You are viewing a plain text version of this content. The canonical link for it is here.
Posted to wss4j-dev@ws.apache.org by Glen Mazza <gl...@gmail.com> on 2008/07/04 15:27:29 UTC
Two more questions on CXF & WSS4J
Hello, for the following CXF security config file: http://tinyurl.com/5mgyh5
Line 102 and Line 121, does the WSS4J Action here "Timestamp Signature
Encrypt" mean the same thing as "Use the X.509 Token Profile" I.e., those
three actions are used to activate X.509 profiles?
Also, the CXF WS-Security UsernameToken guide, which I've been adding some
updates to:
http://cwiki.apache.org/CXF20DOC/ws-security.html#WS-Security-ConfiguringWSSecurityActions
Tells us to use this action for Username Tokens:
outProps.setProperty(WSHandlerConstants.ACTION,
WSHandlerConstants.USERNAME_TOKEN);
But then tells us at the bottom what we need to do to subsequently sign the
message:
outProps.put(WSHandlerConstants.ACTION, "Signature");
Which would overwrite the previous value. What if we want both Username
Tokens *and* Signing--is it as simple as this:
outProps.put(WSHandlerConstants.ACTION, "UsernameToken Signature");
Thanks,
Glen
--
View this message in context: http://www.nabble.com/Two-more-questions-on-CXF---WSS4J-tp18279527p18279527.html
Sent from the WSS4J mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
AW: Two more questions on CXF & WSS4J
Posted by "Dittmann, Werner (NSN - DE/Muenich)" <we...@nsn.com>.
see inline please.
Regards,
Werner
> -----Ursprüngliche Nachricht-----
> Von: ext Glen Mazza [mailto:glen.mazza@gmail.com]
> Gesendet: Dienstag, 15. Juli 2008 14:48
> An: wss4j-dev@ws.apache.org
> Betreff: RE: Two more questions on CXF & WSS4J
>
>
>
>
> O hEigeartaigh, Colm wrote:
> >
> >
> >> Line 102 and Line 121, does the WSS4J Action here
> "Timestamp Signature
> >> Encrypt" mean the same thing as "Use the X.509 Token Profile" I.e.,
> > those
> >> three actions are used to activate X.509 profiles?
> >
> > I don't follow you here. The X.509 Token Profile is largely
> about how to
> > reference X.509 certificates, i.e. for the case of
> signature to point to
> > the public key required to verify the signature. This can
> be configured
> > via WSHandlerConstants.SIG_KEY_ID and WSHandlerConstants.ENC_KEY_ID.
> >
>
> What I'm saying is that the UsernameToken profile is
> implemented using the
> Action "UsernameToken". WS-Security has another profile
> called the "X.509
> Token profile"--which I haven't studied yet. But is it the
> "Signature"
werner:
yes and no. The X.509 profiles describes (in general) how to use
X.509 certificate to sign and encrypt. Which option you use is up to the
application. It may sig and encrypt, sign only, or encrypt only. All based
on X.509 certificates that provide the public keys or identify the
associated private keys.
> action (or "Signature Encrypt") which activates this profile, like
> "UsernameToken" action activates the UT profile?
>
> Thanks,
> Glen
>
> --
> View this message in context:
> http://www.nabble.com/Two-more-questions-on-CXF---WSS4J-tp1827
> 9527p18464406.html
> Sent from the WSS4J mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
RE: Two more questions on CXF & WSS4J
Posted by Glen Mazza <gl...@gmail.com>.
O hEigeartaigh, Colm wrote:
>
>
>> Line 102 and Line 121, does the WSS4J Action here "Timestamp Signature
>> Encrypt" mean the same thing as "Use the X.509 Token Profile" I.e.,
> those
>> three actions are used to activate X.509 profiles?
>
> I don't follow you here. The X.509 Token Profile is largely about how to
> reference X.509 certificates, i.e. for the case of signature to point to
> the public key required to verify the signature. This can be configured
> via WSHandlerConstants.SIG_KEY_ID and WSHandlerConstants.ENC_KEY_ID.
>
What I'm saying is that the UsernameToken profile is implemented using the
Action "UsernameToken". WS-Security has another profile called the "X.509
Token profile"--which I haven't studied yet. But is it the "Signature"
action (or "Signature Encrypt") which activates this profile, like
"UsernameToken" action activates the UT profile?
Thanks,
Glen
--
View this message in context: http://www.nabble.com/Two-more-questions-on-CXF---WSS4J-tp18279527p18464406.html
Sent from the WSS4J mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
RE: Two more questions on CXF & WSS4J
Posted by "O hEigeartaigh, Colm" <Co...@iona.com>.
> Line 102 and Line 121, does the WSS4J Action here "Timestamp Signature
> Encrypt" mean the same thing as "Use the X.509 Token Profile" I.e.,
those
> three actions are used to activate X.509 profiles?
I don't follow you here. The X.509 Token Profile is largely about how to
reference X.509 certificates, i.e. for the case of signature to point to
the public key required to verify the signature. This can be configured
via WSHandlerConstants.SIG_KEY_ID and WSHandlerConstants.ENC_KEY_ID.
> But then tells us at the bottom what we need to do to subsequently
sign
> the message:
> outProps.put(WSHandlerConstants.ACTION, "Signature");
The documentation should probably use WSHandlerConstants.SIGNATURE
rather than "Signature".
> Which would overwrite the previous value. What if we want both
Username
> Tokens *and* Signing--is it as simple as this:
> outProps.put(WSHandlerConstants.ACTION, "UsernameToken Signature");
Yup that's it. The security config file you reference has:
<entry key="action" value="Timestamp Signature Encrypt"/>
Colm.
-----Original Message-----
From: Glen Mazza [mailto:glen.mazza@gmail.com]
Sent: 04 July 2008 14:27
To: wss4j-dev@ws.apache.org
Subject: Two more questions on CXF & WSS4J
Hello, for the following CXF security config file:
http://tinyurl.com/5mgyh5
Line 102 and Line 121, does the WSS4J Action here "Timestamp Signature
Encrypt" mean the same thing as "Use the X.509 Token Profile" I.e.,
those
three actions are used to activate X.509 profiles?
Also, the CXF WS-Security UsernameToken guide, which I've been adding
some
updates to:
http://cwiki.apache.org/CXF20DOC/ws-security.html#WS-Security-Configurin
gWSSecurityActions
Tells us to use this action for Username Tokens:
outProps.setProperty(WSHandlerConstants.ACTION,
WSHandlerConstants.USERNAME_TOKEN);
But then tells us at the bottom what we need to do to subsequently sign
the
message:
outProps.put(WSHandlerConstants.ACTION, "Signature");
Which would overwrite the previous value. What if we want both Username
Tokens *and* Signing--is it as simple as this:
outProps.put(WSHandlerConstants.ACTION, "UsernameToken Signature");
Thanks,
Glen
--
View this message in context:
http://www.nabble.com/Two-more-questions-on-CXF---WSS4J-tp18279527p18279
527.html
Sent from the WSS4J mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
----------------------------
IONA Technologies PLC (registered in Ireland)
Registered Number: 171387
Registered Address: The IONA Building, Shelbourne Road, Dublin 4, Ireland
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org