axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Shyam Shukla " <shyam_shu...@persistent.co.in>
Subject RE: Signing SOAP request without using Keystore
Date Mon, 20 Nov 2006 09:17:19 GMT
Thanks Abhijit for your quick reply.

Actually, I have to just include the X509 security token as a Binary
Security Token in SOAP WS-Security header as you have mentioned.

 

 

Best Regards,
Shyam Shukla


  _____  

From: Abhijit Sharma [mailto:asharma@amberpoint.com] 
Sent: Monday, November 20, 2006 2:42 PM
To: 'Shyam Shukla '; wss4j-dev@ws.apache.org; axis-dev@ws.apache.org
Subject: RE: Signing SOAP request without using Keystore

 

Hi Shyam,

 

Do you need to sign the SOAP request packet or just include the X509
Security Token as a Binary Security Token in the SOAp WSSecurity Header? If
you do need to sign it then you need access to the private key of the Signer
too. If that is also available in String Format (just like your certificate)
you can transform it into a Private Key in your implementation of the Crypto
interface.

 

Regards,

Abhijit

  _____  

From: Shyam Shukla [mailto:shyam_shukla@persistent.co.in] 
Sent: Monday, November 20, 2006 12:57 AM
To: wss4j-dev@ws.apache.org; axis-dev@ws.apache.org
Subject: Signing SOAP request without using Keystore

 

Hi All,

 

I am re-posting my query as I don't get any response from my previous post.

My problem is I am required to create a SOAP Request with X509 security
token but can not use certificate from any persistent store like keystore
that is used by axis2 framework.

Actually, I get certificate at run time in a string format and using this
certificate I will have to sign the request. 

Earlier, I was suggested to implement Crypto interface and assign this
implementation to "org.apache.ws.security.crypto.provider" key in
crypto.properties file, so I went through the Merlin class which implements
Crypto interface to have the understanding of signing of SOAP request but
this approach doesn't help me as it has some methods like
getPrivateKey(String alias, String password), getCertificates(String alias),
getAliasForX509Cert(Certificate cert) etc. which uses keystore. So I can not
implement Crypto interface because it has some methods which require
keystore to be present.

 

Can anyone suggest me the way to implement this scenario?

 

 

Best Regards,
Shyam Shukla

 

DISCLAIMER ========== This e-mail may contain privileged and confidential
information which is the property of Persistent Systems Pvt. Ltd. It is
intended only for the use of the individual or entity to which it is
addressed. If you are not the intended recipient, you are not authorized to
read, retain, copy, print, distribute or use this message. If you have
received this communication in error, please notify the sender and delete
all copies of this message. Persistent Systems Pvt. Ltd. does not accept any
liability for virus infected mails.


DISCLAIMER
==========
This e-mail may contain privileged and confidential information which is the property of Persistent
Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it
is addressed. If you are not the intended recipient, you are not authorized to read, retain,
copy, print, distribute or use this message. If you have received this communication in error,
please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd.
does not accept any liability for virus infected mails.

Mime
View raw message