You are viewing a plain text version of this content. The canonical link for it is here.
Posted to wss4j-dev@ws.apache.org by Maciej Kwiecien <ma...@gmail.com> on 2008/01/10 17:15:03 UTC

How to pass WSE 3.0 authentication using wss4j?

Hello All,

I'd like to check if wss4j library can be useful in following usecase:

I've got SOAP message (request) that I need  to send to web service that
requires WSE 3.0 authentication.



Can WSS4J library help me to perform all required transformation to pass WSE
3.0 authentication?

In other words, what should be done in my java client to talk to web service
secured by WSE 3.0 ?


What is more, I use ServiceMix. ( I've found a lot of pages dedicated to
resolving this issue  in Axis).



Any help will be appreciated,

Maciej

X509NameTokenizer.java

Posted by George Stanchev <Gs...@serena.com>.
Hi,
 
Right under 
 
wss4j\trunk\src\org\apache\ws\security\components\crypto
 
there is a file: X509NameTokenizer.java
 
The license on the top is:
 
/*
 * This source is a plain copy from bouncycastle software.
 * Thus:
 * Copyright (c) 2000 The Legion Of The Bouncy Castle
(http://www.bouncycastle.org)
 */
 
This comment and the fact has been lifted from a project with a
different
license and having IP issues (they implement some encryption algorithm
that
is still patented in some countries) is giving me problems. Besides,
looking
at it, it is very rudimentary. It does not conform to 2253 very closely,
just
roughly.
 
XML-Security contains an RFC2253 parser which looks much much better and
is 
under compatible license.
 
How about if we lift it and use it in WSS4J which will eliminate
licensing
issues and will improve parsing correctness?
 
Best Regards,
George
 

**********************************************************************
This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. 
**********************************************************************


---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org

Re: How to pass WSE 3.0 authentication using wss4j?

Posted by Ruchith Fernando <ru...@gmail.com>.
Hi Maciej,

WSS4J can be used to do all three steps you have mentioned.
If you can explain the incompatibilities of WSS4J that you found with
WSE 3.0, we can try to help you.

Thanks,
Ruchith

On Jan 17, 2008 6:58 PM, Maciej Kwiecien <ma...@gmail.com> wrote:
>
> Hello,
>
>
> Sorry for double posting - I've managed to get over that issue:
>
> org.apache.ws.security.WSSecurityException: An unsupported signature or
> encryption algorithm was used (unsupported key transport encryption
> algorithm: No such algorithm: http://www.w3.org/2001/04/xmlenc#rsa-1_5)
> (I have not had Bouncy Castle lib on classpath)
>
> I am still wondering what should I do to be compliant with WSE 3.0
>
> Regards,
> Maciej
>
>
>
> On Jan 17, 2008 10:52 AM, Maciej Kwiecien <ma...@gmail.com> wrote:
> > Hello,
> >
> > First of all, I thank you for your answer. I am new to WS-Security and I'd
> like to ask you some questions (I guess not so difficult for you)
> >
> > Servicemix rather doesn't support WSE 3.0 but  I'd like to add my own bean
> which extends message with
> > information required by WSE 3.0 before message is sent to .NET web service
> that is secured with WSE 3.0.
> >
> > Could you please give me some guidelines what should I add to message to
> be compliant with WSE 3.0
> >  I know that it is configuration specific  matter - but  what are general
> steps?
> >  I found article (but it is out-of-date) :
> http://www.devx.com/Java/Article/28816/0/page/4
> >
> > There are 3 steps mentioned:
> > - adding user token
> > - signing message
> > - encrypting message
> >
> >
> > Are those steps sufficient to be compliant with  WSE 3.0?
> >
> > I look into WSS4J source code and now I hope I can in proper way:
> > -add user token
> > -sign message with certificate.
> > However,I've got problem with encrypting message - how can I encrypt
> message using RSA key?
> > I get exception
> >
> > org.apache.ws.security.WSSecurityException: An unsupported signature or
> encryption algorithm was used (unsupported key transport encryption
> algorithm: No such algorithm: http://www.w3.org/2001/04/xmlenc#rsa-1_5)
> >
> >
> > I look forward to hearing from you.
> >
> > Regards,
> > Maciej
> >
> >
> >
> >
> > On Jan 17, 2008 9:18 AM, Ruchith Fernando < ruchith.fernando@gmail.com>
> wrote:
> >
> > > I'm not sure about WSE 3.0 and ServiceMix interoperability .... but we
> > > recently tested Apache Rampart (which is based on WSS4J library) with
> > > WCF and we interop on all WS-Security 1.0,1.1 and
> > > WS-SecureConversation scenarios (of WCF plugfest), this includes
> > > UsernameToken as well.
> > >
> > > Thanks,
> > > Ruchith
> > >
> > >
> > >
> > >
> > > On Jan 10, 2008 9:45 PM, Maciej Kwiecien <ma...@gmail.com>
> wrote:
> > > >
> > > >
> > > > Hello All,
> > > >
> > > >  I'd like to check if wss4j library can be useful in following
> usecase:
> > > >
> > > > I've got SOAP message (request) that I need  to send to web service
> that
> > > > requires WSE 3.0 authentication.
> > > >
> > > >
> > > >
> > > > Can WSS4J library help me to perform all required transformation to
> pass WSE
> > > > 3.0 authentication?
> > > >
> > > > In other words, what should be done in my java client to talk to web
> service
> > > > secured by WSE 3.0 ?
> > > >
> > > >
> > > >
> > > >
> > > > What is more, I use ServiceMix. ( I've found a lot of pages dedicated
> to
> > > > resolving this issue  in Axis).
> > > >
> > > >
> > > >
> > > > Any help will be appreciated,
> > > >
> > > > Maciej
> > >
> > >
> > >
> > > --
> > > http://blog.ruchith.org
> > > http://wso2.org
> > >
> >
> >
>
>



-- 
http://blog.ruchith.org
http://wso2.org

---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org

Re: How to pass WSE 3.0 authentication using wss4j?

Posted by Ruchith Fernando <ru...@gmail.com>.
I'm not sure about WSE 3.0 and ServiceMix interoperability .... but we
recently tested Apache Rampart (which is based on WSS4J library) with
WCF and we interop on all WS-Security 1.0,1.1 and
WS-SecureConversation scenarios (of WCF plugfest), this includes
UsernameToken as well.

Thanks,
Ruchith

On Jan 10, 2008 9:45 PM, Maciej Kwiecien <ma...@gmail.com> wrote:
>
>
> Hello All,
>
>  I'd like to check if wss4j library can be useful in following usecase:
>
> I've got SOAP message (request) that I need  to send to web service that
> requires WSE 3.0 authentication.
>
>
>
> Can WSS4J library help me to perform all required transformation to pass WSE
> 3.0 authentication?
>
> In other words, what should be done in my java client to talk to web service
> secured by WSE 3.0 ?
>
>
>
>
> What is more, I use ServiceMix. ( I've found a lot of pages dedicated to
> resolving this issue  in Axis).
>
>
>
> Any help will be appreciated,
>
> Maciej



-- 
http://blog.ruchith.org
http://wso2.org

---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org