You are viewing a plain text version of this content. The canonical link for it is here.
Posted to rampart-dev@ws.apache.org by Andrew Fielden <af...@tibco.com> on 2007/08/23 18:25:14 UTC
Disabling signature confirmation
I've deployed a web service to Axis2. This web service uses Rampart.
The response SOAP message always contains a signature confirmation
token. I know that this is enabled by default, however I've tried
various things (listed below) in the services.xml to disable this. None
of these have disabled signature confirmation. This causes a problem
when my web service is invoked by e.g. Websphere, because it isn't
expecting the signature confirmation token to be present in the response
message. E.g.
<wsse11:SignatureConfirmation xmlns:wsse11=....>
I'm guessing I've specified the wrong handler to disable it. Could
someone please suggest how I can disable signature confirmation?
Thanks.
Andrew.
What I've tried so far..
<responseFlow>
<handler
type="java:org.apache.rampart.handler.WSDoAllReceiver">
<parameter name="enableSignatureConfirmation"
value="false"/>
</handler>
<handler
type="java:org.apache.rampart.handler.WSDoAllHandler">
<parameter name="enableSignatureConfirmation"
value="false"/>
</handler>
<handler
type="java:org.apache.ws.axis.security.WSDoAllReceiver">
<parameter name="enableSignatureConfirmation"
value="false"/>
</handler>
</responseFlow>
<requestFlow>
<handler
type="java:org.apache.rampart.handler.WSDoAllReceiver">
<parameter name="enableSignatureConfirmation"
value="false"/>
</handler>
<handler
type="java:org.apache.rampart.handler.WSDoAllHandler">
<parameter name="enableSignatureConfirmation"
value="false"/>
</handler>
<handler
type="java:org.apache.ws.axis.security.WSDoAllReceiver">
<parameter name="enableSignatureConfirmation"
value="false"/>
</handler>
</requestFlow>
<globalConfiguration>
<parameter name="enableSignatureConfirmation"
value="false"/>
</globalConfiguration>
Re: Disabling signature confirmation
Posted by Alberto Patino <pa...@gmail.com>.
I found this services.xml sample in rampart source code:
Hope this help
<service name="PingPort">
<parameter locked="false"
name="ServiceClass">org.apache.axis2.oasis.ping.PingPortSkeleton</parameter>
<!--Mounting the method Ping-->
<operation name="Ping">
<messageReceiver
class="org.apache.axis2.oasis.ping.PingPortMessageReceiverInOut"/>
</operation>
<parameter name="InflowSecurity">
<action>
<items>Signature Encrypt Timestamp</items>
<passwordCallbackClass>org.apache.axis2.security.PWCallback</passwordCallbackClass>
<signaturePropFile>interop.properties</signaturePropFile>
<enableSignatureConfirmation>false</enableSignatureConfirmation>
</action>
</parameter>
<parameter name="OutflowSecurity">
<action>
<items>Signature Encrypt Timestamp</items>
<user>bob</user>
<passwordCallbackClass>org.apache.axis2.security.PWCallback</passwordCallbackClass>
<signaturePropFile>interop.properties</signaturePropFile>
<signatureKeyIdentifier>DirectReference</signatureKeyIdentifier>
<encryptionKeyIdentifier>SKIKeyIdentifier</encryptionKeyIdentifier>
<encryptionSymAlgorithm>http://www.w3.org/2001/04/xmlenc#tripledes-cbc</encryptionSymAlgorithm>
<encryptionUser>alice</encryptionUser>
<enableSignatureConfirmation>false</enableSignatureConfirmation>
</action>
</parameter>
</service>
On 8/24/07, Andrew Fielden <af...@tibco.com> wrote:
> Apologies if this was a dumb question, but I have spent some time
> dredging through the code, and tried various things to solve this
> problem. The documentation does not go into detail about this either.
> Do you need any further information to answer this question?
>
>
> > -----Original Message-----
> > From: Andrew Fielden [mailto:afielden@tibco.com]
> > Sent: 23 August 2007 17:25
> > To: rampart-dev@ws.apache.org
> > Subject: Disabling signature confirmation
> >
> > I've deployed a web service to Axis2. This web service uses Rampart.
> > The response SOAP message always contains a signature confirmation
> > token. I know that this is enabled by default, however I've tried
> > various things (listed below) in the services.xml to disable this.
> None
> > of these have disabled signature confirmation. This causes a problem
> > when my web service is invoked by e.g. Websphere, because it isn't
> > expecting the signature confirmation token to be present in the
> response
> > message. E.g.
> >
> > <wsse11:SignatureConfirmation xmlns:wsse11=....>
> >
> > I'm guessing I've specified the wrong handler to disable it. Could
> > someone please suggest how I can disable signature confirmation?
> >
> > Thanks.
> > Andrew.
> >
> > What I've tried so far..
> >
> > <responseFlow>
> > <handler
> > type="java:org.apache.rampart.handler.WSDoAllReceiver">
> > <parameter name="enableSignatureConfirmation"
> > value="false"/>
> > </handler>
> > <handler
> > type="java:org.apache.rampart.handler.WSDoAllHandler">
> > <parameter name="enableSignatureConfirmation"
> > value="false"/>
> > </handler>
> > <handler
> > type="java:org.apache.ws.axis.security.WSDoAllReceiver">
> > <parameter name="enableSignatureConfirmation"
> > value="false"/>
> > </handler>
> > </responseFlow>
> >
> > <requestFlow>
> > <handler
> > type="java:org.apache.rampart.handler.WSDoAllReceiver">
> > <parameter name="enableSignatureConfirmation"
> > value="false"/>
> > </handler>
> > <handler
> > type="java:org.apache.rampart.handler.WSDoAllHandler">
> > <parameter name="enableSignatureConfirmation"
> > value="false"/>
> > </handler>
> > <handler
> > type="java:org.apache.ws.axis.security.WSDoAllReceiver">
> > <parameter name="enableSignatureConfirmation"
> > value="false"/>
> > </handler>
> > </requestFlow>
> >
> > <globalConfiguration>
> > <parameter name="enableSignatureConfirmation"
> > value="false"/>
> > </globalConfiguration>
> >
>
>
--
Don't be evil!!!
RE: Disabling signature confirmation
Posted by Andrew Fielden <af...@tibco.com>.
Apologies if this was a dumb question, but I have spent some time
dredging through the code, and tried various things to solve this
problem. The documentation does not go into detail about this either.
Do you need any further information to answer this question?
> -----Original Message-----
> From: Andrew Fielden [mailto:afielden@tibco.com]
> Sent: 23 August 2007 17:25
> To: rampart-dev@ws.apache.org
> Subject: Disabling signature confirmation
>
> I've deployed a web service to Axis2. This web service uses Rampart.
> The response SOAP message always contains a signature confirmation
> token. I know that this is enabled by default, however I've tried
> various things (listed below) in the services.xml to disable this.
None
> of these have disabled signature confirmation. This causes a problem
> when my web service is invoked by e.g. Websphere, because it isn't
> expecting the signature confirmation token to be present in the
response
> message. E.g.
>
> <wsse11:SignatureConfirmation xmlns:wsse11=....>
>
> I'm guessing I've specified the wrong handler to disable it. Could
> someone please suggest how I can disable signature confirmation?
>
> Thanks.
> Andrew.
>
> What I've tried so far..
>
> <responseFlow>
> <handler
> type="java:org.apache.rampart.handler.WSDoAllReceiver">
> <parameter name="enableSignatureConfirmation"
> value="false"/>
> </handler>
> <handler
> type="java:org.apache.rampart.handler.WSDoAllHandler">
> <parameter name="enableSignatureConfirmation"
> value="false"/>
> </handler>
> <handler
> type="java:org.apache.ws.axis.security.WSDoAllReceiver">
> <parameter name="enableSignatureConfirmation"
> value="false"/>
> </handler>
> </responseFlow>
>
> <requestFlow>
> <handler
> type="java:org.apache.rampart.handler.WSDoAllReceiver">
> <parameter name="enableSignatureConfirmation"
> value="false"/>
> </handler>
> <handler
> type="java:org.apache.rampart.handler.WSDoAllHandler">
> <parameter name="enableSignatureConfirmation"
> value="false"/>
> </handler>
> <handler
> type="java:org.apache.ws.axis.security.WSDoAllReceiver">
> <parameter name="enableSignatureConfirmation"
> value="false"/>
> </handler>
> </requestFlow>
>
> <globalConfiguration>
> <parameter name="enableSignatureConfirmation"
> value="false"/>
> </globalConfiguration>
>