You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-user@axis.apache.org by "Soyer, Muhammed A." <MS...@MICROS.COM> on 2008/09/11 19:10:55 UTC

WS-Security with WSDL file that doesn't contain the policies

Hi,
  I have a WSDL file which doesn't have the security policies in it. But the server requires me to include the WSSE headers. They are using WSE3 on .Net at the server side.
I am trying with rampart and confused about the possibility of achieving this with the WSDL file without the policies.
Is it possible?

I am using axis 1.4.1 and rampart 1.4

Thanks

RE: WS-Security with WSDL file that doesn't contain the policies

Posted by "Soyer, Muhammed A." <MS...@MICROS.COM>.
IS it possible to figure out something from a sample header?
What is binarySecurityToken ? Is it something custom or a generic thing?

Thanks


<wsu:Timestamp wsu:Id="Timestamp-172be5bd-07e8-42e3-b4a8-07c13b9f7013">
      <wsu:Created>2008-09-03T12:30:09Z</wsu:Created>
      <wsu:Expires>2008-09-03T12:30:39Z</wsu:Expires>
    </wsu:Timestamp>
    <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
      <wsse:BinarySecurityToken ValueType="NGX-SecurityToken-Value" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="SecurityToken-5aec1e4b-e2ad-43e9-903e-40519d328f9a">VILLfdssM027/jJb+iaYGg+M82bLdH1CkcT0yr3rkh0RAAAAAAAAAG4XXx6W1LJNglfYnWWkuck=</wsse:BinarySecurityToken>
    </wsse:Security>




From: keith chapman [mailto:keithgchapman@gmail.com]
Sent: Thursday, September 11, 2008 1:24 PM
To: axis-user@ws.apache.org
Subject: Re: WS-Security with WSDL file that doesn't contain the policies

If the WSDL does not advertise the policy then you will have speak to the guys who host the service and get the required security configurations. ;). There is no other way that you will know what to send to the other end. Its better if they can give you the security configuration as a policy file.

Thanks,
Keith.
On Thu, Sep 11, 2008 at 10:40 PM, Soyer, Muhammed A. <MS...@micros.com>> wrote:

Hi,

  I have a WSDL file which doesn't have the security policies in it. But the server requires me to include the WSSE headers. They are using WSE3 on .Net at the server side.

I am trying with rampart and confused about the possibility of achieving this with the WSDL file without the policies.

Is it possible?



I am using axis 1.4.1 and rampart 1.4



Thanks







--
Keith Chapman
Senior Software Engineer
WSO2 Inc.
Oxygenating the Web Service Platform.
http://wso2.org/

blog: http://www.keith-chapman.org

RE: WS-Security with WSDL file that doesn't contain the policies

Posted by "Soyer, Muhammed A." <MS...@MICROS.COM>.
Hi Nandana,
  Thanks for your answers. By STS do you mean the web service that I will call to authenticate? If so ,that part is clear for me . I need to pass the the username and password to that service and it returns me the security token and user id back ..
Then I need to build the binarySecurityToken using these values. Is there any document that you can suggest for WS-Trust?
  The other thing , instead of dealing with all these details I tried to building the soap headers manually and it worked fine. I mean I am creating the OMElements and adding them to the client using addHeader method of it.
Is this something suggestible? Should I avoid building the WS-Security and WS-Addressing headers manually?

Thanks


From: Nandana Mihindukulasooriya [mailto:nandana.cse@gmail.com]
Sent: Thursday, September 11, 2008 5:10 PM
To: axis-user@ws.apache.org
Subject: Re: WS-Security with WSDL file that doesn't contain the policies

Hi Soyer,
         Yes, you can do this. You can use WS - Trust support in Apache Rampart to do this. But your binary token "NGX-SecurityToken-Value" seems to be a custom one. So need to know what are the exact parameters you need to send to the STS ( the web service that issue security tokens).

thanks,
nandana
On Thu, Sep 11, 2008 at 1:39 PM, Soyer, Muhammed A. <MS...@micros.com>> wrote:

I learnt some extra things,

I first call a different web service to obtain some ticket (BinarySecurityToken) then I use this token in the following web calls.

How can I do this?



Thanks





From: Soyer, Muhammed A.
Sent: Thursday, September 11, 2008 1:47 PM

To: 'axis-user@ws.apache.org<ma...@ws.apache.org>'
Subject: RE: WS-Security with WSDL file that doesn't contain the policies



IS it possible to figure out something from a sample header?

What is binarySecurityToken ? Is it something custom or a generic thing?



Thanks





<wsu:Timestamp wsu:Id="Timestamp-172be5bd-07e8-42e3-b4a8-07c13b9f7013">

      <wsu:Created>2008-09-03T12:30:09Z</wsu:Created>

      <wsu:Expires>2008-09-03T12:30:39Z</wsu:Expires>

    </wsu:Timestamp>

    <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">

      <wsse:BinarySecurityToken ValueType="NGX-SecurityToken-Value" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="SecurityToken-5aec1e4b-e2ad-43e9-903e-40519d328f9a">VILLfdssM027/jJb+iaYGg+M82bLdH1CkcT0yr3rkh0RAAAAAAAAAG4XXx6W1LJNglfYnWWkuck=</wsse:BinarySecurityToken>

    </wsse:Security>









From: keith chapman [mailto:keithgchapman@gmail.com<ma...@gmail.com>]
Sent: Thursday, September 11, 2008 1:24 PM
To: axis-user@ws.apache.org<ma...@ws.apache.org>
Subject: Re: WS-Security with WSDL file that doesn't contain the policies



If the WSDL does not advertise the policy then you will have speak to the guys who host the service and get the required security configurations. ;). There is no other way that you will know what to send to the other end. Its better if they can give you the security configuration as a policy file.

Thanks,
Keith.

On Thu, Sep 11, 2008 at 10:40 PM, Soyer, Muhammed A. <MS...@micros.com>> wrote:

Hi,

  I have a WSDL file which doesn't have the security policies in it. But the server requires me to include the WSSE headers. They are using WSE3 on .Net at the server side.

I am trying with rampart and confused about the possibility of achieving this with the WSDL file without the policies.

Is it possible?



I am using axis 1.4.1 and rampart 1.4



Thanks







--
Keith Chapman
Senior Software Engineer
WSO2 Inc.
Oxygenating the Web Service Platform.
http://wso2.org/

blog: http://www.keith-chapman.org

Re: WS-Security with WSDL file that doesn't contain the policies

Posted by Nandana Mihindukulasooriya <na...@gmail.com>.
Hi Soyer,
         Yes, you can do this. You can use WS - Trust support in Apache
Rampart to do this. But your binary token "NGX-SecurityToken-Value" seems to
be a custom one. So need to know what are the exact parameters you need to
send to the STS ( the web service that issue security tokens).

thanks,
nandana

On Thu, Sep 11, 2008 at 1:39 PM, Soyer, Muhammed A. <MS...@micros.com>wrote:

>  I learnt some extra things,
>
> I first call a different web service to obtain some ticket
> (BinarySecurityToken) then I use this token in the following web calls.
>
> How can I do this?
>
>
>
> Thanks
>
>
>
>
>
> *From:* Soyer, Muhammed A.
> *Sent:* Thursday, September 11, 2008 1:47 PM
> *To:* 'axis-user@ws.apache.org'
> *Subject:* RE: WS-Security with WSDL file that doesn't contain the
> policies
>
>
>
> IS it possible to figure out something from a sample header?
>
> What is binarySecurityToken ? Is it something custom or a generic thing?
>
>
>
> Thanks
>
>
>
>
>
> <wsu:Timestamp wsu:Id="Timestamp-172be5bd-07e8-42e3-b4a8-07c13b9f7013">
>
>       <wsu:Created>2008-09-03T12:30:09Z</wsu:Created>
>
>       <wsu:Expires>2008-09-03T12:30:39Z</wsu:Expires>
>
>     </wsu:Timestamp>
>
>     <wsse:Security xmlns:wsse="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
> ">
>
>       <wsse:BinarySecurityToken ValueType="NGX-SecurityToken-Value"
> EncodingType="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
> xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
> wsu:Id="SecurityToken-5aec1e4b-e2ad-43e9-903e-40519d328f9a">VILLfdssM027/jJb+iaYGg+M82bLdH1CkcT0yr3rkh0RAAAAAAAAAG4XXx6W1LJNglfYnWWkuck=</wsse:BinarySecurityToken>
>
>     </wsse:Security>
>
>
>
>
>
>
>
>
>
> *From:* keith chapman [mailto:keithgchapman@gmail.com]
> *Sent:* Thursday, September 11, 2008 1:24 PM
> *To:* axis-user@ws.apache.org
> *Subject:* Re: WS-Security with WSDL file that doesn't contain the
> policies
>
>
>
> If the WSDL does not advertise the policy then you will have speak to the
> guys who host the service and get the required security configurations. ;).
> There is no other way that you will know what to send to the other end. Its
> better if they can give you the security configuration as a policy file.
>
> Thanks,
> Keith.
>
> On Thu, Sep 11, 2008 at 10:40 PM, Soyer, Muhammed A. <MS...@micros.com>
> wrote:
>
> Hi,
>
>   I have a WSDL file which doesn't have the security policies in it. But
> the server requires me to include the WSSE headers. They are using WSE3 on
> .Net at the server side.
>
> I am trying with rampart and confused about the possibility of achieving
> this with the WSDL file without the policies.
>
> Is it possible?
>
>
>
> I am using axis 1.4.1 and rampart 1.4
>
>
>
> Thanks
>
>
>
>
>
>
>
>
> --
> Keith Chapman
> Senior Software Engineer
> WSO2 Inc.
> Oxygenating the Web Service Platform.
> http://wso2.org/
>
> blog: http://www.keith-chapman.org
>

RE: WS-Security with WSDL file that doesn't contain the policies

Posted by "Soyer, Muhammed A." <MS...@MICROS.COM>.
I learnt some extra things,
I first call a different web service to obtain some ticket (BinarySecurityToken) then I use this token in the following web calls.
How can I do this?

Thanks


From: Soyer, Muhammed A.
Sent: Thursday, September 11, 2008 1:47 PM
To: 'axis-user@ws.apache.org'
Subject: RE: WS-Security with WSDL file that doesn't contain the policies

IS it possible to figure out something from a sample header?
What is binarySecurityToken ? Is it something custom or a generic thing?

Thanks


<wsu:Timestamp wsu:Id="Timestamp-172be5bd-07e8-42e3-b4a8-07c13b9f7013">
      <wsu:Created>2008-09-03T12:30:09Z</wsu:Created>
      <wsu:Expires>2008-09-03T12:30:39Z</wsu:Expires>
    </wsu:Timestamp>
    <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
      <wsse:BinarySecurityToken ValueType="NGX-SecurityToken-Value" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="SecurityToken-5aec1e4b-e2ad-43e9-903e-40519d328f9a">VILLfdssM027/jJb+iaYGg+M82bLdH1CkcT0yr3rkh0RAAAAAAAAAG4XXx6W1LJNglfYnWWkuck=</wsse:BinarySecurityToken>
    </wsse:Security>




From: keith chapman [mailto:keithgchapman@gmail.com]
Sent: Thursday, September 11, 2008 1:24 PM
To: axis-user@ws.apache.org
Subject: Re: WS-Security with WSDL file that doesn't contain the policies

If the WSDL does not advertise the policy then you will have speak to the guys who host the service and get the required security configurations. ;). There is no other way that you will know what to send to the other end. Its better if they can give you the security configuration as a policy file.

Thanks,
Keith.
On Thu, Sep 11, 2008 at 10:40 PM, Soyer, Muhammed A. <MS...@micros.com>> wrote:

Hi,

  I have a WSDL file which doesn't have the security policies in it. But the server requires me to include the WSSE headers. They are using WSE3 on .Net at the server side.

I am trying with rampart and confused about the possibility of achieving this with the WSDL file without the policies.

Is it possible?



I am using axis 1.4.1 and rampart 1.4



Thanks







--
Keith Chapman
Senior Software Engineer
WSO2 Inc.
Oxygenating the Web Service Platform.
http://wso2.org/

blog: http://www.keith-chapman.org

Re: WS-Security with WSDL file that doesn't contain the policies

Posted by keith chapman <ke...@gmail.com>.
If the WSDL does not advertise the policy then you will have speak to the
guys who host the service and get the required security configurations. ;).
There is no other way that you will know what to send to the other end. Its
better if they can give you the security configuration as a policy file.

Thanks,
Keith.
On Thu, Sep 11, 2008 at 10:40 PM, Soyer, Muhammed A. <MS...@micros.com>wrote:

>  Hi,
>
>   I have a WSDL file which doesn't have the security policies in it. But
> the server requires me to include the WSSE headers. They are using WSE3 on
> .Net at the server side.
>
> I am trying with rampart and confused about the possibility of achieving
> this with the WSDL file without the policies.
>
> Is it possible?
>
>
>
> I am using axis 1.4.1 and rampart 1.4
>
>
>
> Thanks
>
>
>
>
>



-- 
Keith Chapman
Senior Software Engineer
WSO2 Inc.
Oxygenating the Web Service Platform.
http://wso2.org/

blog: http://www.keith-chapman.org