You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-user@axis.apache.org by ndthuy <nd...@yahoo.com> on 2007/12/05 18:03:51 UTC
Adding WS-Security to an embedded axis2 web application
All,
Does anyone know how to set up WS-Security to an embedded Axis2 web
application ? I am using Axis2 1.3 and Rampart 1.3. This is my set up for
embedded Axis2 web application.
WebApp:
+ src
+ WebRoot
+ conf
+ lib
+ modules
+ services
+ common
+ META-INF
+ AdminRetrieveUserService.wsdl
+ apschema.xsd
+ services.xml
I added rampart-1.3.mar to the modules folder. I also added all the rampart
libraries. I added the following to services.xml :
<module ref="rampart"/>
<parameter name="Inflowsecurity">
<action>
<items>Timestamp</items>
</action>
</parameter>
<parameter name="Outflowsecurity">
<action>
<items>Timestamp</items>
</action>
</parameter>
And I haven't modified my client yet. I supposed to receive the error if I
send my message without the soap header. However nothing happened and I
still received a successful soap message back. Does anyone try to do this
before?
Thanks.
--
View this message in context: http://www.nabble.com/Adding-WS-Security-to-an-embedded-axis2-web-application-tf4950998.html#a14175976
Sent from the Axis - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org
Re: Adding WS-Security to an embedded axis2 web application
Posted by Tobias Anstett <in...@tobiasanstett.de>.
Hi,
i have an small and simple answear
<parameter name="InflowSecurity"> and <parameter name="OutflowSecurity">.
In your example (which i think was copied out of code) you have typed it
with wrong cases. Check this first.
Regards, Tobias
Re: Adding WS-Security to an embedded axis2 web application
Posted by ndthuy <nd...@yahoo.com>.
Hi,
It seems like I didn't get anything after engage the rampart module on
services.xml. I should get an error if I send a soap message that doesn't
have the timestamp header. Do I have to turn on anything else ? I am using
the embedded Axis2 Web app.
Thanks.
mgainty wrote:
>
> you get ws-security support with rampart-1.1 and above
> http://www.apache.org/dyn/closer.cgi/ws/rampart/1_1
>
> take a look at
> /samples/basic/sample11/src/org/apache/rampart/samples/sample11/Client.java
> for an example of configuring
> Timestamp Signature Encryption for inflow and outflow as identified via
> this
> example services.xml
> <parameter name="InflowSecurity">
> <action>
> <items>Timestamp Signature Encrypt</items>
>
> <passwordCallbackClass>org.apache.rampart.samples.sample11.PWCBHandler</pass
> wordCallbackClass>
> <signaturePropFile>service.properties</signaturePropFile>
> </action>
> </parameter>
>
> the declarative operation identifies the password callback handler via
> setPasswordCallbackClass in the client stub as in
> ofc.setPasswordCallbackClass("org.apache.rampart.samples.sample11.PWCBHandle
> r");
>
> take a look at PWCBHandler.java which handles the Password validation
>
> also be sure to service.properties is located on the classpath and has the
> ability to initialise all of the crypto parameters e.g.
> org.apache.ws.security.crypto.provider=org.apache.ws.security.components.cry
> pto.Merlin
> org.apache.ws.security.crypto.merlin.keystore.type=jks
> org.apache.ws.security.crypto.merlin.keystore.password=apache
> org.apache.ws.security.crypto.merlin.file=service.jks
>
> Martin--
> ----- Original Message -----
> From: "ndthuy" <nd...@yahoo.com>
> To: <ax...@ws.apache.org>
> Sent: Wednesday, December 05, 2007 12:03 PM
> Subject: Adding WS-Security to an embedded axis2 web application
>
>
>>
>> All,
>>
>> Does anyone know how to set up WS-Security to an embedded Axis2 web
>> application ? I am using Axis2 1.3 and Rampart 1.3. This is my set up for
>> embedded Axis2 web application.
>>
>> WebApp:
>> + src
>> + WebRoot
>> + conf
>> + lib
>> + modules
>> + services
>> + common
>> + META-INF
>> + AdminRetrieveUserService.wsdl
>> + apschema.xsd
>> + services.xml
>>
>> I added rampart-1.3.mar to the modules folder. I also added all the
> rampart
>> libraries. I added the following to services.xml :
>>
>> <module ref="rampart"/>
>>
>> <parameter name="Inflowsecurity">
>> <action>
>> <items>Timestamp</items>
>> </action>
>> </parameter>
>> <parameter name="Outflowsecurity">
>> <action>
>> <items>Timestamp</items>
>> </action>
>> </parameter>
>>
>> And I haven't modified my client yet. I supposed to receive the error if
>> I
>> send my message without the soap header. However nothing happened and I
>> still received a successful soap message back. Does anyone try to do this
>> before?
>>
>> Thanks.
>> --
>> View this message in context:
> http://www.nabble.com/Adding-WS-Security-to-an-embedded-axis2-web-applicatio
> n-tf4950998.html#a14175976
>> Sent from the Axis - User mailing list archive at Nabble.com.
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
>> For additional commands, e-mail: axis-user-help@ws.apache.org
>>
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-user-help@ws.apache.org
>
>
>
--
View this message in context: http://www.nabble.com/Adding-WS-Security-to-an-embedded-axis2-web-application-tf4950998.html#a14181158
Sent from the Axis - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org
Re: Adding WS-Security to an embedded axis2 web application
Posted by Martin Gainty <mg...@hotmail.com>.
you get ws-security support with rampart-1.1 and above
http://www.apache.org/dyn/closer.cgi/ws/rampart/1_1
take a look at
/samples/basic/sample11/src/org/apache/rampart/samples/sample11/Client.java
for an example of configuring
Timestamp Signature Encryption for inflow and outflow as identified via this
example services.xml
<parameter name="InflowSecurity">
<action>
<items>Timestamp Signature Encrypt</items>
<passwordCallbackClass>org.apache.rampart.samples.sample11.PWCBHandler</pass
wordCallbackClass>
<signaturePropFile>service.properties</signaturePropFile>
</action>
</parameter>
the declarative operation identifies the password callback handler via
setPasswordCallbackClass in the client stub as in
ofc.setPasswordCallbackClass("org.apache.rampart.samples.sample11.PWCBHandle
r");
take a look at PWCBHandler.java which handles the Password validation
also be sure to service.properties is located on the classpath and has the
ability to initialise all of the crypto parameters e.g.
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.cry
pto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=apache
org.apache.ws.security.crypto.merlin.file=service.jks
Martin--
----- Original Message -----
From: "ndthuy" <nd...@yahoo.com>
To: <ax...@ws.apache.org>
Sent: Wednesday, December 05, 2007 12:03 PM
Subject: Adding WS-Security to an embedded axis2 web application
>
> All,
>
> Does anyone know how to set up WS-Security to an embedded Axis2 web
> application ? I am using Axis2 1.3 and Rampart 1.3. This is my set up for
> embedded Axis2 web application.
>
> WebApp:
> + src
> + WebRoot
> + conf
> + lib
> + modules
> + services
> + common
> + META-INF
> + AdminRetrieveUserService.wsdl
> + apschema.xsd
> + services.xml
>
> I added rampart-1.3.mar to the modules folder. I also added all the
rampart
> libraries. I added the following to services.xml :
>
> <module ref="rampart"/>
>
> <parameter name="Inflowsecurity">
> <action>
> <items>Timestamp</items>
> </action>
> </parameter>
> <parameter name="Outflowsecurity">
> <action>
> <items>Timestamp</items>
> </action>
> </parameter>
>
> And I haven't modified my client yet. I supposed to receive the error if I
> send my message without the soap header. However nothing happened and I
> still received a successful soap message back. Does anyone try to do this
> before?
>
> Thanks.
> --
> View this message in context:
http://www.nabble.com/Adding-WS-Security-to-an-embedded-axis2-web-applicatio
n-tf4950998.html#a14175976
> Sent from the Axis - User mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-user-help@ws.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org