You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-user@axis.apache.org by Philipp Perner <ph...@healthgate.at> on 2006/12/01 12:41:02 UTC
Re: Rampart problem with encryption
Hi marcel,
I'm just working on this.
I have a new post called "Encrypting Message Failure" from 11/30/06
where Mary Thompson perhaps provides some help.
You can participate posting there...
It seems that rampart module is not applicable at runtime for the client.
BTW: I am using rampart1.1-RC1 from 27.11.2006
But you should try the nightly builds of rampart with axis2-1.1 latest
builds.
philipp
Marcel Casado schrieb:
> Hi Philipp,
>
> I filed a jira http://issues.apache.org/jira/browse/AXIS2-1646 but it
> has not been taken care for anybody so I gave up until is fixed. Which
> version of Rampart are you using I stop updating Rampart nigthlies on
> 11/05/06 so I did not try the nightlies recently neither the Apache
> Rampart-1.1-RC1.
>
> Please let me know if you get some progress in the near future.
>
> -Marcel
>
>
> http://issues.apache.org/jira/browse/AXIS2-1646
>
>
> Philipp Perner wrote:
>> Hi,
>>
>> have you got this problem fixed, and how?
>> I am having the same problem now - encryption doesn't work, although
>> i have similar configuration like the rampart sample5.
>>
>>
>>
>> Marcel Casado schrieb:
>>> Hi,
>>>
>>> I'm trying to secure services with Rampart encrypting the body of
>>> the soap message. When the load on the body are pure xml elements
>>> with no attributes works fine but when the load has elements with
>>> attributes when they are decrypted the value is "null". The service
>>> was working fine with out encryption.
>>>
>>> I sent this before but I was not able to get much help. I'm stuck
>>> with this and I need to get it working in a production system soon.
>>> Help please, I'm kind of desperate. I told my boss that with axis2
>>> and Rampart will get secure services quite easily and I been stuck
>>> almost for one month on this.
>>>
>>>
>>> Example of load :
>>>
>>> <AllowedValuesSet isStatic="true">
>>> <NestedMap>
>>> <MapEntry entryValue="Model Output" entryKey="model_output"/>
>>> <MapEntry entryValue="Observation" entryKey="observation"/>
>>> <NestedMap parentKey="observation">
>>> <MapEntry entryValue="Station" entryKey="observation>station"/>
>>> <NestedMap parentKey="observation>station">
>>> <MapEntry entryValue="Lightning"
>>> entryKey="observation>station>lightning"/>
>>> <MapEntry entryValue="Mesowest/WMO"
>>> entryKey="observation>station>wmo"/>
>>> <MapEntry entryValue="Profiler"
>>> entryKey="observation>station>profiler"/>
>>> <MapEntry entryValue="SAMS"
>>> entryKey="observation>station>sams"/>
>>> <MapEntry entryValue="Sounding"
>>> entryKey="observation>station>sounding"/>
>>> </NestedMap>
>>> </NestedMap>
>>> <NestedMap parentKey="model_output">
>>> <MapEntry entryValue="MM5" entryKey="model_output>mm5"/>
>>> <NestedMap parentKey="model_output>mm5">
>>> <MapEntry entryValue="Forecast"
>>> entryKey="model_output>mm5>forecast"/>
>>> </NestedMap>
>>> </NestedMap>
>>> </NestedMap>
>>> </AllowedValuesSet>
>>>
>>>
>>> services.xml :
>>>
>>> <!-- This file was auto-generated from WSDL -->
>>> <!-- by the Apache Axis2 version: #axisVersion# #today# -->
>>> <serviceGroup>
>>> <service name="MetvaultMetadataService">
>>> <messageReceivers>
>>> <messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-out"
>>>
>>> class="edu.ucar.rap.metvault.metvaultservice.version1_0.metadataservice.MetvaultMetadataServiceMessageReceiverInOut"/>
>>>
>>> </messageReceivers>
>>> <parameter name="ServiceClass" locked="false">
>>>
>>> edu.ucar.rap.metvault.metvaultservice.version1_0.metadataservice.MetvaultMetadataServiceSkeleton</parameter>
>>>
>>> <operation name="getAllowedValuesSet"
>>> mep="http://www.w3.org/2004/08/wsdl/in-out">
>>> <actionMapping>getAllowedValuesSet</actionMapping>
>>> </operation>
>>> <operation name="getMetadata"
>>> mep="http://www.w3.org/2004/08/wsdl/in-out">
>>> <actionMapping>getMetadata</actionMapping>
>>> </operation>
>>> <operation name="retrieveMetadata"
>>> mep="http://www.w3.org/2004/08/wsdl/in-out">
>>> <actionMapping>retrieveMetadata</actionMapping>
>>> </operation>
>>> <operation name="executeService"
>>> mep="http://www.w3.org/2004/08/wsdl/in-out">
>>> <actionMapping>executeService</actionMapping>
>>> </operation>
>>> <operation name="requestServiceSummary"
>>> mep="http://www.w3.org/2004/08/wsdl/in-out">
>>> <actionMapping>requestServiceSummary</actionMapping>
>>> </operation>
>>> <operation name="requestServiceResponse"
>>> mep="http://www.w3.org/2004/08/wsdl/in-out">
>>> <actionMapping>requestServiceResponse</actionMapping>
>>> </operation>
>>> <operation name="requestCrawlerStart"
>>> mep="http://www.w3.org/2004/08/wsdl/in-out">
>>> <actionMapping>requestCrawlerStart</actionMapping>
>>> </operation>
>>> <operation name="requestCrawlerStop"
>>> mep="http://www.w3.org/2004/08/wsdl/in-out">
>>> <actionMapping>requestCrawlerStop</actionMapping>
>>> </operation>
>>> <operation name="requestLogin"
>>> mep="http://www.w3.org/2004/08/wsdl/in-out">
>>> <actionMapping>requestLogin</actionMapping>
>>> </operation>
>>> <module ref="rampart"/>
>>>
>>> <parameter name="OutflowSecurity">
>>> <action>
>>> <items>Timestamp Encrypt</items>
>>>
>>> <passwordCallbackClass>edu.ucar.rap.metvault.metvaultservice.version1_0.metadataservice.PWCBHandler</passwordCallbackClass>
>>>
>>> <encryptionPropFile>service.properties</encryptionPropFile>
>>> <encryptionKeyIdentifier>IssuerSerial</encryptionKeyIdentifier>
>>> <encryptionUser>client</encryptionUser>
>>> </action>
>>> </parameter>
>>>
>>> <parameter name="InflowSecurity">
>>> <action>
>>> <items>UsernameToken Timestamp Encrypt</items>
>>>
>>> <passwordCallbackClass>edu.ucar.rap.metvault.metvaultservice.version1_0.metadataservice.PWCBHandler</passwordCallbackClass>
>>>
>>> <decryptionPropFile>service.properties</decryptionPropFile>
>>> </action>
>>> </parameter>
>>>
>>> </service>
>>> </serviceGroup>
>>>
>>>
>>> client axis2.xml excerpt :
>>>
>>> <module ref="rampart"/>
>>>
>>>
>>> <parameter name="InflowSecurity">
>>> <action>
>>> <items>Timestamp Encrypt</items>
>>>
>>> <passwordCallbackClass>edu.ucar.rap.metvault.metvaultservice.version1_0.metadataservice.PWCBHandler</passwordCallbackClass>
>>>
>>> <decryptionPropFile>client.properties</decryptionPropFile>
>>> </action>
>>> </parameter>
>>>
>>>
>>> <parameter name="OutflowSecurity">
>>> <action>
>>> <items>UsernameToken Timestamp Encrypt</items>
>>> <passwordType>PasswordText</passwordType>
>>> <signaturePropFile>client.properties</signaturePropFile>
>>> <signatureKeyIdentifier>DirectReference</signatureKeyIdentifier>
>>> <encryptionUser>service</encryptionUser>
>>> <encryptionPropFile>client.properties</encryptionPropFile>
>>> <encryptionIdentifier>IssuerSerial</encryptionIdentifier>
>>> <encryptionParts>
>>>
>>> {Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}UsernameToken
>>>
>>> </encryptionParts>
>>> <! -- The user and password are set up on the client stub with
>>> an instance of a pwcallbackHandle -->
>>> <!-- <user>marcel</user> -->
>>> <!--
>>> <passwordCallbackClass>edu.ucar.rap.metvault.metvaultservice.version1_0.metadataservice.PWCBHandler</passwordCallbackClass>
>>> -->
>>> </action>
>>>
>>> </parameter>
>>>
>>>
>>> I got another question, how to configure a client for using
>>> UsernameToken and Signature since they both use the <user> parameter
>>> and in my case are different. Do I have to set up two actions ?
>>> Could you send me an example of the setup on the client and on the
>>> service ?
>>>
>>>
>>> Thanks in advance,
>>>
>>> -Marcel
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
>>> For additional commands, e-mail: axis-user-help@ws.apache.org
>>>
>>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
>> For additional commands, e-mail: axis-user-help@ws.apache.org
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-user-help@ws.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org