You are viewing a plain text version of this content. The canonical link for it is here.
Posted to sandesha-dev@ws.apache.org by "Tim K. (Gmane)" <tk...@idpax.com> on 2006/05/03 09:38:32 UTC
enforcing that certain elements are signed and encrypted
Hello -
Is it possible to configure the receiving (server) side of WSS4J using
the standard Axis handlers to enforce that certain elements in the
request (UsernameToken and Body) be signed and encrypted?
It seems that the server accepts anything as long as there's at least 1
element that's signed and 1 that's encrypted, the client seems to
dictate the policy, not the server.
Am I missing anything?
Thank you.
--
Tim
---------------------------------------------------------------------
To unsubscribe, e-mail: sandesha-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: sandesha-dev-help@ws.apache.org
Re: enforcing that certain elements are signed and encrypted
Posted by "Tim K. (Gmane)" <tk...@idpax.com>.
So it seems that I'm able to enforce the UsernameToken and Body to be
signed by the client, by using the WSSecurityEngineResult on the server
side.
But what about the encryption part? How can that be enforced?
Tim
Tim K. (Gmane) wrote:
> Is the only way to achieve this by getting the WSSecurityEngineResult
> from the MessageContext and then for each WSConstants.SIGN action
> result looking at what WSSecurityEngineResult.getSignedElementQnames()
> returns and failing if not all required elements were signed?
>
> What about the encryption part? How does one get the Qnames of the
> elements that were encrypted from the WSSecurityEngineResult?
>
> thank you
>
> Tim
>
>
>
> Tim K. (Gmane) wrote:
>> Could someone please help me with an answer to this?
>>
>> thank you
>>
>> Tim
>>
>>
>>
>> Tim K. (Gmane) wrote:
>>> Hello -
>>>
>>> Is it possible to configure the receiving (server) side of WSS4J
>>> using the standard Axis handlers to enforce that certain elements in
>>> the request (UsernameToken and Body) be signed and encrypted?
>>>
>>> It seems that the server accepts anything as long as there's at
>>> least 1 element that's signed and 1 that's encrypted, the client
>>> seems to dictate the policy, not the server.
>>>
>>> Am I missing anything?
>>>
>>> Thank you.
>>>
---------------------------------------------------------------------
To unsubscribe, e-mail: sandesha-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: sandesha-dev-help@ws.apache.org
Re: enforcing that certain elements are signed and encrypted
Posted by "Tim K. (Gmane)" <tk...@idpax.com>.
So it seems that I'm able to enforce the UsernameToken and Body to be
signed by the client, by using the WSSecurityEngineResult on the server
side.
But what about the encryption part? How can that be enforced?
Tim
Tim K. (Gmane) wrote:
> Is the only way to achieve this by getting the WSSecurityEngineResult
> from the MessageContext and then for each WSConstants.SIGN action
> result looking at what WSSecurityEngineResult.getSignedElementQnames()
> returns and failing if not all required elements were signed?
>
> What about the encryption part? How does one get the Qnames of the
> elements that were encrypted from the WSSecurityEngineResult?
>
> thank you
>
> Tim
>
>
>
> Tim K. (Gmane) wrote:
>> Could someone please help me with an answer to this?
>>
>> thank you
>>
>> Tim
>>
>>
>>
>> Tim K. (Gmane) wrote:
>>> Hello -
>>>
>>> Is it possible to configure the receiving (server) side of WSS4J
>>> using the standard Axis handlers to enforce that certain elements in
>>> the request (UsernameToken and Body) be signed and encrypted?
>>>
>>> It seems that the server accepts anything as long as there's at
>>> least 1 element that's signed and 1 that's encrypted, the client
>>> seems to dictate the policy, not the server.
>>>
>>> Am I missing anything?
>>>
>>> Thank you.
>>>
---------------------------------------------------------------------
To unsubscribe, e-mail: sandesha-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: sandesha-dev-help@ws.apache.org
Re: enforcing that certain elements are signed and encrypted
Posted by "Tim K. (Gmane)" <tk...@idpax.com>.
Is the only way to achieve this by getting the WSSecurityEngineResult
from the MessageContext and then for each WSConstants.SIGN action result
looking at what WSSecurityEngineResult.getSignedElementQnames() returns
and failing if not all required elements were signed?
What about the encryption part? How does one get the Qnames of the
elements that were encrypted from the WSSecurityEngineResult?
thank you
Tim
Tim K. (Gmane) wrote:
> Could someone please help me with an answer to this?
>
> thank you
>
> Tim
>
>
>
> Tim K. (Gmane) wrote:
>> Hello -
>>
>> Is it possible to configure the receiving (server) side of WSS4J
>> using the standard Axis handlers to enforce that certain elements in
>> the request (UsernameToken and Body) be signed and encrypted?
>>
>> It seems that the server accepts anything as long as there's at least
>> 1 element that's signed and 1 that's encrypted, the client seems to
>> dictate the policy, not the server.
>>
>> Am I missing anything?
>>
>> Thank you.
>>
---------------------------------------------------------------------
To unsubscribe, e-mail: sandesha-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: sandesha-dev-help@ws.apache.org
Re: enforcing that certain elements are signed and encrypted
Posted by "Tim K. (Gmane)" <tk...@idpax.com>.
Is the only way to achieve this by getting the WSSecurityEngineResult
from the MessageContext and then for each WSConstants.SIGN action result
looking at what WSSecurityEngineResult.getSignedElementQnames() returns
and failing if not all required elements were signed?
What about the encryption part? How does one get the Qnames of the
elements that were encrypted from the WSSecurityEngineResult?
thank you
Tim
Tim K. (Gmane) wrote:
> Could someone please help me with an answer to this?
>
> thank you
>
> Tim
>
>
>
> Tim K. (Gmane) wrote:
>> Hello -
>>
>> Is it possible to configure the receiving (server) side of WSS4J
>> using the standard Axis handlers to enforce that certain elements in
>> the request (UsernameToken and Body) be signed and encrypted?
>>
>> It seems that the server accepts anything as long as there's at least
>> 1 element that's signed and 1 that's encrypted, the client seems to
>> dictate the policy, not the server.
>>
>> Am I missing anything?
>>
>> Thank you.
>>
---------------------------------------------------------------------
To unsubscribe, e-mail: sandesha-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: sandesha-dev-help@ws.apache.org
Re: enforcing that certain elements are signed and encrypted
Posted by "Tim K. (Gmane)" <tk...@idpax.com>.
Could someone please help me with an answer to this?
thank you
Tim
Tim K. (Gmane) wrote:
> Hello -
>
> Is it possible to configure the receiving (server) side of WSS4J using
> the standard Axis handlers to enforce that certain elements in the
> request (UsernameToken and Body) be signed and encrypted?
>
> It seems that the server accepts anything as long as there's at least
> 1 element that's signed and 1 that's encrypted, the client seems to
> dictate the policy, not the server.
>
> Am I missing anything?
>
> Thank you.
>
---------------------------------------------------------------------
To unsubscribe, e-mail: sandesha-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: sandesha-dev-help@ws.apache.org
Re: enforcing that certain elements are signed and encrypted
Posted by "Tim K. (Gmane)" <tk...@idpax.com>.
Could someone please help me with an answer to this?
thank you
Tim
Tim K. (Gmane) wrote:
> Hello -
>
> Is it possible to configure the receiving (server) side of WSS4J using
> the standard Axis handlers to enforce that certain elements in the
> request (UsernameToken and Body) be signed and encrypted?
>
> It seems that the server accepts anything as long as there's at least
> 1 element that's signed and 1 that's encrypted, the client seems to
> dictate the policy, not the server.
>
> Am I missing anything?
>
> Thank you.
>
---------------------------------------------------------------------
To unsubscribe, e-mail: sandesha-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: sandesha-dev-help@ws.apache.org