You are viewing a plain text version of this content. The canonical link for it is here.
Posted to fx-dev@ws.apache.org by Gürkan Vural <gu...@tcmb.gov.tr> on 2005/05/10 09:21:53 UTC
WSS4J TestWSSecurity10.java
Why the verification code of username token encryption commented in
TestWSSecurity10.java? When I try to uncomment the call of
verifyEMBED_SECURITY_TOKEN_REF (line 211), it throws an exception
ds:KeyName does not contain a key name. Is it really required?
--
Gürkan Vural
==========================================================-
Bu e-posta sadece yukarida isimleri belirtilen kisiler arasinda özel haberlesme amacini tasimaktadir. Size yanlislikla ulasmissa lütfen gönderen kisiyi bilgilendiriniz ve mesaji sisteminizden siliniz. Turkiye Cumhuriyet Merkez Bankasi A.S. bu mesajin icerigi ile ilgili olarak hicbir hukuksal sorumlulugu kabul etmez.
This e-mail communication is intended for the private use of the people named above. If you received this message in error, please immediately notify the sender and delete it from your system. The Central Bank of The Republic of Turkey does not accept legal responsibility for the contents of this message.
Re: WSS4J TestWSSecurity10.java
Posted by Gürkan Vural <gu...@tcmb.gov.tr>.
While processing security headers below, wss4j reads DataReference to
decrypt EncryptedData. But when it tries to identify KeyInfo to get
SharedKey, it doesn't understand that key is a SecurityTokenReference
and tries to find KeyName and throws exception. Do you have any ideas to
correct this behaviour?
<soapenv:Header>
<wsse:Security
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<xenc:ReferenceList><xenc:DataReference
URI="#EncDataId-1234"/></xenc:ReferenceList>
<wsse:UsernameToken Id="TokenId-1234">
<wsse:Username>username</wsse:Username>
<wsse:Password
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
<soapenv:Body>
<xenc:EncryptedData Id="EncDataId-1234"
Type="http://www.w3.org/2001/04/xmlenc#Content">
<xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.
xsd">
<wsse:Reference URI="#TokenId-1234" ValueType="UsernameToken"/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>...</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</soapenv:Body>
--
gurkan
Gürkan Vural wrote:
>Why the verification code of username token encryption commented in
>TestWSSecurity10.java? When I try to uncomment the call of
>verifyEMBED_SECURITY_TOKEN_REF (line 211), it throws an exception
>ds:KeyName does not contain a key name. Is it really required?
>
>--
>Gürkan Vural
>
>
==========================================================-
Bu e-posta sadece yukarida isimleri belirtilen kisiler arasinda özel haberlesme amacini tasimaktadir. Size yanlislikla ulasmissa lütfen gönderen kisiyi bilgilendiriniz ve mesaji sisteminizden siliniz. Turkiye Cumhuriyet Merkez Bankasi A.S. bu mesajin icerigi ile ilgili olarak hicbir hukuksal sorumlulugu kabul etmez.
This e-mail communication is intended for the private use of the people named above. If you received this message in error, please immediately notify the sender and delete it from your system. The Central Bank of The Republic of Turkey does not accept legal responsibility for the contents of this message.