You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-user@axis.apache.org by Mi...@servicecanada.gc.ca on 2007/07/06 20:28:13 UTC
Rampart configuration question
Hi,
I'm trying to use Rampart to encrypt my message body using a symetric secret key.
Sample 9, included with the Rampart distibution, does just this. The actual key is hard-coded in a callback function both on the client and the server. My understanding is that the key is the only piece of data needed to encode the message.
I was wondering why this part of the client config file:
<action>
<items>Encrypt</items>
<user>client</user>
<encryptionKeyIdentifier>EmbeddedKeyName</encryptionKeyIdentifier>
<EmbeddedKeyCallbackClass>org.apache.rampart.samples.sample09.PWCBHandler</EmbeddedKeyCallbackClass>
<encryptionPropFile>client.properties</encryptionPropFile>
<EmbeddedKeyName>SessionKey</EmbeddedKeyName>
</action>
contains the encryptionPropFile property. The said property file contains this:
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=apache
org.apache.ws.security.crypto.merlin.file=client.jks
Now, I can see why we need to configure the provider class. But why does Rampart need the keystore? I'm not using public/private keys or certificates, just one secret key.
The code works, but I'd like to simplify it as much as possible. The properties and keystore files shouldn't be necessary, unless I'm misunderstanding something.
Many thanks
Michael Davis
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org
RE: Rampart configuration question
Posted by Mi...@servicecanada.gc.ca.
Hi again,
I figured out that there are just a couple of classes in wssj4 that depend on axis 1. I removed them, and commented out the code I listed below from WSHandler, rebuilt wss4j, and now it works - I can encode my message without a properties file or keystore file.
cheers,
md
> -----Original Message-----
> From: Davis, Michael
> Sent: Tuesday, July 10, 2007 10:05 AM
> To: 'axis-user@ws.apache.org'
> Cc: 'rampart-dev@ws.apache.org'; wss4j-dev@ws.apache.org
> Subject: RE: Rampart configuration question
>
>
> Thanks Ruchith,
>
> Sorry everyone for crossposting, but I just now became aware
> that there is a rampart mailing list. I also realize that the
> source of the problem is in wss4j code. So I won't post
> further replies to the axis list. And for the people on the
> rampart and wss4j lists: should I post replies to both lists?
>
> Anyway, I did try removing the encryptionPropFile entry, and
> it threw an exception.
>
> org.apache.rampart.handler.WSDoAllHander
> extends
> org.apache.ws.security.handler.WSHandler
> from wss4j, and in that file, at around line 420 is this code:
>
> else if ((crypto = reqData.getSigCrypto()) == null) {
> throw new WSSecurityException(
> "WSHandler: Encryption: no crypto property file");
> }
>
> I tried to comment out that code and rebuild wss4j, but some
> of that library's classes depend on axis1, and I'm trying to
> compile against axis2, so I'm running into problems.
>
> cheers,
> md
>
>
> > -----Original Message-----
> > From: Ruchith Fernando [mailto:ruchith.fernando@gmail.com]
> > Sent: Tuesday, July 10, 2007 5:07 AM
> > To: axis-user@ws.apache.org
> > Subject: Re: Rampart configuration question
> >
> >
> > I agree we should not require the
> > "<encryptionPropFile>client.properties</encryptionPropFile>" entry.
> >
> > Can you please try removing it?
> >
> > Thanks,
> > Ruchith
> >
> > On 7/6/07, Michael.Davis@servicecanada.gc.ca
> > <Mi...@servicecanada.gc.ca> wrote:
> > > Hi,
> > >
> > > I'm trying to use Rampart to encrypt my message body using
> > a symetric secret key.
> > >
> > > Sample 9, included with the Rampart distibution, does just
> > this. The actual key is hard-coded in a callback function
> > both on the client and the server. My understanding is that
> > the key is the only piece of data needed to encode the message.
> > >
> > > I was wondering why this part of the client config file:
> > >
> > > <action>
> > > <items>Encrypt</items>
> > > <user>client</user>
> > >
> > <encryptionKeyIdentifier>EmbeddedKeyName</encryptionKeyIdentifier>
> > >
> > <EmbeddedKeyCallbackClass>org.apache.rampart.samples.sample09.
> > PWCBHandler</EmbeddedKeyCallbackClass>
> > >
> > <encryptionPropFile>client.properties</encryptionPropFile>
> > > <EmbeddedKeyName>SessionKey</EmbeddedKeyName>
> > > </action>
> > >
> > > contains the encryptionPropFile property. The said property
> > file contains this:
> > >
> > >
> > org.apache.ws.security.crypto.provider=org.apache.ws.security.
> > components.crypto.Merlin
> > > org.apache.ws.security.crypto.merlin.keystore.type=jks
> > > org.apache.ws.security.crypto.merlin.keystore.password=apache
> > > org.apache.ws.security.crypto.merlin.file=client.jks
> > >
> > > Now, I can see why we need to configure the provider class.
> > But why does Rampart need the keystore? I'm not using
> > public/private keys or certificates, just one secret key.
> > >
> > > The code works, but I'd like to simplify it as much as
> > possible. The properties and keystore files shouldn't be
> > necessary, unless I'm misunderstanding something.
> > >
> > > Many thanks
> > > Michael Davis
> > >
> > >
> >
> ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> > > For additional commands, e-mail: axis-user-help@ws.apache.org
> > >
> > >
> >
> >
> > --
> > www.ruchith.org
> > www.wso2.org
> >
> >
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> > For additional commands, e-mail: axis-user-help@ws.apache.org
> >
> >
>
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
RE: Rampart configuration question
Posted by Mi...@servicecanada.gc.ca.
Hi again,
I figured out that there are just a couple of classes in wssj4 that depend on axis 1. I removed them, and commented out the code I listed below from WSHandler, rebuilt wss4j, and now it works - I can encode my message without a properties file or keystore file.
cheers,
md
> -----Original Message-----
> From: Davis, Michael
> Sent: Tuesday, July 10, 2007 10:05 AM
> To: 'axis-user@ws.apache.org'
> Cc: 'rampart-dev@ws.apache.org'; wss4j-dev@ws.apache.org
> Subject: RE: Rampart configuration question
>
>
> Thanks Ruchith,
>
> Sorry everyone for crossposting, but I just now became aware
> that there is a rampart mailing list. I also realize that the
> source of the problem is in wss4j code. So I won't post
> further replies to the axis list. And for the people on the
> rampart and wss4j lists: should I post replies to both lists?
>
> Anyway, I did try removing the encryptionPropFile entry, and
> it threw an exception.
>
> org.apache.rampart.handler.WSDoAllHander
> extends
> org.apache.ws.security.handler.WSHandler
> from wss4j, and in that file, at around line 420 is this code:
>
> else if ((crypto = reqData.getSigCrypto()) == null) {
> throw new WSSecurityException(
> "WSHandler: Encryption: no crypto property file");
> }
>
> I tried to comment out that code and rebuild wss4j, but some
> of that library's classes depend on axis1, and I'm trying to
> compile against axis2, so I'm running into problems.
>
> cheers,
> md
>
>
> > -----Original Message-----
> > From: Ruchith Fernando [mailto:ruchith.fernando@gmail.com]
> > Sent: Tuesday, July 10, 2007 5:07 AM
> > To: axis-user@ws.apache.org
> > Subject: Re: Rampart configuration question
> >
> >
> > I agree we should not require the
> > "<encryptionPropFile>client.properties</encryptionPropFile>" entry.
> >
> > Can you please try removing it?
> >
> > Thanks,
> > Ruchith
> >
> > On 7/6/07, Michael.Davis@servicecanada.gc.ca
> > <Mi...@servicecanada.gc.ca> wrote:
> > > Hi,
> > >
> > > I'm trying to use Rampart to encrypt my message body using
> > a symetric secret key.
> > >
> > > Sample 9, included with the Rampart distibution, does just
> > this. The actual key is hard-coded in a callback function
> > both on the client and the server. My understanding is that
> > the key is the only piece of data needed to encode the message.
> > >
> > > I was wondering why this part of the client config file:
> > >
> > > <action>
> > > <items>Encrypt</items>
> > > <user>client</user>
> > >
> > <encryptionKeyIdentifier>EmbeddedKeyName</encryptionKeyIdentifier>
> > >
> > <EmbeddedKeyCallbackClass>org.apache.rampart.samples.sample09.
> > PWCBHandler</EmbeddedKeyCallbackClass>
> > >
> > <encryptionPropFile>client.properties</encryptionPropFile>
> > > <EmbeddedKeyName>SessionKey</EmbeddedKeyName>
> > > </action>
> > >
> > > contains the encryptionPropFile property. The said property
> > file contains this:
> > >
> > >
> > org.apache.ws.security.crypto.provider=org.apache.ws.security.
> > components.crypto.Merlin
> > > org.apache.ws.security.crypto.merlin.keystore.type=jks
> > > org.apache.ws.security.crypto.merlin.keystore.password=apache
> > > org.apache.ws.security.crypto.merlin.file=client.jks
> > >
> > > Now, I can see why we need to configure the provider class.
> > But why does Rampart need the keystore? I'm not using
> > public/private keys or certificates, just one secret key.
> > >
> > > The code works, but I'd like to simplify it as much as
> > possible. The properties and keystore files shouldn't be
> > necessary, unless I'm misunderstanding something.
> > >
> > > Many thanks
> > > Michael Davis
> > >
> > >
> >
> ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> > > For additional commands, e-mail: axis-user-help@ws.apache.org
> > >
> > >
> >
> >
> > --
> > www.ruchith.org
> > www.wso2.org
> >
> >
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> > For additional commands, e-mail: axis-user-help@ws.apache.org
> >
> >
>
RE: Rampart configuration question
Posted by Mi...@servicecanada.gc.ca.
Thanks Ruchith,
Sorry everyone for crossposting, but I just now became aware that there is a rampart mailing list. I also realize that the source of the problem is in wss4j code. So I won't post further replies to the axis list. And for the people on the rampart and wss4j lists: should I post replies to both lists?
Anyway, I did try removing the encryptionPropFile entry, and it threw an exception.
org.apache.rampart.handler.WSDoAllHander
extends
org.apache.ws.security.handler.WSHandler
from wss4j, and in that file, at around line 420 is this code:
else if ((crypto = reqData.getSigCrypto()) == null) {
throw new WSSecurityException(
"WSHandler: Encryption: no crypto property file");
}
I tried to comment out that code and rebuild wss4j, but some of that library's classes depend on axis1, and I'm trying to compile against axis2, so I'm running into problems.
cheers,
md
> -----Original Message-----
> From: Ruchith Fernando [mailto:ruchith.fernando@gmail.com]
> Sent: Tuesday, July 10, 2007 5:07 AM
> To: axis-user@ws.apache.org
> Subject: Re: Rampart configuration question
>
>
> I agree we should not require the
> "<encryptionPropFile>client.properties</encryptionPropFile>" entry.
>
> Can you please try removing it?
>
> Thanks,
> Ruchith
>
> On 7/6/07, Michael.Davis@servicecanada.gc.ca
> <Mi...@servicecanada.gc.ca> wrote:
> > Hi,
> >
> > I'm trying to use Rampart to encrypt my message body using
> a symetric secret key.
> >
> > Sample 9, included with the Rampart distibution, does just
> this. The actual key is hard-coded in a callback function
> both on the client and the server. My understanding is that
> the key is the only piece of data needed to encode the message.
> >
> > I was wondering why this part of the client config file:
> >
> > <action>
> > <items>Encrypt</items>
> > <user>client</user>
> >
> <encryptionKeyIdentifier>EmbeddedKeyName</encryptionKeyIdentifier>
> >
> <EmbeddedKeyCallbackClass>org.apache.rampart.samples.sample09.
> PWCBHandler</EmbeddedKeyCallbackClass>
> >
> <encryptionPropFile>client.properties</encryptionPropFile>
> > <EmbeddedKeyName>SessionKey</EmbeddedKeyName>
> > </action>
> >
> > contains the encryptionPropFile property. The said property
> file contains this:
> >
> >
> org.apache.ws.security.crypto.provider=org.apache.ws.security.
> components.crypto.Merlin
> > org.apache.ws.security.crypto.merlin.keystore.type=jks
> > org.apache.ws.security.crypto.merlin.keystore.password=apache
> > org.apache.ws.security.crypto.merlin.file=client.jks
> >
> > Now, I can see why we need to configure the provider class.
> But why does Rampart need the keystore? I'm not using
> public/private keys or certificates, just one secret key.
> >
> > The code works, but I'd like to simplify it as much as
> possible. The properties and keystore files shouldn't be
> necessary, unless I'm misunderstanding something.
> >
> > Many thanks
> > Michael Davis
> >
> >
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> > For additional commands, e-mail: axis-user-help@ws.apache.org
> >
> >
>
>
> --
> www.ruchith.org
> www.wso2.org
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-user-help@ws.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
RE: Rampart configuration question
Posted by Mi...@servicecanada.gc.ca.
Thanks Ruchith,
Sorry everyone for crossposting, but I just now became aware that there is a rampart mailing list. I also realize that the source of the problem is in wss4j code. So I won't post further replies to the axis list. And for the people on the rampart and wss4j lists: should I post replies to both lists?
Anyway, I did try removing the encryptionPropFile entry, and it threw an exception.
org.apache.rampart.handler.WSDoAllHander
extends
org.apache.ws.security.handler.WSHandler
from wss4j, and in that file, at around line 420 is this code:
else if ((crypto = reqData.getSigCrypto()) == null) {
throw new WSSecurityException(
"WSHandler: Encryption: no crypto property file");
}
I tried to comment out that code and rebuild wss4j, but some of that library's classes depend on axis1, and I'm trying to compile against axis2, so I'm running into problems.
cheers,
md
> -----Original Message-----
> From: Ruchith Fernando [mailto:ruchith.fernando@gmail.com]
> Sent: Tuesday, July 10, 2007 5:07 AM
> To: axis-user@ws.apache.org
> Subject: Re: Rampart configuration question
>
>
> I agree we should not require the
> "<encryptionPropFile>client.properties</encryptionPropFile>" entry.
>
> Can you please try removing it?
>
> Thanks,
> Ruchith
>
> On 7/6/07, Michael.Davis@servicecanada.gc.ca
> <Mi...@servicecanada.gc.ca> wrote:
> > Hi,
> >
> > I'm trying to use Rampart to encrypt my message body using
> a symetric secret key.
> >
> > Sample 9, included with the Rampart distibution, does just
> this. The actual key is hard-coded in a callback function
> both on the client and the server. My understanding is that
> the key is the only piece of data needed to encode the message.
> >
> > I was wondering why this part of the client config file:
> >
> > <action>
> > <items>Encrypt</items>
> > <user>client</user>
> >
> <encryptionKeyIdentifier>EmbeddedKeyName</encryptionKeyIdentifier>
> >
> <EmbeddedKeyCallbackClass>org.apache.rampart.samples.sample09.
> PWCBHandler</EmbeddedKeyCallbackClass>
> >
> <encryptionPropFile>client.properties</encryptionPropFile>
> > <EmbeddedKeyName>SessionKey</EmbeddedKeyName>
> > </action>
> >
> > contains the encryptionPropFile property. The said property
> file contains this:
> >
> >
> org.apache.ws.security.crypto.provider=org.apache.ws.security.
> components.crypto.Merlin
> > org.apache.ws.security.crypto.merlin.keystore.type=jks
> > org.apache.ws.security.crypto.merlin.keystore.password=apache
> > org.apache.ws.security.crypto.merlin.file=client.jks
> >
> > Now, I can see why we need to configure the provider class.
> But why does Rampart need the keystore? I'm not using
> public/private keys or certificates, just one secret key.
> >
> > The code works, but I'd like to simplify it as much as
> possible. The properties and keystore files shouldn't be
> necessary, unless I'm misunderstanding something.
> >
> > Many thanks
> > Michael Davis
> >
> >
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> > For additional commands, e-mail: axis-user-help@ws.apache.org
> >
> >
>
>
> --
> www.ruchith.org
> www.wso2.org
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-user-help@ws.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org
RE: Rampart configuration question
Posted by Mi...@servicecanada.gc.ca.
Thanks Ruchith,
Sorry everyone for crossposting, but I just now became aware that there is a rampart mailing list. I also realize that the source of the problem is in wss4j code. So I won't post further replies to the axis list. And for the people on the rampart and wss4j lists: should I post replies to both lists?
Anyway, I did try removing the encryptionPropFile entry, and it threw an exception.
org.apache.rampart.handler.WSDoAllHander
extends
org.apache.ws.security.handler.WSHandler
from wss4j, and in that file, at around line 420 is this code:
else if ((crypto = reqData.getSigCrypto()) == null) {
throw new WSSecurityException(
"WSHandler: Encryption: no crypto property file");
}
I tried to comment out that code and rebuild wss4j, but some of that library's classes depend on axis1, and I'm trying to compile against axis2, so I'm running into problems.
cheers,
md
> -----Original Message-----
> From: Ruchith Fernando [mailto:ruchith.fernando@gmail.com]
> Sent: Tuesday, July 10, 2007 5:07 AM
> To: axis-user@ws.apache.org
> Subject: Re: Rampart configuration question
>
>
> I agree we should not require the
> "<encryptionPropFile>client.properties</encryptionPropFile>" entry.
>
> Can you please try removing it?
>
> Thanks,
> Ruchith
>
> On 7/6/07, Michael.Davis@servicecanada.gc.ca
> <Mi...@servicecanada.gc.ca> wrote:
> > Hi,
> >
> > I'm trying to use Rampart to encrypt my message body using
> a symetric secret key.
> >
> > Sample 9, included with the Rampart distibution, does just
> this. The actual key is hard-coded in a callback function
> both on the client and the server. My understanding is that
> the key is the only piece of data needed to encode the message.
> >
> > I was wondering why this part of the client config file:
> >
> > <action>
> > <items>Encrypt</items>
> > <user>client</user>
> >
> <encryptionKeyIdentifier>EmbeddedKeyName</encryptionKeyIdentifier>
> >
> <EmbeddedKeyCallbackClass>org.apache.rampart.samples.sample09.
> PWCBHandler</EmbeddedKeyCallbackClass>
> >
> <encryptionPropFile>client.properties</encryptionPropFile>
> > <EmbeddedKeyName>SessionKey</EmbeddedKeyName>
> > </action>
> >
> > contains the encryptionPropFile property. The said property
> file contains this:
> >
> >
> org.apache.ws.security.crypto.provider=org.apache.ws.security.
> components.crypto.Merlin
> > org.apache.ws.security.crypto.merlin.keystore.type=jks
> > org.apache.ws.security.crypto.merlin.keystore.password=apache
> > org.apache.ws.security.crypto.merlin.file=client.jks
> >
> > Now, I can see why we need to configure the provider class.
> But why does Rampart need the keystore? I'm not using
> public/private keys or certificates, just one secret key.
> >
> > The code works, but I'd like to simplify it as much as
> possible. The properties and keystore files shouldn't be
> necessary, unless I'm misunderstanding something.
> >
> > Many thanks
> > Michael Davis
> >
> >
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> > For additional commands, e-mail: axis-user-help@ws.apache.org
> >
> >
>
>
> --
> www.ruchith.org
> www.wso2.org
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-user-help@ws.apache.org
>
>
Re: Rampart configuration question
Posted by Ruchith Fernando <ru...@gmail.com>.
I agree we should not require the
"<encryptionPropFile>client.properties</encryptionPropFile>" entry.
Can you please try removing it?
Thanks,
Ruchith
On 7/6/07, Michael.Davis@servicecanada.gc.ca
<Mi...@servicecanada.gc.ca> wrote:
> Hi,
>
> I'm trying to use Rampart to encrypt my message body using a symetric secret key.
>
> Sample 9, included with the Rampart distibution, does just this. The actual key is hard-coded in a callback function both on the client and the server. My understanding is that the key is the only piece of data needed to encode the message.
>
> I was wondering why this part of the client config file:
>
> <action>
> <items>Encrypt</items>
> <user>client</user>
> <encryptionKeyIdentifier>EmbeddedKeyName</encryptionKeyIdentifier>
> <EmbeddedKeyCallbackClass>org.apache.rampart.samples.sample09.PWCBHandler</EmbeddedKeyCallbackClass>
> <encryptionPropFile>client.properties</encryptionPropFile>
> <EmbeddedKeyName>SessionKey</EmbeddedKeyName>
> </action>
>
> contains the encryptionPropFile property. The said property file contains this:
>
> org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
> org.apache.ws.security.crypto.merlin.keystore.type=jks
> org.apache.ws.security.crypto.merlin.keystore.password=apache
> org.apache.ws.security.crypto.merlin.file=client.jks
>
> Now, I can see why we need to configure the provider class. But why does Rampart need the keystore? I'm not using public/private keys or certificates, just one secret key.
>
> The code works, but I'd like to simplify it as much as possible. The properties and keystore files shouldn't be necessary, unless I'm misunderstanding something.
>
> Many thanks
> Michael Davis
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-user-help@ws.apache.org
>
>
--
www.ruchith.org
www.wso2.org
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org
Re: Is wss4j still an active project? (was: Rampart configuration question)
Posted by Chad DeBauch <cd...@gmail.com>.
Yes wss4j is still active, you may want to subscribe to the wss4j mailing
list and ask the question there.
Chad
On 7/9/07, Michael.Davis@servicecanada.gc.ca <
Michael.Davis@servicecanada.gc.ca> wrote:
>
> Hi,
>
> I didn't see any replies to the question below, so I started digging
> through the rampart/wss4j code. I found a workaround that will allow me to
> hard-code the private key into my client and server, and not have to have
> absolute paths to key files. This involves making a small change to one of
> the wss4j classes.
>
> I got the wss4j source code and tried to build it. Unfortunately it was
> build with axis version 1, and I'm using axis2. It's trying to import
> org.apache.axis packages whereas the new version's package names begin
> with org.apache.axis2. Moreover, some classes from the old version have
> moved since the new one. For example, wss4j tries to import
> org.apache.axix.Message, but there is no such class
> org.apache.axis2.Message, so I can't just change the package names.
>
> Anyway, is wss4j still in active development? It doesn't look like it. Has
> anyone moved the source to be compatible with axis2?
>
> cheers,
> md
>
>
> > -----Original Message-----
> > From: Davis, Michael
> > Sent: Friday, July 06, 2007 2:28 PM
> > To: 'axis-user@ws.apache.org'
> > Subject: Rampart configuration question
> >
> >
> > Hi,
> >
> > I'm trying to use Rampart to encrypt my message body using a
> > symetric secret key.
> >
> > Sample 9, included with the Rampart distibution, does just
> > this. The actual key is hard-coded in a callback function
> > both on the client and the server. My understanding is that
> > the key is the only piece of data needed to encode the message.
> >
> > I was wondering why this part of the client config file:
> >
> > <action>
> > <items>Encrypt</items>
> > <user>client</user>
> >
> > <encryptionKeyIdentifier>EmbeddedKeyName</encryptionKeyIdentifier>
> >
> > <EmbeddedKeyCallbackClass>org.apache.rampart.samples.sample09.
> > PWCBHandler</EmbeddedKeyCallbackClass>
> > <encryptionPropFile>client.properties</encryptionPropFile>
> > <EmbeddedKeyName>SessionKey</EmbeddedKeyName>
> > </action>
> >
> > contains the encryptionPropFile property. The said property
> > file contains this:
> >
> > org.apache.ws.security.crypto.provider=org.apache.ws.security.
> > components.crypto.Merlin
> > org.apache.ws.security.crypto.merlin.keystore.type=jks
> > org.apache.ws.security.crypto.merlin.keystore.password=apache
> > org.apache.ws.security.crypto.merlin.file=client.jks
> >
> > Now, I can see why we need to configure the provider class.
> > But why does Rampart need the keystore? I'm not using
> > public/private keys or certificates, just one secret key.
> >
> > The code works, but I'd like to simplify it as much as
> > possible. The properties and keystore files shouldn't be
> > necessary, unless I'm misunderstanding something.
> >
> > Many thanks
> > Michael Davis
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-user-help@ws.apache.org
>
>
RE: Is wss4j still an active project? (was: Rampart configuration
question)
Posted by Mi...@servicecanada.gc.ca.
Thanks!
cheers,
md
> -----Original Message-----
> From: Ruchith Fernando [mailto:ruchith.fernando@gmail.com]
> Sent: Tuesday, July 10, 2007 5:25 AM
> To: axis-user@ws.apache.org
> Subject: Re: Is wss4j still an active project? (was: Rampart
> configuration question)
>
>
> Hi,
>
> On 7/9/07, Michael.Davis@servicecanada.gc.ca
> <Mi...@servicecanada.gc.ca> wrote:
> > Hi,
> >
> > I didn't see any replies to the question below, so I
> started digging through the rampart/wss4j code. I found a
> workaround that will allow me to hard-code the private key
> into my client and server, and not have to have absolute
> paths to key files. This involves making a small change to
> one of the wss4j classes.
> >
> > I got the wss4j source code and tried to build it.
> Unfortunately it was build with axis version 1, and I'm using
> axis2. It's trying to import org.apache.axis packages whereas
> the new version's package names begin with org.apache.axis2.
> Moreover, some classes from the old version have moved since
> the new one. For example, wss4j tries to import
> org.apache.axix.Message, but there is no such class
> org.apache.axis2.Message, so I can't just change the package names.
> >
>
> WSS4J project contains Axis 1.x handlers and we have the Axis jars in
> the lib dir [1]. You can include these in the classpath to fix
> compilation issues.
>
> WS-Sec* support for Axis2 is available in Apache Rampart[2] and
> Rampart depends on WSS4J.
>
> And yes WSS4J is still active!
>
> Thanks,
> Ruchith
>
> [1] https://svn.apache.org/repos/asf/webservices/wss4j/trunk/lib
> [2] https://svn.apache.org/repos/asf/webservices/rampart/trunk/java
> > Anyway, is wss4j still in active development? It doesn't
> look like it. Has anyone moved the source to be compatible with axis2?
> >
> > cheers,
> > md
> >
> >
> > > -----Original Message-----
> > > From: Davis, Michael
> > > Sent: Friday, July 06, 2007 2:28 PM
> > > To: 'axis-user@ws.apache.org'
> > > Subject: Rampart configuration question
> > >
> > >
> > > Hi,
> > >
> > > I'm trying to use Rampart to encrypt my message body using a
> > > symetric secret key.
> > >
> > > Sample 9, included with the Rampart distibution, does just
> > > this. The actual key is hard-coded in a callback function
> > > both on the client and the server. My understanding is that
> > > the key is the only piece of data needed to encode the message.
> > >
> > > I was wondering why this part of the client config file:
> > >
> > > <action>
> > > <items>Encrypt</items>
> > > <user>client</user>
> > >
> > > <encryptionKeyIdentifier>EmbeddedKeyName</encryptionKeyIdentifier>
> > >
> > > <EmbeddedKeyCallbackClass>org.apache.rampart.samples.sample09.
> > > PWCBHandler</EmbeddedKeyCallbackClass>
> > >
> <encryptionPropFile>client.properties</encryptionPropFile>
> > > <EmbeddedKeyName>SessionKey</EmbeddedKeyName>
> > > </action>
> > >
> > > contains the encryptionPropFile property. The said property
> > > file contains this:
> > >
> > > org.apache.ws.security.crypto.provider=org.apache.ws.security.
> > > components.crypto.Merlin
> > > org.apache.ws.security.crypto.merlin.keystore.type=jks
> > > org.apache.ws.security.crypto.merlin.keystore.password=apache
> > > org.apache.ws.security.crypto.merlin.file=client.jks
> > >
> > > Now, I can see why we need to configure the provider class.
> > > But why does Rampart need the keystore? I'm not using
> > > public/private keys or certificates, just one secret key.
> > >
> > > The code works, but I'd like to simplify it as much as
> > > possible. The properties and keystore files shouldn't be
> > > necessary, unless I'm misunderstanding something.
> > >
> > > Many thanks
> > > Michael Davis
> > >
> >
> >
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> > For additional commands, e-mail: axis-user-help@ws.apache.org
> >
> >
>
>
> --
> www.ruchith.org
> www.wso2.org
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-user-help@ws.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org
Re: Is wss4j still an active project? (was: Rampart configuration question)
Posted by Ruchith Fernando <ru...@gmail.com>.
Hi,
On 7/9/07, Michael.Davis@servicecanada.gc.ca
<Mi...@servicecanada.gc.ca> wrote:
> Hi,
>
> I didn't see any replies to the question below, so I started digging through the rampart/wss4j code. I found a workaround that will allow me to hard-code the private key into my client and server, and not have to have absolute paths to key files. This involves making a small change to one of the wss4j classes.
>
> I got the wss4j source code and tried to build it. Unfortunately it was build with axis version 1, and I'm using axis2. It's trying to import org.apache.axis packages whereas the new version's package names begin with org.apache.axis2. Moreover, some classes from the old version have moved since the new one. For example, wss4j tries to import org.apache.axix.Message, but there is no such class org.apache.axis2.Message, so I can't just change the package names.
>
WSS4J project contains Axis 1.x handlers and we have the Axis jars in
the lib dir [1]. You can include these in the classpath to fix
compilation issues.
WS-Sec* support for Axis2 is available in Apache Rampart[2] and
Rampart depends on WSS4J.
And yes WSS4J is still active!
Thanks,
Ruchith
[1] https://svn.apache.org/repos/asf/webservices/wss4j/trunk/lib
[2] https://svn.apache.org/repos/asf/webservices/rampart/trunk/java
> Anyway, is wss4j still in active development? It doesn't look like it. Has anyone moved the source to be compatible with axis2?
>
> cheers,
> md
>
>
> > -----Original Message-----
> > From: Davis, Michael
> > Sent: Friday, July 06, 2007 2:28 PM
> > To: 'axis-user@ws.apache.org'
> > Subject: Rampart configuration question
> >
> >
> > Hi,
> >
> > I'm trying to use Rampart to encrypt my message body using a
> > symetric secret key.
> >
> > Sample 9, included with the Rampart distibution, does just
> > this. The actual key is hard-coded in a callback function
> > both on the client and the server. My understanding is that
> > the key is the only piece of data needed to encode the message.
> >
> > I was wondering why this part of the client config file:
> >
> > <action>
> > <items>Encrypt</items>
> > <user>client</user>
> >
> > <encryptionKeyIdentifier>EmbeddedKeyName</encryptionKeyIdentifier>
> >
> > <EmbeddedKeyCallbackClass>org.apache.rampart.samples.sample09.
> > PWCBHandler</EmbeddedKeyCallbackClass>
> > <encryptionPropFile>client.properties</encryptionPropFile>
> > <EmbeddedKeyName>SessionKey</EmbeddedKeyName>
> > </action>
> >
> > contains the encryptionPropFile property. The said property
> > file contains this:
> >
> > org.apache.ws.security.crypto.provider=org.apache.ws.security.
> > components.crypto.Merlin
> > org.apache.ws.security.crypto.merlin.keystore.type=jks
> > org.apache.ws.security.crypto.merlin.keystore.password=apache
> > org.apache.ws.security.crypto.merlin.file=client.jks
> >
> > Now, I can see why we need to configure the provider class.
> > But why does Rampart need the keystore? I'm not using
> > public/private keys or certificates, just one secret key.
> >
> > The code works, but I'd like to simplify it as much as
> > possible. The properties and keystore files shouldn't be
> > necessary, unless I'm misunderstanding something.
> >
> > Many thanks
> > Michael Davis
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-user-help@ws.apache.org
>
>
--
www.ruchith.org
www.wso2.org
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org
Is wss4j still an active project? (was: Rampart configuration
question)
Posted by Mi...@servicecanada.gc.ca.
Hi,
I didn't see any replies to the question below, so I started digging through the rampart/wss4j code. I found a workaround that will allow me to hard-code the private key into my client and server, and not have to have absolute paths to key files. This involves making a small change to one of the wss4j classes.
I got the wss4j source code and tried to build it. Unfortunately it was build with axis version 1, and I'm using axis2. It's trying to import org.apache.axis packages whereas the new version's package names begin with org.apache.axis2. Moreover, some classes from the old version have moved since the new one. For example, wss4j tries to import org.apache.axix.Message, but there is no such class org.apache.axis2.Message, so I can't just change the package names.
Anyway, is wss4j still in active development? It doesn't look like it. Has anyone moved the source to be compatible with axis2?
cheers,
md
> -----Original Message-----
> From: Davis, Michael
> Sent: Friday, July 06, 2007 2:28 PM
> To: 'axis-user@ws.apache.org'
> Subject: Rampart configuration question
>
>
> Hi,
>
> I'm trying to use Rampart to encrypt my message body using a
> symetric secret key.
>
> Sample 9, included with the Rampart distibution, does just
> this. The actual key is hard-coded in a callback function
> both on the client and the server. My understanding is that
> the key is the only piece of data needed to encode the message.
>
> I was wondering why this part of the client config file:
>
> <action>
> <items>Encrypt</items>
> <user>client</user>
>
> <encryptionKeyIdentifier>EmbeddedKeyName</encryptionKeyIdentifier>
>
> <EmbeddedKeyCallbackClass>org.apache.rampart.samples.sample09.
> PWCBHandler</EmbeddedKeyCallbackClass>
> <encryptionPropFile>client.properties</encryptionPropFile>
> <EmbeddedKeyName>SessionKey</EmbeddedKeyName>
> </action>
>
> contains the encryptionPropFile property. The said property
> file contains this:
>
> org.apache.ws.security.crypto.provider=org.apache.ws.security.
> components.crypto.Merlin
> org.apache.ws.security.crypto.merlin.keystore.type=jks
> org.apache.ws.security.crypto.merlin.keystore.password=apache
> org.apache.ws.security.crypto.merlin.file=client.jks
>
> Now, I can see why we need to configure the provider class.
> But why does Rampart need the keystore? I'm not using
> public/private keys or certificates, just one secret key.
>
> The code works, but I'd like to simplify it as much as
> possible. The properties and keystore files shouldn't be
> necessary, unless I'm misunderstanding something.
>
> Many thanks
> Michael Davis
>
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org