You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-user@axis.apache.org by Pete <pw...@yahoo.com> on 2007/11/29 19:26:53 UTC

Encryption configuration problems

Hello all,

Currently I have my client encrypting AXIS2 SOAP messages with the same key to all endpoints. (Axis2/Rampart v1.3)


The problem is that we would like each destination to use a different key.
The service is the same (same WSDL) at each endpoint and other than the IP/port.
(Same service definition, multiple endpoints each with a unique key)

Programatically I know where to route it and set the endpoint, however I am having difficulties setting up the encryption values on the fly.

I see that OutflowSecurity is deprecated.
I've also tried manually building the XML OutflowSecurityParameter and setting it in the options before enabling rampart. That didn't go over well...

        Parameter p = new Parameter("OutflowSecurity", "Encryptmykeyclient.propertieshttp://www.w3.org/2001/04/xmlenc#tripledes-cbc");
        stub._getServiceClient().getAxisConfiguration().addParameter(p);

I've looked at the examples and searched for a decent tutorial on WS-Policy using policy.xml for configuration. What I have found, does not lead me to believe that it will give me the right solution. Maybe I'm not finding the right answer or asking the right question?! I really haven't found a good reference to using policy.xml that I can relate to. (decode)

Any assistance would be greatly appreciated. Thanks!
-P




      ____________________________________________________________________________________
Never miss a thing.  Make Yahoo your home page. 
http://www.yahoo.com/r/hs

---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org

Re: Encryption configuration problems

Posted by Nandana Mihindukulasooriya <na...@gmail.com>.
Hi,
    If I got the scenario correct, what you want is to encrypt different
requests ( to different endpoints ) with different
certificates, right ?
     Which certificate to use in encryption is defined in the property
"encryptionUser". This can be set programatically
in both basic configuration and policy based configuration. We have to set
the correct certificate alias as the "encryptionUser"
property.

In basic configuration,

OutflowConfiguration ofc = new OutflowConfiguration();
ofc.setEncryptionUser("XXX");
options.setProperty(WSSHandlerConstants.OUTFLOW_SECURITY, ofc);

In policy based configuration,

StAXOMBuilder builder = new StAXOMBuilder(xmlPath);
      Policy policy = PolicyEngine.getPolicy(builder.getDocumentElement());

      RampartConfig rampartConfig = new RampartConfig();
      rampartConfig.setUser("Alan");
      rampartConfig.setEncryptionUser ("Someone");
      ...
      rampartConfig.setSigCryptoConfig(sigCryptoConfig);
      rampartConfig.setEncrCryptoConfig(encrCrypto);

      policy.addAssertion(rampartConfig);









On Nov 29, 2007 11:56 PM, Pete <pw...@yahoo.com> wrote:

> Hello all,
>
> Currently I have my client encrypting AXIS2 SOAP messages with the same
> key to all endpoints. (Axis2/Rampart v1.3)
>
>
> The problem is that we would like each destination to use a different key.
> The service is the same (same WSDL) at each endpoint and other than the
> IP/port.
> (Same service definition, multiple endpoints each with a unique key)
>
> Programatically I know where to route it and set the endpoint, however I
> am having difficulties setting up the encryption values on the fly.
>
> I see that OutflowSecurity is deprecated.
> I've also tried manually building the XML OutflowSecurityParameter and
> setting it in the options before enabling rampart. That didn't go over
> well...
>
>        Parameter p = new Parameter("OutflowSecurity", "Encryptmykeyclient
> .propertieshttp://www.w3.org/2001/04/xmlenc#tripledes-cbc");
>        stub._getServiceClient().getAxisConfiguration().addParameter(p);
>
> I've looked at the examples and searched for a decent tutorial on
> WS-Policy using policy.xml for configuration. What I have found, does not
> lead me to believe that it will give me the right solution. Maybe I'm not
> finding the right answer or asking the right question?! I really haven't
> found a good reference to using policy.xml that I can relate to. (decode)
>
> Any assistance would be greatly appreciated. Thanks!
> -P
>
>
>
>
>
>  ____________________________________________________________________________________
> Never miss a thing.  Make Yahoo your home page.
> http://www.yahoo.com/r/hs
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-user-help@ws.apache.org
>
>