axis-c-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From John Hawkins <HAWKI...@uk.ibm.com>
Subject RE: WS-Security
Date Fri, 13 May 2005 08:00:31 GMT
If you're not worried about  performance this is an option. However, I 
personally wouldn't recommend it as a design that I'd be happy with. If 
Samisa is right about the username/passwd in the SOAP Haader then you 
might not have to resort to such drastic measures :-)

Let's work out what you're missing and then see if we can put it in.






"Patrick Heffernan" <patrick.heffernan@pioneerdigital.com> 
12/05/2005 19:29
Please respond to
"Apache AXIS C User List"


To
"'Apache AXIS C User List'" <axis-c-user@ws.apache.org>
cc

Subject
RE: WS-Security






Could I use JNI and call the java classes/methods generated by wsdl2ws 
from my C++ application?  Thoughts on this approach?
 
pat
-----Original Message-----
From: Patrick Heffernan [mailto:patrick.heffernan@pioneerdigital.com] 
Sent: Thursday, May 12, 2005 11:12 AM
To: 'Apache AXIS C User List'
Subject: RE: WS-Security

Hi Samisa, Dinesh, and John,
 
Thanks for taking on my WS-Security question.
 
I've got a Linux C++ application that I'm modifying to send web services 
requests to a Microsoft WS server that is implementing the Web Services 
Enhancements (WSE) package that includes WS-Security.  I have no choice in 
the server as we are a third party developer that is integrating our 
product into an existing system (and we're not a Microsoft shop to boot -- 
so not taking on a MS WS client!).  I've had them turn off the security 
stuff on the dev system we're testing against so I can continue my 
application dev/testing but the WS-Security obviously needs to be in place 
for us to go to production.
 
This is the format of soap messages I am required to support:
 
<?xml version="1.0" encoding="utf-16"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="
http://www.w3.org/2001/XMLSchema">
  <soap:Header>
    <wsrp:path soap:actor="http://schemas.xmlsoap.org/soap/actor/next" 
soap:mustUnderstand="1" xmlns:wsrp="http://schemas.xmlsoap.org/rp">
      <wsrp:action wsu:Id="Id-d579335c-2dd7-456c-8858-7ef6942b5de1" 
xmlns:wsu="http://schemas.xmlsoap.org/ws/2002/07/utility
">http://webservices.cox.com/CustomerProfile/GetProfileByAccountNumberAndSiteId</wsrp:action>
      <wsrp:to wsu:Id="Id-82b10467-2f1d-49ca-a473-51f5322ccba9" 
xmlns:wsu="http://schemas.xmlsoap.org/ws/2002/07/utility
">http://iwslib/cox.web.services.profile/ServiceCustomer.asmx</wsrp:to>
      <wsrp:id wsu:Id="Id-ff1f9f68-3c2c-4241-9dde-13615792f440" 
xmlns:wsu="http://schemas.xmlsoap.org/ws/2002/07/utility
">uuid:0c58b657-0242-4e43-9bf7-68904b9e6294</wsrp:id>
    </wsrp:path>
    <wsu:Timestamp xmlns:wsu="
http://schemas.xmlsoap.org/ws/2002/07/utility">
      <wsu:Created 
wsu:Id="Id-d76e05cc-0cfc-4bb4-b488-fbbab35f3f78">2005-05-11T14:41:07Z</wsu:Created>
      <wsu:Expires 
wsu:Id="Id-0519fa62-4a7f-4c78-bfaf-770819003582">2005-05-11T14:46:07Z</wsu:Expires>
    </wsu:Timestamp>
    <wsse:Security soap:mustUnderstand="1" xmlns:wsse="
http://schemas.xmlsoap.org/ws/2002/07/secext">
      <wsse:UsernameToken xmlns:wsu="
http://schemas.xmlsoap.org/ws/2002/07/utility" 
wsu:Id="SecurityToken-9d8ff073-b0ea-41a7-ae7f-c76f5b6558b0">
        <wsse:Username>webserviceuser</wsse:Username>
        <wsse:Password Type="wsse:PasswordText">aa</wsse:Password>
        <wsse:Nonce>xmOrtuc7SgN2QoFJgBk8uw==</wsse:Nonce>
        <wsu:Created>2005-05-11T14:41:07Z</wsu:Created>
      </wsse:UsernameToken>
      <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
        <SignedInfo>
          <CanonicalizationMethod Algorithm="
http://www.w3.org/2001/10/xml-exc-c14n#" />
          <SignatureMethod Algorithm="
http://www.w3.org/2000/09/xmldsig#hmac-sha1" />
          <Reference URI="#Id-da5e3a0c-295a-4cb3-80cc-7d823fc48e3a">
            <Transforms>
              <Transform Algorithm="
http://www.w3.org/2001/10/xml-exc-c14n#" />
            </Transforms>
            <DigestMethod Algorithm="
http://www.w3.org/2000/09/xmldsig#sha1" />
            <DigestValue>qRU8kf9YQDtevGGRLqbJ7k5biuc=</DigestValue>
          </Reference>
          <Reference URI="#Id-d579335c-2dd7-456c-8858-7ef6942b5de1">
            <Transforms>
              <Transform Algorithm="
http://www.w3.org/2001/10/xml-exc-c14n#" />
            </Transforms>
            <DigestMethod Algorithm="
http://www.w3.org/2000/09/xmldsig#sha1" />
            <DigestValue>FMEJoIBD7T0uXY3eizSz0oiwzRE=</DigestValue>
          </Reference>
          <Reference URI="#Id-82b10467-2f1d-49ca-a473-51f5322ccba9">
            <Transforms>
              <Transform Algorithm="
http://www.w3.org/2001/10/xml-exc-c14n#" />
            </Transforms>
            <DigestMethod Algorithm="
http://www.w3.org/2000/09/xmldsig#sha1" />
            <DigestValue>wdST6LxVV+0XOZ7xqhVe9zIJ2G4=</DigestValue>
          </Reference>
          <Reference URI="#Id-ff1f9f68-3c2c-4241-9dde-13615792f440">
            <Transforms>
              <Transform Algorithm="
http://www.w3.org/2001/10/xml-exc-c14n#" />
            </Transforms>
            <DigestMethod Algorithm="
http://www.w3.org/2000/09/xmldsig#sha1" />
            <DigestValue>2MJUGSiUzDLBFyDAH0OrJP46R6k=</DigestValue>
          </Reference>
          <Reference URI="#Id-d76e05cc-0cfc-4bb4-b488-fbbab35f3f78">
            <Transforms>
              <Transform Algorithm="
http://www.w3.org/2001/10/xml-exc-c14n#" />
            </Transforms>
            <DigestMethod Algorithm="
http://www.w3.org/2000/09/xmldsig#sha1" />
            <DigestValue>cqRYyBRHatKNRvAQM01OrvBERyw=</DigestValue>
          </Reference>
          <Reference URI="#Id-0519fa62-4a7f-4c78-bfaf-770819003582">
            <Transforms>
              <Transform Algorithm="
http://www.w3.org/2001/10/xml-exc-c14n#" />
            </Transforms>
            <DigestMethod Algorithm="
http://www.w3.org/2000/09/xmldsig#sha1" />
            <DigestValue>j6AxeTlBcpfKuVJHD1TvoMuEaes=</DigestValue>
          </Reference>
        </SignedInfo>
        <SignatureValue>IwEDjgV/jC/HjyXPxyzaF738eZc=</SignatureValue>
        <KeyInfo>
          <wsse:SecurityTokenReference>
            <wsse:Reference 
URI="#SecurityToken-9d8ff073-b0ea-41a7-ae7f-c76f5b6558b0" />
          </wsse:SecurityTokenReference>
        </KeyInfo>
      </Signature>
    </wsse:Security>
  </soap:Header>
  <soap:Body wsu:Id="Id-da5e3a0c-295a-4cb3-80cc-7d823fc48e3a" xmlns:wsu="
http://schemas.xmlsoap.org/ws/2002/07/utility">
    <GetProfileByAccountNumberAndSiteId xmlns="
http://webservices.cox.com/CustomerProfile">
      <accountNumber9 />
      <siteId>0</siteId>
    </GetProfileByAccountNumberAndSiteId>
  </soap:Body>
</soap:Envelope>
 
It sounds like you guys have done alot of good work on this.  What are the 
chances of getting it completed in the near future?  Other than me trying 
to hack something to make it work, do I have any other options?
 
Thanks again,
 
pat
-----Original Message-----
From: John Hawkins [mailto:HAWKINSJ@uk.ibm.com] 
Sent: Thursday, May 12, 2005 3:30 AM
To: Apache AXIS C User List
Subject: Re: WS-Security


So, it doesn't sound like we're that far off - if we just implement the 
getSOAPBodyAsString() method then we would be able to have ws-security on 
client-side (at least)? 






Din%$h <xydinesh@gmail.com> 
12/05/2005 10:21 

Please respond to
"Apache AXIS C User List"



To
Apache AXIS C User List <axis-c-user@ws.apache.org> 
cc

Subject
Re: WS-Security








Hi John,

    Let me breif what we tried to do.

  When Client make a request ,  we get the Body from the serializer and 
Encrypt it again set those encrypted Body to the message. At the server 
end we got the encrypted message from the deserializer and decrypted it. 
and get the original message. For the response flow also scenario remains 
same. We hoped to do it using an handler.

Since there was a method called getBodyAsString(), (as I remember). We 
creadted DOM tree using that body. ( If we could get Object Model that was 
easier). 

giving soap message as a String I was able to Encrypt it and Giving that 
Encrypt message I was able to got that  original message too.

Since there wasn't a way to get acess to the Body( getSoapBodyAsString () 
or any other method which can access body didn't implemented at that 
time). We didn't able to integrate it with axis using a handler.

regards,
Dinesh


On 5/12/05, John Hawkins <HAWKINSJ@uk.ibm.com> wrote: 

Hi Dinesh, 

Can I ask - how you wanted that soap body? 

Would you need a byte stream or an object model? 

Was this client or server side or both? 

Was it on the outgoing or incoming message or both? 


cheers, 
John. 



Din%$h <xydinesh@gmail.com> 
12/05/2005 08:07 

Please respond to
"Apache AXIS C User List"



To
Apache AXIS C User List <axis-c-user@ws.apache.org > 
cc

Subject
Re: WS-Security










Hi,
 
    Both Sameera and my self had worked on this (WSS4C). We needed to get 
body of Soap Message through a handler.( from Serilizer). But 
Unfortunately It was not implemented at that time.( It was commented /* To 
do */). There were some threads discussing about those methods. 

We were unable to get access to the Body of the Soap message through a 
handler.So we 
stopped at that point. ( Until those methods are implemented )

http://wiki.apache.org/ws/WSS4C

I don't know whether some one is working on this Project now.

thanx,
Dinesh

On 5/12/05, Samisa Abeysinghe <SAbeysinghe@virtusa.com > wrote: 
There were some efforts and there were some improvements proposed to the
current engine to help implement WS-Security ,like opening up the SOAP
body in handlers. But we did not hear from anyone on this lately.

Is there anyone working on WS-Sec at the moment?

Thanks,
Samisa...


-----Original Message-----
From: Patrick Heffernan [mailto:patrick.heffernan@pioneerdigital.com ]
Sent: Thursday, May 12, 2005 12:14 PM
To: axis-c-user@ws.apache.org
Subject: WS-Security

I apologize if I've missed this in some publication.  What is the plan 
for Axis C++ support WS-Security?  I've got a project that requires the
WSE Username/Password token and I'm trying to determine what options are
available to me.

Thanks, pat




-- 
W.Dinesh Premalal
premalwd@cse.mrt.ac.lk 
http://www.cse.mrt.ac.lk/~premalwd/ 



-- 
W.Dinesh Premalal
premalwd@cse.mrt.ac.lk
http://www.cse.mrt.ac.lk/~premalwd/ 

Mime
View raw message