You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-user@axis.apache.org by Marcel Casado <ma...@ucar.edu> on 2006/11/07 21:12:29 UTC
Rampart problem with encryption
Hi,
I'm trying to secure services with Rampart encrypting the body of the
soap message. When the load on the body are pure xml elements with no
attributes works fine but when the load has elements with attributes
when they are decrypted the value is "null". The service was working
fine with out encryption.
I sent this before but I was not able to get much help. I'm stuck with
this and I need to get it working in a production system soon. Help
please, I'm kind of desperate. I told my boss that with axis2 and
Rampart will get secure services quite easily and I been stuck almost
for one month on this.
Example of load :
<AllowedValuesSet isStatic="true">
<NestedMap>
<MapEntry entryValue="Model Output" entryKey="model_output"/>
<MapEntry entryValue="Observation" entryKey="observation"/>
<NestedMap parentKey="observation">
<MapEntry entryValue="Station" entryKey="observation>station"/>
<NestedMap parentKey="observation>station">
<MapEntry entryValue="Lightning"
entryKey="observation>station>lightning"/>
<MapEntry entryValue="Mesowest/WMO"
entryKey="observation>station>wmo"/>
<MapEntry entryValue="Profiler"
entryKey="observation>station>profiler"/>
<MapEntry entryValue="SAMS" entryKey="observation>station>sams"/>
<MapEntry entryValue="Sounding"
entryKey="observation>station>sounding"/>
</NestedMap>
</NestedMap>
<NestedMap parentKey="model_output">
<MapEntry entryValue="MM5" entryKey="model_output>mm5"/>
<NestedMap parentKey="model_output>mm5">
<MapEntry entryValue="Forecast"
entryKey="model_output>mm5>forecast"/>
</NestedMap>
</NestedMap>
</NestedMap>
</AllowedValuesSet>
services.xml :
<!-- This file was auto-generated from WSDL -->
<!-- by the Apache Axis2 version: #axisVersion# #today# -->
<serviceGroup>
<service name="MetvaultMetadataService">
<messageReceivers>
<messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-out"
class="edu.ucar.rap.metvault.metvaultservice.version1_0.metadataservice.MetvaultMetadataServiceMessageReceiverInOut"/>
</messageReceivers>
<parameter name="ServiceClass" locked="false">
edu.ucar.rap.metvault.metvaultservice.version1_0.metadataservice.MetvaultMetadataServiceSkeleton</parameter>
<operation name="getAllowedValuesSet"
mep="http://www.w3.org/2004/08/wsdl/in-out">
<actionMapping>getAllowedValuesSet</actionMapping>
</operation>
<operation name="getMetadata"
mep="http://www.w3.org/2004/08/wsdl/in-out">
<actionMapping>getMetadata</actionMapping>
</operation>
<operation name="retrieveMetadata"
mep="http://www.w3.org/2004/08/wsdl/in-out">
<actionMapping>retrieveMetadata</actionMapping>
</operation>
<operation name="executeService"
mep="http://www.w3.org/2004/08/wsdl/in-out">
<actionMapping>executeService</actionMapping>
</operation>
<operation name="requestServiceSummary"
mep="http://www.w3.org/2004/08/wsdl/in-out">
<actionMapping>requestServiceSummary</actionMapping>
</operation>
<operation name="requestServiceResponse"
mep="http://www.w3.org/2004/08/wsdl/in-out">
<actionMapping>requestServiceResponse</actionMapping>
</operation>
<operation name="requestCrawlerStart"
mep="http://www.w3.org/2004/08/wsdl/in-out">
<actionMapping>requestCrawlerStart</actionMapping>
</operation>
<operation name="requestCrawlerStop"
mep="http://www.w3.org/2004/08/wsdl/in-out">
<actionMapping>requestCrawlerStop</actionMapping>
</operation>
<operation name="requestLogin"
mep="http://www.w3.org/2004/08/wsdl/in-out">
<actionMapping>requestLogin</actionMapping>
</operation>
<module ref="rampart"/>
<parameter name="OutflowSecurity">
<action>
<items>Timestamp Encrypt</items>
<passwordCallbackClass>edu.ucar.rap.metvault.metvaultservice.version1_0.metadataservice.PWCBHandler</passwordCallbackClass>
<encryptionPropFile>service.properties</encryptionPropFile>
<encryptionKeyIdentifier>IssuerSerial</encryptionKeyIdentifier>
<encryptionUser>client</encryptionUser>
</action>
</parameter>
<parameter name="InflowSecurity">
<action>
<items>UsernameToken Timestamp Encrypt</items>
<passwordCallbackClass>edu.ucar.rap.metvault.metvaultservice.version1_0.metadataservice.PWCBHandler</passwordCallbackClass>
<decryptionPropFile>service.properties</decryptionPropFile>
</action>
</parameter>
</service>
</serviceGroup>
client axis2.xml excerpt :
<module ref="rampart"/>
<parameter name="InflowSecurity">
<action>
<items>Timestamp Encrypt</items>
<passwordCallbackClass>edu.ucar.rap.metvault.metvaultservice.version1_0.metadataservice.PWCBHandler</passwordCallbackClass>
<decryptionPropFile>client.properties</decryptionPropFile>
</action>
</parameter>
<parameter name="OutflowSecurity">
<action>
<items>UsernameToken Timestamp Encrypt</items>
<passwordType>PasswordText</passwordType>
<signaturePropFile>client.properties</signaturePropFile>
<signatureKeyIdentifier>DirectReference</signatureKeyIdentifier>
<encryptionUser>service</encryptionUser>
<encryptionPropFile>client.properties</encryptionPropFile>
<encryptionIdentifier>IssuerSerial</encryptionIdentifier>
<encryptionParts>
{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}UsernameToken
</encryptionParts>
<! -- The user and password are set up on the client stub with an
instance of a pwcallbackHandle -->
<!-- <user>marcel</user> -->
<!--
<passwordCallbackClass>edu.ucar.rap.metvault.metvaultservice.version1_0.metadataservice.PWCBHandler</passwordCallbackClass>
-->
</action>
</parameter>
I got another question, how to configure a client for using
UsernameToken and Signature since they both use the <user> parameter and
in my case are different. Do I have to set up two actions ? Could you
send me an example of the setup on the client and on the service ?
Thanks in advance,
-Marcel
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org
Re: Rampart problem with encryption
Posted by Philipp Perner <ph...@healthgate.at>.
Hi marcel,
I'm just working on this.
I have a new post called "Encrypting Message Failure" from 11/30/06
where Mary Thompson perhaps provides some help.
You can participate posting there...
It seems that rampart module is not applicable at runtime for the client.
BTW: I am using rampart1.1-RC1 from 27.11.2006
But you should try the nightly builds of rampart with axis2-1.1 latest
builds.
philipp
Marcel Casado schrieb:
> Hi Philipp,
>
> I filed a jira http://issues.apache.org/jira/browse/AXIS2-1646 but it
> has not been taken care for anybody so I gave up until is fixed. Which
> version of Rampart are you using I stop updating Rampart nigthlies on
> 11/05/06 so I did not try the nightlies recently neither the Apache
> Rampart-1.1-RC1.
>
> Please let me know if you get some progress in the near future.
>
> -Marcel
>
>
> http://issues.apache.org/jira/browse/AXIS2-1646
>
>
> Philipp Perner wrote:
>> Hi,
>>
>> have you got this problem fixed, and how?
>> I am having the same problem now - encryption doesn't work, although
>> i have similar configuration like the rampart sample5.
>>
>>
>>
>> Marcel Casado schrieb:
>>> Hi,
>>>
>>> I'm trying to secure services with Rampart encrypting the body of
>>> the soap message. When the load on the body are pure xml elements
>>> with no attributes works fine but when the load has elements with
>>> attributes when they are decrypted the value is "null". The service
>>> was working fine with out encryption.
>>>
>>> I sent this before but I was not able to get much help. I'm stuck
>>> with this and I need to get it working in a production system soon.
>>> Help please, I'm kind of desperate. I told my boss that with axis2
>>> and Rampart will get secure services quite easily and I been stuck
>>> almost for one month on this.
>>>
>>>
>>> Example of load :
>>>
>>> <AllowedValuesSet isStatic="true">
>>> <NestedMap>
>>> <MapEntry entryValue="Model Output" entryKey="model_output"/>
>>> <MapEntry entryValue="Observation" entryKey="observation"/>
>>> <NestedMap parentKey="observation">
>>> <MapEntry entryValue="Station" entryKey="observation>station"/>
>>> <NestedMap parentKey="observation>station">
>>> <MapEntry entryValue="Lightning"
>>> entryKey="observation>station>lightning"/>
>>> <MapEntry entryValue="Mesowest/WMO"
>>> entryKey="observation>station>wmo"/>
>>> <MapEntry entryValue="Profiler"
>>> entryKey="observation>station>profiler"/>
>>> <MapEntry entryValue="SAMS"
>>> entryKey="observation>station>sams"/>
>>> <MapEntry entryValue="Sounding"
>>> entryKey="observation>station>sounding"/>
>>> </NestedMap>
>>> </NestedMap>
>>> <NestedMap parentKey="model_output">
>>> <MapEntry entryValue="MM5" entryKey="model_output>mm5"/>
>>> <NestedMap parentKey="model_output>mm5">
>>> <MapEntry entryValue="Forecast"
>>> entryKey="model_output>mm5>forecast"/>
>>> </NestedMap>
>>> </NestedMap>
>>> </NestedMap>
>>> </AllowedValuesSet>
>>>
>>>
>>> services.xml :
>>>
>>> <!-- This file was auto-generated from WSDL -->
>>> <!-- by the Apache Axis2 version: #axisVersion# #today# -->
>>> <serviceGroup>
>>> <service name="MetvaultMetadataService">
>>> <messageReceivers>
>>> <messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-out"
>>>
>>> class="edu.ucar.rap.metvault.metvaultservice.version1_0.metadataservice.MetvaultMetadataServiceMessageReceiverInOut"/>
>>>
>>> </messageReceivers>
>>> <parameter name="ServiceClass" locked="false">
>>>
>>> edu.ucar.rap.metvault.metvaultservice.version1_0.metadataservice.MetvaultMetadataServiceSkeleton</parameter>
>>>
>>> <operation name="getAllowedValuesSet"
>>> mep="http://www.w3.org/2004/08/wsdl/in-out">
>>> <actionMapping>getAllowedValuesSet</actionMapping>
>>> </operation>
>>> <operation name="getMetadata"
>>> mep="http://www.w3.org/2004/08/wsdl/in-out">
>>> <actionMapping>getMetadata</actionMapping>
>>> </operation>
>>> <operation name="retrieveMetadata"
>>> mep="http://www.w3.org/2004/08/wsdl/in-out">
>>> <actionMapping>retrieveMetadata</actionMapping>
>>> </operation>
>>> <operation name="executeService"
>>> mep="http://www.w3.org/2004/08/wsdl/in-out">
>>> <actionMapping>executeService</actionMapping>
>>> </operation>
>>> <operation name="requestServiceSummary"
>>> mep="http://www.w3.org/2004/08/wsdl/in-out">
>>> <actionMapping>requestServiceSummary</actionMapping>
>>> </operation>
>>> <operation name="requestServiceResponse"
>>> mep="http://www.w3.org/2004/08/wsdl/in-out">
>>> <actionMapping>requestServiceResponse</actionMapping>
>>> </operation>
>>> <operation name="requestCrawlerStart"
>>> mep="http://www.w3.org/2004/08/wsdl/in-out">
>>> <actionMapping>requestCrawlerStart</actionMapping>
>>> </operation>
>>> <operation name="requestCrawlerStop"
>>> mep="http://www.w3.org/2004/08/wsdl/in-out">
>>> <actionMapping>requestCrawlerStop</actionMapping>
>>> </operation>
>>> <operation name="requestLogin"
>>> mep="http://www.w3.org/2004/08/wsdl/in-out">
>>> <actionMapping>requestLogin</actionMapping>
>>> </operation>
>>> <module ref="rampart"/>
>>>
>>> <parameter name="OutflowSecurity">
>>> <action>
>>> <items>Timestamp Encrypt</items>
>>>
>>> <passwordCallbackClass>edu.ucar.rap.metvault.metvaultservice.version1_0.metadataservice.PWCBHandler</passwordCallbackClass>
>>>
>>> <encryptionPropFile>service.properties</encryptionPropFile>
>>> <encryptionKeyIdentifier>IssuerSerial</encryptionKeyIdentifier>
>>> <encryptionUser>client</encryptionUser>
>>> </action>
>>> </parameter>
>>>
>>> <parameter name="InflowSecurity">
>>> <action>
>>> <items>UsernameToken Timestamp Encrypt</items>
>>>
>>> <passwordCallbackClass>edu.ucar.rap.metvault.metvaultservice.version1_0.metadataservice.PWCBHandler</passwordCallbackClass>
>>>
>>> <decryptionPropFile>service.properties</decryptionPropFile>
>>> </action>
>>> </parameter>
>>>
>>> </service>
>>> </serviceGroup>
>>>
>>>
>>> client axis2.xml excerpt :
>>>
>>> <module ref="rampart"/>
>>>
>>>
>>> <parameter name="InflowSecurity">
>>> <action>
>>> <items>Timestamp Encrypt</items>
>>>
>>> <passwordCallbackClass>edu.ucar.rap.metvault.metvaultservice.version1_0.metadataservice.PWCBHandler</passwordCallbackClass>
>>>
>>> <decryptionPropFile>client.properties</decryptionPropFile>
>>> </action>
>>> </parameter>
>>>
>>>
>>> <parameter name="OutflowSecurity">
>>> <action>
>>> <items>UsernameToken Timestamp Encrypt</items>
>>> <passwordType>PasswordText</passwordType>
>>> <signaturePropFile>client.properties</signaturePropFile>
>>> <signatureKeyIdentifier>DirectReference</signatureKeyIdentifier>
>>> <encryptionUser>service</encryptionUser>
>>> <encryptionPropFile>client.properties</encryptionPropFile>
>>> <encryptionIdentifier>IssuerSerial</encryptionIdentifier>
>>> <encryptionParts>
>>>
>>> {Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}UsernameToken
>>>
>>> </encryptionParts>
>>> <! -- The user and password are set up on the client stub with
>>> an instance of a pwcallbackHandle -->
>>> <!-- <user>marcel</user> -->
>>> <!--
>>> <passwordCallbackClass>edu.ucar.rap.metvault.metvaultservice.version1_0.metadataservice.PWCBHandler</passwordCallbackClass>
>>> -->
>>> </action>
>>>
>>> </parameter>
>>>
>>>
>>> I got another question, how to configure a client for using
>>> UsernameToken and Signature since they both use the <user> parameter
>>> and in my case are different. Do I have to set up two actions ?
>>> Could you send me an example of the setup on the client and on the
>>> service ?
>>>
>>>
>>> Thanks in advance,
>>>
>>> -Marcel
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
>>> For additional commands, e-mail: axis-user-help@ws.apache.org
>>>
>>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
>> For additional commands, e-mail: axis-user-help@ws.apache.org
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-user-help@ws.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org
Re: Rampart problem with encryption
Posted by Marcel Casado <ma...@ucar.edu>.
Hi Philipp,
I filed a jira http://issues.apache.org/jira/browse/AXIS2-1646 but it
has not been taken care for anybody so I gave up until is fixed. Which
version of Rampart are you using I stop updating Rampart nigthlies on
11/05/06 so I did not try the nightlies recently neither the Apache
Rampart-1.1-RC1.
Please let me know if you get some progress in the near future.
-Marcel
http://issues.apache.org/jira/browse/AXIS2-1646
Philipp Perner wrote:
> Hi,
>
> have you got this problem fixed, and how?
> I am having the same problem now - encryption doesn't work, although i
> have similar configuration like the rampart sample5.
>
>
>
> Marcel Casado schrieb:
>> Hi,
>>
>> I'm trying to secure services with Rampart encrypting the body of the
>> soap message. When the load on the body are pure xml elements with no
>> attributes works fine but when the load has elements with attributes
>> when they are decrypted the value is "null". The service was working
>> fine with out encryption.
>>
>> I sent this before but I was not able to get much help. I'm stuck
>> with this and I need to get it working in a production system soon.
>> Help please, I'm kind of desperate. I told my boss that with axis2
>> and Rampart will get secure services quite easily and I been stuck
>> almost for one month on this.
>>
>>
>> Example of load :
>>
>> <AllowedValuesSet isStatic="true">
>> <NestedMap>
>> <MapEntry entryValue="Model Output" entryKey="model_output"/>
>> <MapEntry entryValue="Observation" entryKey="observation"/>
>> <NestedMap parentKey="observation">
>> <MapEntry entryValue="Station" entryKey="observation>station"/>
>> <NestedMap parentKey="observation>station">
>> <MapEntry entryValue="Lightning"
>> entryKey="observation>station>lightning"/>
>> <MapEntry entryValue="Mesowest/WMO"
>> entryKey="observation>station>wmo"/>
>> <MapEntry entryValue="Profiler"
>> entryKey="observation>station>profiler"/>
>> <MapEntry entryValue="SAMS" entryKey="observation>station>sams"/>
>> <MapEntry entryValue="Sounding"
>> entryKey="observation>station>sounding"/>
>> </NestedMap>
>> </NestedMap>
>> <NestedMap parentKey="model_output">
>> <MapEntry entryValue="MM5" entryKey="model_output>mm5"/>
>> <NestedMap parentKey="model_output>mm5">
>> <MapEntry entryValue="Forecast"
>> entryKey="model_output>mm5>forecast"/>
>> </NestedMap>
>> </NestedMap>
>> </NestedMap>
>> </AllowedValuesSet>
>>
>>
>> services.xml :
>>
>> <!-- This file was auto-generated from WSDL -->
>> <!-- by the Apache Axis2 version: #axisVersion# #today# -->
>> <serviceGroup>
>> <service name="MetvaultMetadataService">
>> <messageReceivers>
>> <messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-out"
>>
>> class="edu.ucar.rap.metvault.metvaultservice.version1_0.metadataservice.MetvaultMetadataServiceMessageReceiverInOut"/>
>>
>> </messageReceivers>
>> <parameter name="ServiceClass" locked="false">
>>
>> edu.ucar.rap.metvault.metvaultservice.version1_0.metadataservice.MetvaultMetadataServiceSkeleton</parameter>
>>
>> <operation name="getAllowedValuesSet"
>> mep="http://www.w3.org/2004/08/wsdl/in-out">
>> <actionMapping>getAllowedValuesSet</actionMapping>
>> </operation>
>> <operation name="getMetadata"
>> mep="http://www.w3.org/2004/08/wsdl/in-out">
>> <actionMapping>getMetadata</actionMapping>
>> </operation>
>> <operation name="retrieveMetadata"
>> mep="http://www.w3.org/2004/08/wsdl/in-out">
>> <actionMapping>retrieveMetadata</actionMapping>
>> </operation>
>> <operation name="executeService"
>> mep="http://www.w3.org/2004/08/wsdl/in-out">
>> <actionMapping>executeService</actionMapping>
>> </operation>
>> <operation name="requestServiceSummary"
>> mep="http://www.w3.org/2004/08/wsdl/in-out">
>> <actionMapping>requestServiceSummary</actionMapping>
>> </operation>
>> <operation name="requestServiceResponse"
>> mep="http://www.w3.org/2004/08/wsdl/in-out">
>> <actionMapping>requestServiceResponse</actionMapping>
>> </operation>
>> <operation name="requestCrawlerStart"
>> mep="http://www.w3.org/2004/08/wsdl/in-out">
>> <actionMapping>requestCrawlerStart</actionMapping>
>> </operation>
>> <operation name="requestCrawlerStop"
>> mep="http://www.w3.org/2004/08/wsdl/in-out">
>> <actionMapping>requestCrawlerStop</actionMapping>
>> </operation>
>> <operation name="requestLogin"
>> mep="http://www.w3.org/2004/08/wsdl/in-out">
>> <actionMapping>requestLogin</actionMapping>
>> </operation>
>> <module ref="rampart"/>
>>
>> <parameter name="OutflowSecurity">
>> <action>
>> <items>Timestamp Encrypt</items>
>>
>> <passwordCallbackClass>edu.ucar.rap.metvault.metvaultservice.version1_0.metadataservice.PWCBHandler</passwordCallbackClass>
>>
>> <encryptionPropFile>service.properties</encryptionPropFile>
>> <encryptionKeyIdentifier>IssuerSerial</encryptionKeyIdentifier>
>> <encryptionUser>client</encryptionUser>
>> </action>
>> </parameter>
>>
>> <parameter name="InflowSecurity">
>> <action>
>> <items>UsernameToken Timestamp Encrypt</items>
>>
>> <passwordCallbackClass>edu.ucar.rap.metvault.metvaultservice.version1_0.metadataservice.PWCBHandler</passwordCallbackClass>
>>
>> <decryptionPropFile>service.properties</decryptionPropFile>
>> </action>
>> </parameter>
>>
>> </service>
>> </serviceGroup>
>>
>>
>> client axis2.xml excerpt :
>>
>> <module ref="rampart"/>
>>
>>
>> <parameter name="InflowSecurity">
>> <action>
>> <items>Timestamp Encrypt</items>
>>
>> <passwordCallbackClass>edu.ucar.rap.metvault.metvaultservice.version1_0.metadataservice.PWCBHandler</passwordCallbackClass>
>>
>> <decryptionPropFile>client.properties</decryptionPropFile>
>> </action>
>> </parameter>
>>
>>
>> <parameter name="OutflowSecurity">
>> <action>
>> <items>UsernameToken Timestamp Encrypt</items>
>> <passwordType>PasswordText</passwordType>
>> <signaturePropFile>client.properties</signaturePropFile>
>> <signatureKeyIdentifier>DirectReference</signatureKeyIdentifier>
>> <encryptionUser>service</encryptionUser>
>> <encryptionPropFile>client.properties</encryptionPropFile>
>> <encryptionIdentifier>IssuerSerial</encryptionIdentifier>
>> <encryptionParts>
>>
>> {Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}UsernameToken
>>
>> </encryptionParts>
>> <! -- The user and password are set up on the client stub with
>> an instance of a pwcallbackHandle -->
>> <!-- <user>marcel</user> -->
>> <!--
>> <passwordCallbackClass>edu.ucar.rap.metvault.metvaultservice.version1_0.metadataservice.PWCBHandler</passwordCallbackClass>
>> -->
>> </action>
>>
>> </parameter>
>>
>>
>> I got another question, how to configure a client for using
>> UsernameToken and Signature since they both use the <user> parameter
>> and in my case are different. Do I have to set up two actions ?
>> Could you send me an example of the setup on the client and on the
>> service ?
>>
>>
>> Thanks in advance,
>>
>> -Marcel
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
>> For additional commands, e-mail: axis-user-help@ws.apache.org
>>
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-user-help@ws.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org
Re: Rampart problem with encryption
Posted by Philipp Perner <ph...@healthgate.at>.
Hi,
have you got this problem fixed, and how?
I am having the same problem now - encryption doesn't work, although i
have similar configuration like the rampart sample5.
Marcel Casado schrieb:
> Hi,
>
> I'm trying to secure services with Rampart encrypting the body of the
> soap message. When the load on the body are pure xml elements with no
> attributes works fine but when the load has elements with attributes
> when they are decrypted the value is "null". The service was working
> fine with out encryption.
>
> I sent this before but I was not able to get much help. I'm stuck with
> this and I need to get it working in a production system soon. Help
> please, I'm kind of desperate. I told my boss that with axis2 and
> Rampart will get secure services quite easily and I been stuck almost
> for one month on this.
>
>
> Example of load :
>
> <AllowedValuesSet isStatic="true">
> <NestedMap>
> <MapEntry entryValue="Model Output" entryKey="model_output"/>
> <MapEntry entryValue="Observation" entryKey="observation"/>
> <NestedMap parentKey="observation">
> <MapEntry entryValue="Station" entryKey="observation>station"/>
> <NestedMap parentKey="observation>station">
> <MapEntry entryValue="Lightning"
> entryKey="observation>station>lightning"/>
> <MapEntry entryValue="Mesowest/WMO"
> entryKey="observation>station>wmo"/>
> <MapEntry entryValue="Profiler"
> entryKey="observation>station>profiler"/>
> <MapEntry entryValue="SAMS" entryKey="observation>station>sams"/>
> <MapEntry entryValue="Sounding"
> entryKey="observation>station>sounding"/>
> </NestedMap>
> </NestedMap>
> <NestedMap parentKey="model_output">
> <MapEntry entryValue="MM5" entryKey="model_output>mm5"/>
> <NestedMap parentKey="model_output>mm5">
> <MapEntry entryValue="Forecast"
> entryKey="model_output>mm5>forecast"/>
> </NestedMap>
> </NestedMap>
> </NestedMap>
> </AllowedValuesSet>
>
>
> services.xml :
>
> <!-- This file was auto-generated from WSDL -->
> <!-- by the Apache Axis2 version: #axisVersion# #today# -->
> <serviceGroup>
> <service name="MetvaultMetadataService">
> <messageReceivers>
> <messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-out"
>
> class="edu.ucar.rap.metvault.metvaultservice.version1_0.metadataservice.MetvaultMetadataServiceMessageReceiverInOut"/>
>
> </messageReceivers>
> <parameter name="ServiceClass" locked="false">
>
> edu.ucar.rap.metvault.metvaultservice.version1_0.metadataservice.MetvaultMetadataServiceSkeleton</parameter>
>
> <operation name="getAllowedValuesSet"
> mep="http://www.w3.org/2004/08/wsdl/in-out">
> <actionMapping>getAllowedValuesSet</actionMapping>
> </operation>
> <operation name="getMetadata"
> mep="http://www.w3.org/2004/08/wsdl/in-out">
> <actionMapping>getMetadata</actionMapping>
> </operation>
> <operation name="retrieveMetadata"
> mep="http://www.w3.org/2004/08/wsdl/in-out">
> <actionMapping>retrieveMetadata</actionMapping>
> </operation>
> <operation name="executeService"
> mep="http://www.w3.org/2004/08/wsdl/in-out">
> <actionMapping>executeService</actionMapping>
> </operation>
> <operation name="requestServiceSummary"
> mep="http://www.w3.org/2004/08/wsdl/in-out">
> <actionMapping>requestServiceSummary</actionMapping>
> </operation>
> <operation name="requestServiceResponse"
> mep="http://www.w3.org/2004/08/wsdl/in-out">
> <actionMapping>requestServiceResponse</actionMapping>
> </operation>
> <operation name="requestCrawlerStart"
> mep="http://www.w3.org/2004/08/wsdl/in-out">
> <actionMapping>requestCrawlerStart</actionMapping>
> </operation>
> <operation name="requestCrawlerStop"
> mep="http://www.w3.org/2004/08/wsdl/in-out">
> <actionMapping>requestCrawlerStop</actionMapping>
> </operation>
> <operation name="requestLogin"
> mep="http://www.w3.org/2004/08/wsdl/in-out">
> <actionMapping>requestLogin</actionMapping>
> </operation>
> <module ref="rampart"/>
>
> <parameter name="OutflowSecurity">
> <action>
> <items>Timestamp Encrypt</items>
>
> <passwordCallbackClass>edu.ucar.rap.metvault.metvaultservice.version1_0.metadataservice.PWCBHandler</passwordCallbackClass>
>
> <encryptionPropFile>service.properties</encryptionPropFile>
> <encryptionKeyIdentifier>IssuerSerial</encryptionKeyIdentifier>
> <encryptionUser>client</encryptionUser>
> </action>
> </parameter>
>
> <parameter name="InflowSecurity">
> <action>
> <items>UsernameToken Timestamp Encrypt</items>
>
> <passwordCallbackClass>edu.ucar.rap.metvault.metvaultservice.version1_0.metadataservice.PWCBHandler</passwordCallbackClass>
>
> <decryptionPropFile>service.properties</decryptionPropFile>
> </action>
> </parameter>
>
> </service>
> </serviceGroup>
>
>
> client axis2.xml excerpt :
>
> <module ref="rampart"/>
>
>
> <parameter name="InflowSecurity">
> <action>
> <items>Timestamp Encrypt</items>
>
> <passwordCallbackClass>edu.ucar.rap.metvault.metvaultservice.version1_0.metadataservice.PWCBHandler</passwordCallbackClass>
>
> <decryptionPropFile>client.properties</decryptionPropFile>
> </action>
> </parameter>
>
>
> <parameter name="OutflowSecurity">
> <action>
> <items>UsernameToken Timestamp Encrypt</items>
> <passwordType>PasswordText</passwordType>
> <signaturePropFile>client.properties</signaturePropFile>
> <signatureKeyIdentifier>DirectReference</signatureKeyIdentifier>
> <encryptionUser>service</encryptionUser>
> <encryptionPropFile>client.properties</encryptionPropFile>
> <encryptionIdentifier>IssuerSerial</encryptionIdentifier>
> <encryptionParts>
>
> {Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}UsernameToken
>
> </encryptionParts>
> <! -- The user and password are set up on the client stub with an
> instance of a pwcallbackHandle -->
> <!-- <user>marcel</user> -->
> <!--
> <passwordCallbackClass>edu.ucar.rap.metvault.metvaultservice.version1_0.metadataservice.PWCBHandler</passwordCallbackClass>
> -->
> </action>
>
> </parameter>
>
>
> I got another question, how to configure a client for using
> UsernameToken and Signature since they both use the <user> parameter
> and in my case are different. Do I have to set up two actions ? Could
> you send me an example of the setup on the client and on the service ?
>
>
> Thanks in advance,
>
> -Marcel
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-user-help@ws.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org