You are viewing a plain text version of this content. The canonical link for it is here.
Posted to fx-dev@ws.apache.org by Joshua Kuritzky <ku...@fstrf.org> on 2006/10/12 16:57:44 UTC
WSE2 and wss4j
Hi, I'm working on a creating a secure web service with
Tomcat/Axis/wss4j and an associated client with .NET 1.1 and WSE2. I
have a few questions:
1. Is there a tutorial available that describes accessing authenticated
and encrypted wss4j web services from .NET? Most tutorials I've found
assume Axis is being used to consume the service?
2. When following the main wss4j tutorial for adding Username token
authentication, I ran into the following strange scenario:
Using the requestFlow and PWCallback examples from the tutorial, I've
set up a web service that requires username 'wss4j' and password
'security'. When accessing this service from .NET, things behave
differently given the scenario:
- Token sent with password hashed: When the password is correct, the
service works; when the password is incorrect, the service doesn't work
and throws an exception. This is the expected behavior.
- Request sent without a token: Exception thrown. This is the expected
behavior.
- Token sent with password as plaintext: When I do this it works *even
when the password is incorrect*. How can this be prevented?
Thanks so much for the help,
-Joshua Kuritzky
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: WSE2 and wss4j
Posted by Ruchith Fernando <ru...@gmail.com>.
Are you handling the WSPasswordCallback.USERNAME_TOKEN_UNKNOWN usage
case in you callback handler that you use at the server side when you
do plain text password?
If not, have a look at the service configuration section of the plain
text password case here :
http://www.wso2.net/articles/rampart/java/2006/08/15/usernametoken-auth
Thanks,
Ruchith
On 10/12/06, Joshua Kuritzky <ku...@fstrf.org> wrote:
> Hi, I'm working on a creating a secure web service with
> Tomcat/Axis/wss4j and an associated client with .NET 1.1 and WSE2. I
> have a few questions:
>
> 1. Is there a tutorial available that describes accessing authenticated
> and encrypted wss4j web services from .NET? Most tutorials I've found
> assume Axis is being used to consume the service?
>
> 2. When following the main wss4j tutorial for adding Username token
> authentication, I ran into the following strange scenario:
>
> Using the requestFlow and PWCallback examples from the tutorial, I've
> set up a web service that requires username 'wss4j' and password
> 'security'. When accessing this service from .NET, things behave
> differently given the scenario:
>
> - Token sent with password hashed: When the password is correct, the
> service works; when the password is incorrect, the service doesn't work
> and throws an exception. This is the expected behavior.
>
> - Request sent without a token: Exception thrown. This is the expected
> behavior.
>
> - Token sent with password as plaintext: When I do this it works *even
> when the password is incorrect*. How can this be prevented?
>
> Thanks so much for the help,
>
> -Joshua Kuritzky
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
>
--
www.ruchith.org
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: WSE2 and wss4j
Posted by Ruchith Fernando <ru...@gmail.com>.
Are you handling the WSPasswordCallback.USERNAME_TOKEN_UNKNOWN usage
case in you callback handler that you use at the server side when you
do plain text password?
If not, have a look at the service configuration section of the plain
text password case here :
http://www.wso2.net/articles/rampart/java/2006/08/15/usernametoken-auth
Thanks,
Ruchith
On 10/12/06, Joshua Kuritzky <ku...@fstrf.org> wrote:
> Hi, I'm working on a creating a secure web service with
> Tomcat/Axis/wss4j and an associated client with .NET 1.1 and WSE2. I
> have a few questions:
>
> 1. Is there a tutorial available that describes accessing authenticated
> and encrypted wss4j web services from .NET? Most tutorials I've found
> assume Axis is being used to consume the service?
>
> 2. When following the main wss4j tutorial for adding Username token
> authentication, I ran into the following strange scenario:
>
> Using the requestFlow and PWCallback examples from the tutorial, I've
> set up a web service that requires username 'wss4j' and password
> 'security'. When accessing this service from .NET, things behave
> differently given the scenario:
>
> - Token sent with password hashed: When the password is correct, the
> service works; when the password is incorrect, the service doesn't work
> and throws an exception. This is the expected behavior.
>
> - Request sent without a token: Exception thrown. This is the expected
> behavior.
>
> - Token sent with password as plaintext: When I do this it works *even
> when the password is incorrect*. How can this be prevented?
>
> Thanks so much for the help,
>
> -Joshua Kuritzky
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
>
--
www.ruchith.org
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org