You are viewing a plain text version of this content. The canonical link for it is here.
Posted to rampart-dev@ws.apache.org by Nencho Lupanov <ne...@googlemail.com> on 2007/05/16 12:33:00 UTC
TransportBinding
Hi all,
I am testing the TransportBinding assertion with UsernameToken.
Do I need some furthure configuration on tomcat in order to enable ssl?
I already configured ssl on port 9443.Is that enough?
Does the enpoint needs to use this port?Do I only have to change the port at
the endpoint or something?
Thanks,
Nencho
Re: TransportBinding
Posted by Nencho Lupanov <ne...@googlemail.com>.
Hi Dimuthu,
Consider the same client using another service/policy with transport
binding, then it needs
different values, of cource it will overwrite the prevous one but more clear
approach will be to clear the values when not needed any more.
Anyway this is not such a big concern right one, you are right that we can
go for it and just set them every time when we found appropriate rampart
configuration.So this properties shoud be set by the rampart modle itself
right?
Regards,
Nencho
2007/5/29, Dimuthu <mu...@apache.org>:
>
> Hi Nencho,
>
> My opinion is that we should not un-set the values. Why? According to
> the sec-policy spec, message security will always be provided at the
> transport level as long as Transport binding is used. So as long as we
> are switching on HTTPS, when Transport binding is in use, then things
> should be fine. However Rampart user should be able to configure these
> parameters. These are my thoughts :-).
>
> Regards,
> Dimuthu
>
>
> On Tue, 2007-05-29 at 12:50 +0300, Nencho Lupanov wrote:
> > Hi dimuthu,
> >
> > I've managed to run the Transportbinding sample by generating the
> > keystore for the client,
> > importing the server certificate and setting the properties above.Yes
> > i think that can be automated in rampart but my question is:
> > if we set those properties,when do we un-set them?
> >
> > Regards,
> > Nencho
> >
> >
> >
> > 2007/5/16, Dimuthu <mu...@apache.org>:
> > Hi Nencho,
> >
> > Couple of hours ago I was looking at how to configure ssl in
> > Axis2
> > client side becuase of Rampart-42. I found this article [1].
> > Basically
> > if you have JSSE, set the following four parameters in the
> > client side
> > properly and things should work smoothly when you give the EPR
> > correctly.
> >
> > System.setProperty("javax.net.ssl.keyStorePassword",
> > "password");
> > System.setProperty("javax.net.ssl.keyStoreType", "JKS");
> > System.setProperty("javax.net.ssl.trustStore",
> > "client-truststore.jks");
> > System.setProperty("javax.net.ssl.trustStorePassword ",
> > "trustPass");
> >
> > I haven't tried it. But it should work.
> >
> > By the way regarding Rampart-42, we can automate the client
> > side SSL
> > configuration as much as possible in the Rampart when it comes
> > to
> > TransportBinding assertion, but serverside has to be handled
> > manually.
> > What do you think? I don't see a better solution.
> >
> > Cheers,
> > Dimuthu
> >
> > [1]http://java.sun.com/products/jsse/INSTALL.html
> >
> >
> > On Wed, 2007-05-16 at 13:33 +0300, Nencho Lupanov wrote:
> > > Hi all,
> > >
> > > I am testing the TransportBinding assertion with
> > UsernameToken.
> > > Do I need some furthure configuration on tomcat in order to
> > enable ssl?
> > > I already configured ssl on port 9443.Is that enough?
> > >
> > > Does the enpoint needs to use this port?Do I only have to
> > change the port at
> > > the endpoint or something?
> > >
> > > Thanks,
> > > Nencho
> >
> >
> >
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail: axis-dev-unsubscribe@ws.apache.org
> > For additional commands, e-mail: axis-dev-help@ws.apache.org
> >
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-dev-help@ws.apache.org
>
>
Re: TransportBinding
Posted by Dimuthu <mu...@apache.org>.
Hi Nencho,
My opinion is that we should not un-set the values. Why? According to
the sec-policy spec, message security will always be provided at the
transport level as long as Transport binding is used. So as long as we
are switching on HTTPS, when Transport binding is in use, then things
should be fine. However Rampart user should be able to configure these
parameters. These are my thoughts :-).
Regards,
Dimuthu
On Tue, 2007-05-29 at 12:50 +0300, Nencho Lupanov wrote:
> Hi dimuthu,
>
> I've managed to run the Transportbinding sample by generating the
> keystore for the client,
> importing the server certificate and setting the properties above.Yes
> i think that can be automated in rampart but my question is:
> if we set those properties,when do we un-set them?
>
> Regards,
> Nencho
>
>
>
> 2007/5/16, Dimuthu <mu...@apache.org>:
> Hi Nencho,
>
> Couple of hours ago I was looking at how to configure ssl in
> Axis2
> client side becuase of Rampart-42. I found this article [1].
> Basically
> if you have JSSE, set the following four parameters in the
> client side
> properly and things should work smoothly when you give the EPR
> correctly.
>
> System.setProperty("javax.net.ssl.keyStorePassword",
> "password");
> System.setProperty("javax.net.ssl.keyStoreType", "JKS");
> System.setProperty("javax.net.ssl.trustStore",
> "client-truststore.jks");
> System.setProperty("javax.net.ssl.trustStorePassword ",
> "trustPass");
>
> I haven't tried it. But it should work.
>
> By the way regarding Rampart-42, we can automate the client
> side SSL
> configuration as much as possible in the Rampart when it comes
> to
> TransportBinding assertion, but serverside has to be handled
> manually.
> What do you think? I don't see a better solution.
>
> Cheers,
> Dimuthu
>
> [1]http://java.sun.com/products/jsse/INSTALL.html
>
>
> On Wed, 2007-05-16 at 13:33 +0300, Nencho Lupanov wrote:
> > Hi all,
> >
> > I am testing the TransportBinding assertion with
> UsernameToken.
> > Do I need some furthure configuration on tomcat in order to
> enable ssl?
> > I already configured ssl on port 9443.Is that enough?
> >
> > Does the enpoint needs to use this port?Do I only have to
> change the port at
> > the endpoint or something?
> >
> > Thanks,
> > Nencho
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-dev-help@ws.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-dev-help@ws.apache.org
Re: TransportBinding
Posted by Nencho Lupanov <ne...@googlemail.com>.
Hi dimuthu,
I've managed to run the Transportbinding sample by generating the keystore
for the client,
importing the server certificate and setting the properties above.Yes i
think that can be automated in rampart but my question is:
if we set those properties,when do we un-set them?
Regards,
Nencho
2007/5/16, Dimuthu <mu...@apache.org>:
>
> Hi Nencho,
>
> Couple of hours ago I was looking at how to configure ssl in Axis2
> client side becuase of Rampart-42. I found this article [1]. Basically
> if you have JSSE, set the following four parameters in the client side
> properly and things should work smoothly when you give the EPR
> correctly.
>
> System.setProperty("javax.net.ssl.keyStorePassword", "password");
> System.setProperty("javax.net.ssl.keyStoreType", "JKS");
> System.setProperty("javax.net.ssl.trustStore", "client-truststore.jks");
> System.setProperty("javax.net.ssl.trustStorePassword", "trustPass");
>
> I haven't tried it. But it should work.
>
> By the way regarding Rampart-42, we can automate the client side SSL
> configuration as much as possible in the Rampart when it comes to
> TransportBinding assertion, but serverside has to be handled manually.
> What do you think? I don't see a better solution.
>
> Cheers,
> Dimuthu
>
> [1]http://java.sun.com/products/jsse/INSTALL.html
>
>
> On Wed, 2007-05-16 at 13:33 +0300, Nencho Lupanov wrote:
> > Hi all,
> >
> > I am testing the TransportBinding assertion with UsernameToken.
> > Do I need some furthure configuration on tomcat in order to enable ssl?
> > I already configured ssl on port 9443.Is that enough?
> >
> > Does the enpoint needs to use this port?Do I only have to change the
> port at
> > the endpoint or something?
> >
> > Thanks,
> > Nencho
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-dev-help@ws.apache.org
>
>
Re: TransportBinding
Posted by Nencho Lupanov <ne...@googlemail.com>.
Hi Dimuthu,
Isn't it supposed to be automatically since we have this property in the
rampart config of the policy?
I can say that rampart actually extract those and use them.
I'll try your solution to see if it works.
So, the EPR should be the same but using the ssl port right?
Does anyone has any experience with the transport binding?
thanks,
Nencho
2007/5/16, Dimuthu <mu...@apache.org>:
>
> Hi Nencho,
>
> Couple of hours ago I was looking at how to configure ssl in Axis2
> client side becuase of Rampart-42. I found this article [1]. Basically
> if you have JSSE, set the following four parameters in the client side
> properly and things should work smoothly when you give the EPR
> correctly.
>
> System.setProperty("javax.net.ssl.keyStorePassword", "password");
> System.setProperty("javax.net.ssl.keyStoreType", "JKS");
> System.setProperty("javax.net.ssl.trustStore", "client-truststore.jks");
> System.setProperty("javax.net.ssl.trustStorePassword", "trustPass");
>
> I haven't tried it. But it should work.
>
> By the way regarding Rampart-42, we can automate the client side SSL
> configuration as much as possible in the Rampart when it comes to
> TransportBinding assertion, but serverside has to be handled manually.
> What do you think? I don't see a better solution.
>
> Cheers,
> Dimuthu
>
> [1]http://java.sun.com/products/jsse/INSTALL.html
>
>
> On Wed, 2007-05-16 at 13:33 +0300, Nencho Lupanov wrote:
> > Hi all,
> >
> > I am testing the TransportBinding assertion with UsernameToken.
> > Do I need some furthure configuration on tomcat in order to enable ssl?
> > I already configured ssl on port 9443.Is that enough?
> >
> > Does the enpoint needs to use this port?Do I only have to change the
> port at
> > the endpoint or something?
> >
> > Thanks,
> > Nencho
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-dev-help@ws.apache.org
>
>
Re: TransportBinding
Posted by Nencho Lupanov <ne...@googlemail.com>.
Hi Dimuthu ,
What should be the value of the javax.net.ssl.trustStorePassword
property in the case of the rampart samples?
Thanks,
Nencho
2007/5/16, Dimuthu <mu...@apache.org>:
>
> Hi Nencho,
>
> Couple of hours ago I was looking at how to configure ssl in Axis2
> client side becuase of Rampart-42. I found this article [1]. Basically
> if you have JSSE, set the following four parameters in the client side
> properly and things should work smoothly when you give the EPR
> correctly.
>
> System.setProperty("javax.net.ssl.keyStorePassword", "password");
> System.setProperty("javax.net.ssl.keyStoreType", "JKS");
> System.setProperty("javax.net.ssl.trustStore", "client-truststore.jks");
> System.setProperty("javax.net.ssl.trustStorePassword", "trustPass");
>
> I haven't tried it. But it should work.
>
> By the way regarding Rampart-42, we can automate the client side SSL
> configuration as much as possible in the Rampart when it comes to
> TransportBinding assertion, but serverside has to be handled manually.
> What do you think? I don't see a better solution.
>
> Cheers,
> Dimuthu
>
> [1]http://java.sun.com/products/jsse/INSTALL.html
>
>
> On Wed, 2007-05-16 at 13:33 +0300, Nencho Lupanov wrote:
> > Hi all,
> >
> > I am testing the TransportBinding assertion with UsernameToken.
> > Do I need some furthure configuration on tomcat in order to enable ssl?
> > I already configured ssl on port 9443.Is that enough?
> >
> > Does the enpoint needs to use this port?Do I only have to change the
> port at
> > the endpoint or something?
> >
> > Thanks,
> > Nencho
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-dev-help@ws.apache.org
>
>
Re: TransportBinding
Posted by Nencho Lupanov <ne...@googlemail.com>.
Hi Dimithu,
I've managed to configure jsse but now i get the following error:
[java] Exception in thread "main" org.apache.axis2.AxisFault:
Unconnected s
ockets not implemented; nested exception is:
[java] java.net.SocketException: Unconnected sockets not
implemented; n
ested exception is:
[java] org.apache.axis2.AxisFault: Unconnected sockets not
implemented;
nested exception is:
[java] java.net.SocketException: Unconnected sockets not
implemented
[java] at
org.apache.axis2.transport.http.CommonsHTTPTransportSender.in
voke(CommonsHTTPTransportSender.java:227)
[java] at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java
:674)
[java] at
org.apache.axis2.description.OutInAxisOperationClient.send(Ou
tInAxisOperation.java:237)
[java] at
org.apache.axis2.description.OutInAxisOperationClient.execute
(OutInAxisOperation.java:202)
[java] at org.apache.axis2.client.ServiceClient.sendReceive
(ServiceClie
nt.java:579)
[java] at org.apache.axis2.client.ServiceClient.sendReceive
(ServiceClie
nt.java:508)
[java] at org.apache.rampart.samples.policy.sample01.Client.main
(Unknow
n Source)
Any Idea?
Thanks,
Nencho
2007/5/16, Dimuthu <mu...@apache.org>:
>
> Hi Nencho,
>
> Couple of hours ago I was looking at how to configure ssl in Axis2
> client side becuase of Rampart-42. I found this article [1]. Basically
> if you have JSSE, set the following four parameters in the client side
> properly and things should work smoothly when you give the EPR
> correctly.
>
> System.setProperty("javax.net.ssl.keyStorePassword", "password");
> System.setProperty("javax.net.ssl.keyStoreType", "JKS");
> System.setProperty("javax.net.ssl.trustStore", "client-truststore.jks");
> System.setProperty("javax.net.ssl.trustStorePassword", "trustPass");
>
> I haven't tried it. But it should work.
>
> By the way regarding Rampart-42, we can automate the client side SSL
> configuration as much as possible in the Rampart when it comes to
> TransportBinding assertion, but serverside has to be handled manually.
> What do you think? I don't see a better solution.
>
> Cheers,
> Dimuthu
>
> [1]http://java.sun.com/products/jsse/INSTALL.html
>
>
> On Wed, 2007-05-16 at 13:33 +0300, Nencho Lupanov wrote:
> > Hi all,
> >
> > I am testing the TransportBinding assertion with UsernameToken.
> > Do I need some furthure configuration on tomcat in order to enable ssl?
> > I already configured ssl on port 9443.Is that enough?
> >
> > Does the enpoint needs to use this port?Do I only have to change the
> port at
> > the endpoint or something?
> >
> > Thanks,
> > Nencho
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-dev-help@ws.apache.org
>
>
Re: TransportBinding
Posted by Dimuthu <mu...@apache.org>.
Hi Nencho,
Couple of hours ago I was looking at how to configure ssl in Axis2
client side becuase of Rampart-42. I found this article [1]. Basically
if you have JSSE, set the following four parameters in the client side
properly and things should work smoothly when you give the EPR
correctly.
System.setProperty("javax.net.ssl.keyStorePassword", "password");
System.setProperty("javax.net.ssl.keyStoreType", "JKS");
System.setProperty("javax.net.ssl.trustStore", "client-truststore.jks");
System.setProperty("javax.net.ssl.trustStorePassword", "trustPass");
I haven't tried it. But it should work.
By the way regarding Rampart-42, we can automate the client side SSL
configuration as much as possible in the Rampart when it comes to
TransportBinding assertion, but serverside has to be handled manually.
What do you think? I don't see a better solution.
Cheers,
Dimuthu
[1]http://java.sun.com/products/jsse/INSTALL.html
On Wed, 2007-05-16 at 13:33 +0300, Nencho Lupanov wrote:
> Hi all,
>
> I am testing the TransportBinding assertion with UsernameToken.
> Do I need some furthure configuration on tomcat in order to enable ssl?
> I already configured ssl on port 9443.Is that enough?
>
> Does the enpoint needs to use this port?Do I only have to change the port at
> the endpoint or something?
>
> Thanks,
> Nencho
Re: TransportBinding
Posted by Dimuthu <mu...@apache.org>.
Hi Nencho,
Couple of hours ago I was looking at how to configure ssl in Axis2
client side becuase of Rampart-42. I found this article [1]. Basically
if you have JSSE, set the following four parameters in the client side
properly and things should work smoothly when you give the EPR
correctly.
System.setProperty("javax.net.ssl.keyStorePassword", "password");
System.setProperty("javax.net.ssl.keyStoreType", "JKS");
System.setProperty("javax.net.ssl.trustStore", "client-truststore.jks");
System.setProperty("javax.net.ssl.trustStorePassword", "trustPass");
I haven't tried it. But it should work.
By the way regarding Rampart-42, we can automate the client side SSL
configuration as much as possible in the Rampart when it comes to
TransportBinding assertion, but serverside has to be handled manually.
What do you think? I don't see a better solution.
Cheers,
Dimuthu
[1]http://java.sun.com/products/jsse/INSTALL.html
On Wed, 2007-05-16 at 13:33 +0300, Nencho Lupanov wrote:
> Hi all,
>
> I am testing the TransportBinding assertion with UsernameToken.
> Do I need some furthure configuration on tomcat in order to enable ssl?
> I already configured ssl on port 9443.Is that enough?
>
> Does the enpoint needs to use this port?Do I only have to change the port at
> the endpoint or something?
>
> Thanks,
> Nencho
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-dev-help@ws.apache.org