra things to do on the client side.

Have you tried getting the details of the local certs/keys/truststore from
the crypto.props file and setting up the client accordingly?

e.g.

System.setProperty("javax.net.ssl.trustStore", "C:\\Documents and
Settings\\user\\clientTruststore");
System.setProperty("javax.net.ssl.trustStorePassword", "somePassword");

and

System.setProperty("javax.net.ssl.keyStore", "C:\\Documents and
Settings\\user\\clientKeystore");
System.setProperty("javax.net.ssl.keyStorePassword", "someOtherPassword");

regards
Keith

> Hello
>
> I try to run the ApacheMuse example of the tutorial
> http://ws.apache.org/muse/docs/2.2.0/tutorial/index.html . The problem is
> that I deployd it in the OMII tomcat webserver. This server has its own
> security features (X.509 Certificates and Keystores)
> http://www.omii.ac.uk/docs/3.4.0/user_guide/omii_user_guide.htm#security/security2.htm
> Now I dont know how configure my Webservice so that it can be run in that
> webserver. Hopefully someone can help me.
>
> regards pod
>
> --
> GMX FreeMail: 1 GB Postfach, 5 E-Mail-Adressen, 10 Free SMS.
> Alle Infos und kostenlose Anmeldung: http://www.gmx.net/de/go/freemail
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: muse-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: muse-user-help@ws.apache.org
>
>



---------------------------------------------------------------------
To unsubscribe, e-mail: muse-user-unsubscribe@ws.apache.org
For additional commands, e-mail: muse-user-help@ws.apache.org