You are viewing a plain text version of this content. The canonical link for it is here.
Posted to fx-dev@ws.apache.org by Ruchith Fernando <ru...@gmail.com> on 2006/10/01 21:27:49 UTC

Re: Soap Request with X509 Token

Hi,

Right now Rampart/WSS4J does nto provide a way to extract the
SecurityTokenReference (STR) from the Signature element.

>From the example message snippets you have given it seems that you
have to add the STR refering to the certificate that was used to sign.

I can think of a couple of workarounds for this:

1.) You can find the certificate that was used to sign the request
using the security results of WSS4J. (Example on extacting security
processing results[1]). From the results you can obtain the
certificate that was used to sign.

Now if you want to add a refernce to this certificate in your response
then you can add a "BinarySecurityToken" element  (Please see usages
of org.apache.ws.security.message.token.BinarySecurity) into the
Securty header of the response and refer to it using an STR element
(please see usages of
org.apache.ws.security.message.token.SecurityTokenReference)

2.) When request soap envelop reaches the message receiver (or service
impl) the Signature element is still available in the Security header.
Therefore if you want to use the *exact same* STR element you can
extract it at the service and create your response.

HTH

Thanks,
Ruchith


[1] http://www.wso2.net/kb/169

On 9/30/06, Shyam Shukla <sh...@persistent.co.in> wrote:
>
>
>
>
> Dear All,
>
>   I am required to create a SOAP request which contains RequestSecurityToken
> with X509 Security Token.
> I am using rampart module of axis2 1.0 to achieve this. Now my problem is
> when this request is sent to the web service,
> <wsse:SecurityTokenReference> tag is found as a child element of <KeyInfo>
> tag in SOAP Header.
> Is there any way to extract the above <wsse:SecurityTokenReference> tag so
> that I could place it inside the SOAP Body as a child element of <wst:Base>
> tag?
>
> My desired format of SOAP request is as below:
> <soap:Envelope>
> <soap:Header>
>  ……………
>  ………
> <KeyInfo>
>           <wsse:SecurityTokenReference>
>             <wsse:Reference
>
> URI="#SecurityToken-bbae5f08-04c5-4f4d-aa79-42e2475a1b7f"
>
> ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
> />
>           </wsse:SecurityTokenReference>
> </KeyInfo>
> </Signature>
> </wsse:Security>
> </soap:Header>
> <soap:body>
> <wst:Base>
>         <wsse:SecurityTokenReference>
>           <wsse:Reference
>
> URI="#SecurityToken-bbae5f08-04c5-4f4d-aa79-42e2475a1b7f"
>
> ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
> />
>         </wsse:SecurityTokenReference>
>  </wst:Base>
>
>         …
>         …
>         …
> </soap:Body>
> </soap:Envelope>
>
>
>
>
>
>
> Best Regards,
>  Shyam Shukla
>
>
>
>   DISCLAIMER ========== This e-mail may contain privileged and confidential
> information which is the property of Persistent Systems Pvt. Ltd. It is
> intended only for the use of the individual or entity to which it is
> addressed. If you are not the intended recipient, you are not authorized to
> read, retain, copy, print, distribute or use this message. If you have
> received this communication in error, please notify the sender and delete
> all copies of this message. Persistent Systems Pvt. Ltd. does not accept any
> liability for virus infected mails.


-- 
www.ruchith.org

---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org

RE: Soap Request with X509 Token

Posted by Shyam Shukla <sh...@persistent.co.in>.
Hi Ruchith,

Thanks a lot for sharing your views with me on the mentioned problem in this
email.
Ruchith,I have to create the mentioned SOAP format while I am creating SOAP
request i.e. before sending request to web service and don't have to do
anything at receiver side(i.e. in SOAP Response from web service).

So I guess solution (1) that you have given can help me but I am not sure at
what stage in client problem I should try to extract security
Processing results and how I will retrieve Reference tag information
including its URI attribute.

Please guide me to resolve this issue. 


Best Regards,
Shyam Shukla

-----Original Message-----
From: Ruchith Fernando [mailto:ruchith.fernando@gmail.com] 
Sent: Monday, October 02, 2006 12:58 AM
To: axis-dev@ws.apache.org
Cc: wss4j-dev@ws.apache.org
Subject: Re: Soap Request with X509 Token

Hi,

Right now Rampart/WSS4J does nto provide a way to extract the
SecurityTokenReference (STR) from the Signature element.

>From the example message snippets you have given it seems that you
have to add the STR refering to the certificate that was used to sign.

I can think of a couple of workarounds for this:

1.) You can find the certificate that was used to sign the request
using the security results of WSS4J. (Example on extacting security
processing results[1]). From the results you can obtain the
certificate that was used to sign.

Now if you want to add a refernce to this certificate in your response
then you can add a "BinarySecurityToken" element  (Please see usages
of org.apache.ws.security.message.token.BinarySecurity) into the
Securty header of the response and refer to it using an STR element
(please see usages of
org.apache.ws.security.message.token.SecurityTokenReference)

2.) When request soap envelop reaches the message receiver (or service
impl) the Signature element is still available in the Security header.
Therefore if you want to use the *exact same* STR element you can
extract it at the service and create your response.

HTH

Thanks,
Ruchith


[1] http://www.wso2.net/kb/169

On 9/30/06, Shyam Shukla <sh...@persistent.co.in> wrote:
>
>
>
>
> Dear All,
>
>   I am required to create a SOAP request which contains
RequestSecurityToken
> with X509 Security Token.
> I am using rampart module of axis2 1.0 to achieve this. Now my problem is
> when this request is sent to the web service,
> <wsse:SecurityTokenReference> tag is found as a child element of <KeyInfo>
> tag in SOAP Header.
> Is there any way to extract the above <wsse:SecurityTokenReference> tag so
> that I could place it inside the SOAP Body as a child element of
<wst:Base>
> tag?
>
> My desired format of SOAP request is as below:
> <soap:Envelope>
> <soap:Header>
>  .....
>  ...
> <KeyInfo>
>           <wsse:SecurityTokenReference>
>             <wsse:Reference
>
> URI="#SecurityToken-bbae5f08-04c5-4f4d-aa79-42e2475a1b7f"
>
>
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-toke
n-profile-1.0#X509v3"
> />
>           </wsse:SecurityTokenReference>
> </KeyInfo>
> </Signature>
> </wsse:Security>
> </soap:Header>
> <soap:body>
> <wst:Base>
>         <wsse:SecurityTokenReference>
>           <wsse:Reference
>
> URI="#SecurityToken-bbae5f08-04c5-4f4d-aa79-42e2475a1b7f"
>
>
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-toke
n-profile-1.0#X509v3"
> />
>         </wsse:SecurityTokenReference>
>  </wst:Base>
>
>         .
>         .
>         .
> </soap:Body>
> </soap:Envelope>
>
>
>
>
>
>
> Best Regards,
>  Shyam Shukla
>
>
>
>   DISCLAIMER ========== This e-mail may contain privileged and
confidential
> information which is the property of Persistent Systems Pvt. Ltd. It is
> intended only for the use of the individual or entity to which it is
> addressed. If you are not the intended recipient, you are not authorized
to
> read, retain, copy, print, distribute or use this message. If you have
> received this communication in error, please notify the sender and delete
> all copies of this message. Persistent Systems Pvt. Ltd. does not accept
any
> liability for virus infected mails.


-- 
www.ruchith.org

---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org

DISCLAIMER
==========
This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails.

RE: Soap Request with X509 Token

Posted by Shyam Shukla <sh...@persistent.co.in>.
Hi Ruchith,

Thanks a lot for sharing your views with me on the mentioned problem in this
email.
Ruchith,I have to create the mentioned SOAP format while I am creating SOAP
request i.e. before sending request to web service and don't have to do
anything at receiver side(i.e. in SOAP Response from web service).

So I guess solution (1) that you have given can help me but I am not sure at
what stage in client problem I should try to extract security
Processing results and how I will retrieve Reference tag information
including its URI attribute.

Please guide me to resolve this issue. 


Best Regards,
Shyam Shukla

-----Original Message-----
From: Ruchith Fernando [mailto:ruchith.fernando@gmail.com] 
Sent: Monday, October 02, 2006 12:58 AM
To: axis-dev@ws.apache.org
Cc: wss4j-dev@ws.apache.org
Subject: Re: Soap Request with X509 Token

Hi,

Right now Rampart/WSS4J does nto provide a way to extract the
SecurityTokenReference (STR) from the Signature element.

>From the example message snippets you have given it seems that you
have to add the STR refering to the certificate that was used to sign.

I can think of a couple of workarounds for this:

1.) You can find the certificate that was used to sign the request
using the security results of WSS4J. (Example on extacting security
processing results[1]). From the results you can obtain the
certificate that was used to sign.

Now if you want to add a refernce to this certificate in your response
then you can add a "BinarySecurityToken" element  (Please see usages
of org.apache.ws.security.message.token.BinarySecurity) into the
Securty header of the response and refer to it using an STR element
(please see usages of
org.apache.ws.security.message.token.SecurityTokenReference)

2.) When request soap envelop reaches the message receiver (or service
impl) the Signature element is still available in the Security header.
Therefore if you want to use the *exact same* STR element you can
extract it at the service and create your response.

HTH

Thanks,
Ruchith


[1] http://www.wso2.net/kb/169

On 9/30/06, Shyam Shukla <sh...@persistent.co.in> wrote:
>
>
>
>
> Dear All,
>
>   I am required to create a SOAP request which contains
RequestSecurityToken
> with X509 Security Token.
> I am using rampart module of axis2 1.0 to achieve this. Now my problem is
> when this request is sent to the web service,
> <wsse:SecurityTokenReference> tag is found as a child element of <KeyInfo>
> tag in SOAP Header.
> Is there any way to extract the above <wsse:SecurityTokenReference> tag so
> that I could place it inside the SOAP Body as a child element of
<wst:Base>
> tag?
>
> My desired format of SOAP request is as below:
> <soap:Envelope>
> <soap:Header>
>  .....
>  ...
> <KeyInfo>
>           <wsse:SecurityTokenReference>
>             <wsse:Reference
>
> URI="#SecurityToken-bbae5f08-04c5-4f4d-aa79-42e2475a1b7f"
>
>
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-toke
n-profile-1.0#X509v3"
> />
>           </wsse:SecurityTokenReference>
> </KeyInfo>
> </Signature>
> </wsse:Security>
> </soap:Header>
> <soap:body>
> <wst:Base>
>         <wsse:SecurityTokenReference>
>           <wsse:Reference
>
> URI="#SecurityToken-bbae5f08-04c5-4f4d-aa79-42e2475a1b7f"
>
>
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-toke
n-profile-1.0#X509v3"
> />
>         </wsse:SecurityTokenReference>
>  </wst:Base>
>
>         .
>         .
>         .
> </soap:Body>
> </soap:Envelope>
>
>
>
>
>
>
> Best Regards,
>  Shyam Shukla
>
>
>
>   DISCLAIMER ========== This e-mail may contain privileged and
confidential
> information which is the property of Persistent Systems Pvt. Ltd. It is
> intended only for the use of the individual or entity to which it is
> addressed. If you are not the intended recipient, you are not authorized
to
> read, retain, copy, print, distribute or use this message. If you have
> received this communication in error, please notify the sender and delete
> all copies of this message. Persistent Systems Pvt. Ltd. does not accept
any
> liability for virus infected mails.


-- 
www.ruchith.org

---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org

DISCLAIMER
==========
This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails.

RE: Soap Request with X509 Token

Posted by Shyam Shukla <sh...@persistent.co.in>.
Hi Ruchith,

Thanks a lot for sharing your views with me on the mentioned problem in this
email.
Ruchith,I have to create the mentioned SOAP format while I am creating SOAP
request i.e. before sending request to web service and don't have to do
anything at receiver side(i.e. in SOAP Response from web service).

So I guess solution (1) that you have given can help me but I am not sure at
what stage in client problem I should try to extract security
Processing results and how I will retrieve Reference tag information
including its URI attribute.

Please guide me to resolve this issue. 


Best Regards,
Shyam Shukla

-----Original Message-----
From: Ruchith Fernando [mailto:ruchith.fernando@gmail.com] 
Sent: Monday, October 02, 2006 12:58 AM
To: axis-dev@ws.apache.org
Cc: wss4j-dev@ws.apache.org
Subject: Re: Soap Request with X509 Token

Hi,

Right now Rampart/WSS4J does nto provide a way to extract the
SecurityTokenReference (STR) from the Signature element.

>From the example message snippets you have given it seems that you
have to add the STR refering to the certificate that was used to sign.

I can think of a couple of workarounds for this:

1.) You can find the certificate that was used to sign the request
using the security results of WSS4J. (Example on extacting security
processing results[1]). From the results you can obtain the
certificate that was used to sign.

Now if you want to add a refernce to this certificate in your response
then you can add a "BinarySecurityToken" element  (Please see usages
of org.apache.ws.security.message.token.BinarySecurity) into the
Securty header of the response and refer to it using an STR element
(please see usages of
org.apache.ws.security.message.token.SecurityTokenReference)

2.) When request soap envelop reaches the message receiver (or service
impl) the Signature element is still available in the Security header.
Therefore if you want to use the *exact same* STR element you can
extract it at the service and create your response.

HTH

Thanks,
Ruchith


[1] http://www.wso2.net/kb/169

On 9/30/06, Shyam Shukla <sh...@persistent.co.in> wrote:
>
>
>
>
> Dear All,
>
>   I am required to create a SOAP request which contains
RequestSecurityToken
> with X509 Security Token.
> I am using rampart module of axis2 1.0 to achieve this. Now my problem is
> when this request is sent to the web service,
> <wsse:SecurityTokenReference> tag is found as a child element of <KeyInfo>
> tag in SOAP Header.
> Is there any way to extract the above <wsse:SecurityTokenReference> tag so
> that I could place it inside the SOAP Body as a child element of
<wst:Base>
> tag?
>
> My desired format of SOAP request is as below:
> <soap:Envelope>
> <soap:Header>
>  .....
>  ...
> <KeyInfo>
>           <wsse:SecurityTokenReference>
>             <wsse:Reference
>
> URI="#SecurityToken-bbae5f08-04c5-4f4d-aa79-42e2475a1b7f"
>
>
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-toke
n-profile-1.0#X509v3"
> />
>           </wsse:SecurityTokenReference>
> </KeyInfo>
> </Signature>
> </wsse:Security>
> </soap:Header>
> <soap:body>
> <wst:Base>
>         <wsse:SecurityTokenReference>
>           <wsse:Reference
>
> URI="#SecurityToken-bbae5f08-04c5-4f4d-aa79-42e2475a1b7f"
>
>
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-toke
n-profile-1.0#X509v3"
> />
>         </wsse:SecurityTokenReference>
>  </wst:Base>
>
>         .
>         .
>         .
> </soap:Body>
> </soap:Envelope>
>
>
>
>
>
>
> Best Regards,
>  Shyam Shukla
>
>
>
>   DISCLAIMER ========== This e-mail may contain privileged and
confidential
> information which is the property of Persistent Systems Pvt. Ltd. It is
> intended only for the use of the individual or entity to which it is
> addressed. If you are not the intended recipient, you are not authorized
to
> read, retain, copy, print, distribute or use this message. If you have
> received this communication in error, please notify the sender and delete
> all copies of this message. Persistent Systems Pvt. Ltd. does not accept
any
> liability for virus infected mails.


-- 
www.ruchith.org

---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org

DISCLAIMER
==========
This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails.