You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-user@axis.apache.org by Jochen Zink <jo...@web.de> on 2007/03/08 13:00:26 UTC
[Axis2][Rampart] MTOM Attachment secure?
Hello,
I tried to sign and encrypted messages with rampart module 1.1 and axis2 1.1.1.
To check, if the messages are really encrypted, I view the soap messages with tcpmon.
I'm sending an attachment with MTOM from the client to the service, like the mtom example in axis2. The sending file is a simple xml File.
The File is transferred correctly. But I'm not sure, that both message Parts (the soap Message and the attachment) are encrypted. Without rampart, I can read the XML-File content in clear text on tcpmon. With Rampart and sending the file with Soap With Attachment, its also clear text (Rampart can't secure SWA). Therefore I tried to send the File with mtom. Know, I can't read the xml File. But it doesn't look like an xml encryption. If you open a binary file in an text editor, you getan similar result. I don't know, how I can check that the attachment is really encrypted. Has anyone an idea, how can I check, or can anyone take a look to my configuration to check, if mtom attachments are surly encrypted??
Here are my service.xml
<serviceGroup>
<service name="RampertFileService">
<messageReceivers>
<messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-out"
class="de.nepatec.jzink.webservice.MTOMSampleMessageReceiverInOut" />
</messageReceivers>
<parameter locked="false" name="ServiceClass">
de.nepatec.jzink.webservice.RampertFileService
</parameter>
<operation name="attachment"
mep="http://www.w3.org/2004/08/wsdl/in-out">
<actionMapping>attachment</actionMapping>
<outputActionMapping>
//schemas.xmlsoap.org/wsdl/MTOMServicePortType/AttachmentResponse
</outputActionMapping>
</operation>
<parameter name="enableMTOM" locked="false">true</parameter>
<module ref="rampart" />
<parameter name="InflowSecurity">
<action>
<items>Timestamp Signature Encrypt</items>
<passwordCallbackClass>de.nepatec.jzink.webservice.PWCBHandler</passwordCallbackClass>
<signaturePropFile>service.properties</signaturePropFile>
</action>
</parameter>
<parameter name="OutflowSecurity">
<action>
<items>Timestamp Signature Encrypt</items>
<user>service</user>
<passwordCallbackClass>de.nepatec.jzink.webservice.PWCBHandler</passwordCallbackClass>
<signaturePropFile>service.properties</signaturePropFile>
<signatureKeyIdentifier>DirectReference</signatureKeyIdentifier>
<encryptionKeyIdentifier>SKIKeyIdentifier</encryptionKeyIdentifier>
<encryptionUser>useReqSigCert</encryptionUser>
</action>
</parameter>
</service>
</serviceGroup>
And the client configuration
<module ref="rampart" />
<parameter name="OutflowSecurity">
<action>
<items>Timestamp Signature Encrypt</items>
<user>client</user>
<passwordCallbackClass>de.nepatec.jzink.webservice.client.PWCBHandler</passwordCallbackClass>
<signaturePropFile>client.properties</signaturePropFile>
<signatureKeyIdentifier>DirectReference</signatureKeyIdentifier>
<encryptionKeyIdentifier>SKIKeyIdentifier</encryptionKeyIdentifier>
<encryptionUser>service</encryptionUser>
<optimizeParts>//xenc:EncryptedData/xenc:CipherData/xenc:CipherValue</optimizeParts>
</action>
</parameter>
<parameter name="InflowSecurity">
<action>
<items>Timestamp Signature Encrypt</items>
<passwordCallbackClass>de.nepatec.jzink.webservice.client.PWCBHandler</passwordCallbackClass>
<signaturePropFile>client.properties</signaturePropFile>
</action>
</parameter>
Thanks for reading!
_____________________________________________________________________
Der WEB.DE SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen!
http://smartsurfer.web.de/?mc=100071&distributionid=000000000066
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org
Re: [Axis2][Rampart] MTOM Attachment secure?
Posted by Thilina Gunarathne <cs...@gmail.com>.
> The File is transferred correctly. But I'm not sure, that both message Parts (the soap >Message and the attachment) are encrypted. Without rampart, I can read the XML-File >content in clear text on tcpmon. With Rampart and sending the file with Soap With >Attachment, its also clear text (Rampart can't secure SWA). Therefore I tried to send the >File with mtom. Know, I can't read the xml File. But it doesn't look like an xml encryption.
AFAIK rampart will treat your attachment as a binary file.. It'll not
be aware of whether you are sending XML as the attachment...
~Thilina
>If you open a binary file in an text editor, you getan similar
result. I don't know, how I can check that the attachment is really
encrypted. Has anyone an idea, how can I check, or can anyone take a
look to my configuration to check, if mtom attachments are surly
encrypted??
>
> Here are my service.xml
> <serviceGroup>
> <service name="RampertFileService">
> <messageReceivers>
> <messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-out"
> class="de.nepatec.jzink.webservice.MTOMSampleMessageReceiverInOut" />
> </messageReceivers>
> <parameter locked="false" name="ServiceClass">
> de.nepatec.jzink.webservice.RampertFileService
> </parameter>
> <operation name="attachment"
> mep="http://www.w3.org/2004/08/wsdl/in-out">
> <actionMapping>attachment</actionMapping>
> <outputActionMapping>
> //schemas.xmlsoap.org/wsdl/MTOMServicePortType/AttachmentResponse
> </outputActionMapping>
> </operation>
>
> <parameter name="enableMTOM" locked="false">true</parameter>
>
> <module ref="rampart" />
>
> <parameter name="InflowSecurity">
> <action>
> <items>Timestamp Signature Encrypt</items>
> <passwordCallbackClass>de.nepatec.jzink.webservice.PWCBHandler</passwordCallbackClass>
> <signaturePropFile>service.properties</signaturePropFile>
> </action>
> </parameter>
>
> <parameter name="OutflowSecurity">
> <action>
> <items>Timestamp Signature Encrypt</items>
> <user>service</user>
> <passwordCallbackClass>de.nepatec.jzink.webservice.PWCBHandler</passwordCallbackClass>
> <signaturePropFile>service.properties</signaturePropFile>
> <signatureKeyIdentifier>DirectReference</signatureKeyIdentifier>
> <encryptionKeyIdentifier>SKIKeyIdentifier</encryptionKeyIdentifier>
> <encryptionUser>useReqSigCert</encryptionUser>
> </action>
> </parameter>
>
> </service>
> </serviceGroup>
>
>
> And the client configuration
>
> <module ref="rampart" />
>
> <parameter name="OutflowSecurity">
> <action>
> <items>Timestamp Signature Encrypt</items>
> <user>client</user>
> <passwordCallbackClass>de.nepatec.jzink.webservice.client.PWCBHandler</passwordCallbackClass>
> <signaturePropFile>client.properties</signaturePropFile>
> <signatureKeyIdentifier>DirectReference</signatureKeyIdentifier>
> <encryptionKeyIdentifier>SKIKeyIdentifier</encryptionKeyIdentifier>
> <encryptionUser>service</encryptionUser>
> <optimizeParts>//xenc:EncryptedData/xenc:CipherData/xenc:CipherValue</optimizeParts>
> </action>
> </parameter>
>
> <parameter name="InflowSecurity">
> <action>
> <items>Timestamp Signature Encrypt</items>
> <passwordCallbackClass>de.nepatec.jzink.webservice.client.PWCBHandler</passwordCallbackClass>
> <signaturePropFile>client.properties</signaturePropFile>
> </action>
> </parameter>
>
>
> Thanks for reading!
>
>
>
>
> _____________________________________________________________________
> Der WEB.DE SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen!
> http://smartsurfer.web.de/?mc=100071&distributionid=000000000066
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-user-help@ws.apache.org
>
>
--
Thilina Gunarathne
WSO2, Inc.; http://www.wso2.com/
Home page: http://webservices.apache.org/~thilina/
Blog: http://thilinag.blogspot.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org