enforcing that certain elements are signed and encrypted

["Tim K. (Gmane)" <tk...@idpax.com>]

Hello -

Is it possible to configure the receiving (server) side of WSS4J using 
the standard Axis handlers to enforce that certain elements in the 
request (UsernameToken and Body) be signed and encrypted?

It seems that the server accepts anything as long as there's at least 1 
element that's signed and 1 that's encrypted, the client seems to 
dictate the policy, not the server.

Am I missing anything?

Thank you.

-- 
Tim


---------------------------------------------------------------------
To unsubscribe, e-mail: sandesha-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: sandesha-dev-help@ws.apache.org

Re: enforcing that certain elements are signed and encrypted

["Tim K. (Gmane)" <tk...@idpax.com>]

So it seems that I'm able to enforce the UsernameToken and Body to be 
signed by the client, by using the WSSecurityEngineResult on the server 
side.

But what about the encryption part? How can that be enforced?

Tim



Tim K. (Gmane) wrote:
> Is the only way to achieve this by getting the WSSecurityEngineResult 
> from the MessageContext and then for each WSConstants.SIGN action 
> result looking at what WSSecurityEngineResult.getSignedElementQnames() 
> returns and failing if not all required elements were signed?
>
> What about the encryption part? How does one get the Qnames of the 
> elements that were encrypted from the WSSecurityEngineResult?
>
> thank you
>
> Tim
>
>
>
> Tim K. (Gmane) wrote:
>> Could someone please help me with an answer to this?
>>
>> thank you
>>
>> Tim
>>
>>
>>
>> Tim K. (Gmane) wrote:
>>> Hello -
>>>
>>> Is it possible to configure the receiving (server) side of WSS4J 
>>> using the standard Axis handlers to enforce that certain elements in 
>>> the request (UsernameToken and Body) be signed and encrypted?
>>>
>>> It seems that the server accepts anything as long as there's at 
>>> least 1 element that's signed and 1 that's encrypted, the client 
>>> seems to dictate the policy, not the server.
>>>
>>> Am I missing anything?
>>>
>>> Thank you.
>>>


---------------------------------------------------------------------
To unsubscribe, e-mail: sandesha-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: sandesha-dev-help@ws.apache.org

Re: enforcing that certain elements are signed and encrypted

["Tim K. (Gmane)" <tk...@idpax.com>]

So it seems that I'm able to enforce the UsernameToken and Body to be 
signed by the client, by using the WSSecurityEngineResult on the server 
side.

But what about the encryption part? How can that be enforced?

Tim



Tim K. (Gmane) wrote:
> Is the only way to achieve this by getting the WSSecurityEngineResult 
> from the MessageContext and then for each WSConstants.SIGN action 
> result looking at what WSSecurityEngineResult.getSignedElementQnames() 
> returns and failing if not all required elements were signed?
>
> What about the encryption part? How does one get the Qnames of the 
> elements that were encrypted from the WSSecurityEngineResult?
>
> thank you
>
> Tim
>
>
>
> Tim K. (Gmane) wrote:
>> Could someone please help me with an answer to this?
>>
>> thank you
>>
>> Tim
>>
>>
>>
>> Tim K. (Gmane) wrote:
>>> Hello -
>>>
>>> Is it possible to configure the receiving (server) side of WSS4J 
>>> using the standard Axis handlers to enforce that certain elements in 
>>> the request (UsernameToken and Body) be signed and encrypted?
>>>
>>> It seems that the server accepts anything as long as there's at 
>>> least 1 element that's signed and 1 that's encrypted, the client 
>>> seems to dictate the policy, not the server.
>>>
>>> Am I missing anything?
>>>
>>> Thank you.
>>>


---------------------------------------------------------------------
To unsubscribe, e-mail: sandesha-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: sandesha-dev-help@ws.apache.org

Re: enforcing that certain elements are signed and encrypted

["Tim K. (Gmane)" <tk...@idpax.com>]

Is the only way to achieve this by getting the WSSecurityEngineResult 
from the MessageContext and then for each WSConstants.SIGN action result 
looking at what WSSecurityEngineResult.getSignedElementQnames() returns 
and failing if not all required elements were signed?

What about the encryption part? How does one get the Qnames of the 
elements that were encrypted from the WSSecurityEngineResult?

thank you

Tim



Tim K. (Gmane) wrote:
> Could someone please help me with an answer to this?
>
> thank you
>
> Tim
>
>
>
> Tim K. (Gmane) wrote:
>> Hello -
>>
>> Is it possible to configure the receiving (server) side of WSS4J 
>> using the standard Axis handlers to enforce that certain elements in 
>> the request (UsernameToken and Body) be signed and encrypted?
>>
>> It seems that the server accepts anything as long as there's at least 
>> 1 element that's signed and 1 that's encrypted, the client seems to 
>> dictate the policy, not the server.
>>
>> Am I missing anything?
>>
>> Thank you.
>>


---------------------------------------------------------------------
To unsubscribe, e-mail: sandesha-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: sandesha-dev-help@ws.apache.org

Re: enforcing that certain elements are signed and encrypted

["Tim K. (Gmane)" <tk...@idpax.com>]

Is the only way to achieve this by getting the WSSecurityEngineResult 
from the MessageContext and then for each WSConstants.SIGN action result 
looking at what WSSecurityEngineResult.getSignedElementQnames() returns 
and failing if not all required elements were signed?

What about the encryption part? How does one get the Qnames of the 
elements that were encrypted from the WSSecurityEngineResult?

thank you

Tim



Tim K. (Gmane) wrote:
> Could someone please help me with an answer to this?
>
> thank you
>
> Tim
>
>
>
> Tim K. (Gmane) wrote:
>> Hello -
>>
>> Is it possible to configure the receiving (server) side of WSS4J 
>> using the standard Axis handlers to enforce that certain elements in 
>> the request (UsernameToken and Body) be signed and encrypted?
>>
>> It seems that the server accepts anything as long as there's at least 
>> 1 element that's signed and 1 that's encrypted, the client seems to 
>> dictate the policy, not the server.
>>
>> Am I missing anything?
>>
>> Thank you.
>>


---------------------------------------------------------------------
To unsubscribe, e-mail: sandesha-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: sandesha-dev-help@ws.apache.org

Re: enforcing that certain elements are signed and encrypted

["Tim K. (Gmane)" <tk...@idpax.com>]

Could someone please help me with an answer to this?

thank you

Tim



Tim K. (Gmane) wrote:
> Hello -
>
> Is it possible to configure the receiving (server) side of WSS4J using 
> the standard Axis handlers to enforce that certain elements in the 
> request (UsernameToken and Body) be signed and encrypted?
>
> It seems that the server accepts anything as long as there's at least 
> 1 element that's signed and 1 that's encrypted, the client seems to 
> dictate the policy, not the server.
>
> Am I missing anything?
>
> Thank you.
>


---------------------------------------------------------------------
To unsubscribe, e-mail: sandesha-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: sandesha-dev-help@ws.apache.org

Re: enforcing that certain elements are signed and encrypted

["Tim K. (Gmane)" <tk...@idpax.com>]

Could someone please help me with an answer to this?

thank you

Tim



Tim K. (Gmane) wrote:
> Hello -
>
> Is it possible to configure the receiving (server) side of WSS4J using 
> the standard Axis handlers to enforce that certain elements in the 
> request (UsernameToken and Body) be signed and encrypted?
>
> It seems that the server accepts anything as long as there's at least 
> 1 element that's signed and 1 that's encrypted, the client seems to 
> dictate the policy, not the server.
>
> Am I missing anything?
>
> Thank you.
>


---------------------------------------------------------------------
To unsubscribe, e-mail: sandesha-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: sandesha-dev-help@ws.apache.org