You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-user@axis.apache.org by Håkon Sagehaug <ha...@uni.no> on 2011/02/02 13:35:20 UTC
Settign password type usign axis2-1.3
Hi all,
I've got to develop client that uses axis2-1.3 and StsClient from Ramaprt
for fetching a SAML token and using username and password as authentication.
The problem is that the password in the header is always set to Digest type,
and I want it to be text. Here is the important snippets from mye code
ConfigurationContext ctx = ConfigurationContextFactory
.createConfigurationContextFromFileSystem("repository",
null);
OMElement el = getRSTTemplate();
STSClient stsClient = new STSClient(ctx);
stsClient.setRstTemplate(el);
String action = "http://bccs.uib.no/esysbio/sts/IssueToken";
stsClient.setAction(action);
org.apache.axis2.client.Options options = new Options();
options.setTo(new EndpointReference(sts_location));
options.setUserName("user");
options.setPassword("pass");
stsClient.setOptions(options);
Token responseToken = stsClient.requestSecurityToken(
loadPolicy("policy/policy_sts_saml.xml"), sts_location,
loadPolicy("policy/sts_policy.xml"), null);
I've got the same client for axis2-1.5 and there the password is always
text, but I cant use axis2-1.5 in this particulare case. So any hints on how
enable clear text passwords when using axis2-1.3 and rampart 1.3.
RE: Settign password type usign axis2-1.3
Posted by Martin Gainty <mg...@hotmail.com>.
you can set PASSWORD_TEXT option for setPasswordType method of the OutflowConfiguration configuration e.g.
OutflowConfiguration ofc = new OutflowConfiguration();
String actionItems = "Timestamp Signature Encrypt";
String user = "user";
String pwcb = "org.apache.axis2.security.PWCallback";
String sigKeyId = "interop.properties";
String sigParts = "{Element}{http://schemas.xmlsoap.org/ws/2004/08/"
+ "addressing}MessageID;{Element}{http://docs.oasis-open.org/wss/"
+ "2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp";
String optimizeParts = "//xenc:EncryptedData/xenc:CipherData/xenc:CipherValue";
String embeddedKeyCallbackClass = "org.apache.axis2.security.PWCallback";
String encrUser = "user";
String samlPropFile = "saml.properties";
String sigPropFile = "sig.properties";
String encPropFile = "enc.properties";
// Setting the properties in the ofc
ofc.setActionItems(actionItems);
ofc.setUser(user);
ofc.setPasswordCallbackClass(pwcb);
ofc.setSignatureKeyIdentifier(sigKeyId);
ofc.setEncryptionKeyIdentifier(WSSHandlerConstants.SKI_KEY_IDENTIFIER);
ofc.setSignatureParts(sigParts);
ofc.setOptimizeParts(optimizeParts);
ofc.setEmbeddedKeyCallbackClass(emther beddedKeyCallbackClass);
ofc.setEncryptionKeyTransportAlgorithm(WSConstants.KEYTRANSPORT_RSA15);
ofc.setEncryptionSymAlgorithm(WSConstants.AES_128);
ofc.setEncryptionUser(encrUser);
//ofc.setPasswordType(WSConstants.PW_DIGEST);
ofc.setPasswordType(WSConstants.PASSWORD_TEXT);
ofc.setSamlPropFile(samlPropFile);
ofc.setSignaturePropFile(sigPropFile);
ofc.setEncryptionPropFile(encPropFile);
håpe denne hjelper
martin
______________________________________________
Jogi és Bizalmassági kinyilatkoztatás/Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité
Ez az
üzenet bizalmas. Ha nem ön az akinek szánva volt, akkor kérjük, hogy
jelentse azt nekünk vissza. Semmiféle továbbítása vagy másolatának
készítése nem megengedett. Ez az üzenet csak ismeret cserét szolgál és
semmiféle jogi alkalmazhatósága sincs. Mivel az electronikus üzenetek
könnyen megváltoztathatóak, ezért minket semmi felelöség nem terhelhet
ezen üzenet tartalma miatt.
Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen.
Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le destinataire prévu, nous te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert à l'information seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité pour le contenu fourni.
Date: Wed, 2 Feb 2011 13:35:20 +0100
Subject: Settign password type usign axis2-1.3
From: hakon.sagehaug@uni.no
To: java-user@axis.apache.org
Hi all,
I've got to develop client that uses axis2-1.3 and StsClient from Ramaprt for fetching a SAML token and using username and password as authentication. The problem is that the password in the header is always set to Digest type, and I want it to be text. Here is the important snippets from mye code
ConfigurationContext ctx = ConfigurationContextFactory
.createConfigurationContextFromFileSystem("repository", null);
OMElement el = getRSTTemplate();
STSClient stsClient = new STSClient(ctx);
stsClient.setRstTemplate(el);
String action = "http://bccs.uib.no/esysbio/sts/IssueToken";
stsClient.setAction(action);
org.apache.axis2.client.Options options = new Options();
options.setTo(new EndpointReference(sts_location));
options.setUserName("user");
options.setPassword("pass");
stsClient.setOptions(options);
Token responseToken = stsClient.requestSecurityToken(
loadPolicy("policy/policy_sts_saml.xml"), sts_location,
loadPolicy("policy/sts_policy.xml"), null);
I've got the same client for axis2-1.5 and there the password is always text, but I cant use axis2-1.5 in this particulare case. So any hints on how enable clear text passwords when using axis2-1.3 and rampart 1.3.