Re: WSS4J and Kerberos signatures

["Alex K." <al...@gmail.com>]

Hi,

I just would like to know if this thread and the Kerberos support could get
at any point to be committed in to the CSV (in case that you have had any
plan for this). From the mailing list it seems that the kerberos support now
is badly needed by the developer :0) including me .

Cheers

Alex

On 11/18/05, Laurence Brockman <la...@sjrb.ca> wrote:
>
> Exactly! What I'm wondering though is what are the components that make
> up the QName?
>
> The QName would be calculated using two values, the first being a
> Namespace and the other being a local name (Or local part according to
> the XML specification).
>
> Would the namespace for the Kerberos instance be
> "http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1"
> and the local name be "BinarySecurityToken"?
>
> I read that the namespace above would map to the prefix "wsse" and would
> make the Qname be "wsse: BinarySecurityToken".
>
> In the draft on page 10 of 19, they have the following line in the
> example:
>
>         <wsse:Security xmlns:wsse="...">
>
> Would the contents of this namespace ("...") be the Kerberos namespace
> (This "http://docs.oasis-open.org/...)?
>
> Once I've done the receiver then I will move on to the sender portion,
> but for now the critical part of the project I am working on is the
> receiver portion. After I've completed the work, would you guys be
> interested in the code I implement?
>
> Thanks!
>
> -----Original Message-----
> From: Werner Dittmann [mailto:Werner.Dittmann@t-online.de]
> Sent: November 17, 2005 11:28 PM
> To: Laurence Brockman
> Cc: dims@apache.org; wss4j-dev@ws.apache.org
> Subject: Re: WSS4J and Kerberos signatures
>
> Laurence,
>
> on the receiver side the code is trigge "automatically" if a
> Kerberos QName is detected and the processor gets loaded.
>
> On the sender side please ahave a look at WSHandler.java,
> doSenderAction(). For the sender you shall define an action
> (similar to the processor at the receiver). Its the same
> technique on both sides (something like a plugin).
>
> Regards,
> Werner
>
> Laurence Brockman wrote:
> > Ok, I feel kind of sheepish about asking this question, but looking at
> > the WSDoAllReceiver code I've begun adding in the hooks for the
> Kerberos
> > code (Adding what I think are the appropriate checks for a new case in
> > various classes) I'm not sure what to do to trigger it to actually
> > execute the new class that I am making.
> >
> > The QName has to match in when looking at the security headers to get
> it
> > to execute the appropriate processor (Kerberos in this case). The
> QName
> > is created based on the NS and LN attribute for other cases and I'm
> > unsure of what to use for the Kerberos cases below to get it to
> > instantiate the appropriate QName object.
> >
> > If anyone could provide some guidance I would definitely appreciate
> it.
> > I believe the name space should be that defined in the draft
> >
> ("http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1")
> > but I'm not sure of this.
> >
> > Here's what I have done so far:
> >
> > In WSConstants.java (This is what I'm not sure of):
> >
> >     /*
> >      * The definitions for Kerberos -- This is what I am unsure of how
> > to set.
> >      */
> >     public static final String KERBEROS_NS = "";
> >     public static final String KERBEROS_LN = "";
> >
> > And
> >
> >     /*
> >      * Added by Laurence Nov 16, 2005 for Kerberos authentication
> >      */
> >     public static final int KERBEROS = 0x400;
> >
> >
> > In WSSConfig:
> >
> >     Added a case to the getProcessor method to return
> > "org.apache.ws.security.processor.KerberosProcessor" when it matches
> > WSSecurityEngine.KERBEROS_TOKEN
> >
> >
> >     /**
> >      * <code>KERBEROS</code> as defined by KERBEROS Specification
> >      */
> >     public static final QName KERBEROS_TOKEN = new
> > QName(WSConstants.KERBEROS_NS, WSConstants.KERBEROS_LN);
> >
> > In WSSecurityEngine:
> >       Added in the new QName to be created:
> >       public static final QName KERBEROS_TOKEN = new
> > QName(WSConstants.KERBEROS_NS, WSConstants.KERBEROS_LN);
> >
> > To WSHandlerConstants:
> >       I added the below constant
> >
> >     /**
> >      * Perform a Kerberos identification.
> >      */
> >     public static final String KERBEROS = "Kerberos";
> >
> > Within decodeAction:
> >             } else if (single[i].equals(WSHandlerConstants.KERBEROS))
> {
> >               doAction |= WSConstants.KERBEROS;
> >               actions.add(new Integer(WSConstants.KERBEROS));
> >               }
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> > For additional commands, e-mail: wss4j-dev-help@ws.apache.org
> >
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
>

Re: WSS4J and Kerberos signatures

[Enrique Rodriguez <en...@gmail.com>]

Alex K. wrote:
> Hi,
> 
> I just would like to know if this thread and the Kerberos support could 
> get at any point to be committed in to the CSV (in case that you have 
> had any plan for this). From the mailing list it seems that the kerberos 
> support now is badly needed by the developer :0) including me .

Hi,

I am very familiar with Kerberos, but I have no experience with WSS4J
(though I've been lurking and promising Dims I'd pitch in on
Kerberos-related tasks).  If some WSS4J'ers wouldn't mind being
available for mentoring/hand-holding, I'm sure I could lend some
Kerberos domain expertise.

My first question is how would I go about testing this; what are the
"moving parts" I need to have running?  I have Kerberos clients and
servers at-hand ... what WSS client could I use to test?  What specs
should I read?

Enrique


---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org

Re: WSS4J and Kerberos signatures

[Enrique Rodriguez <en...@gmail.com>]

Alex K. wrote:
> Hi,
> 
> I just would like to know if this thread and the Kerberos support could 
> get at any point to be committed in to the CSV (in case that you have 
> had any plan for this). From the mailing list it seems that the kerberos 
> support now is badly needed by the developer :0) including me .

Hi,

I am very familiar with Kerberos, but I have no experience with WSS4J
(though I've been lurking and promising Dims I'd pitch in on
Kerberos-related tasks).  If some WSS4J'ers wouldn't mind being
available for mentoring/hand-holding, I'm sure I could lend some
Kerberos domain expertise.

My first question is how would I go about testing this; what are the
"moving parts" I need to have running?  I have Kerberos clients and
servers at-hand ... what WSS client could I use to test?  What specs
should I read?

Enrique


---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org