axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ruchith Fernando" <ruchith.ferna...@gmail.com>
Subject Re: [axis2] Custom security context token
Date Mon, 29 May 2006 08:19:37 GMT
Hi,

Encryption and signature based on a SecurityContextToken is being
implemented as a part of the WS-Secconv impl.

WSS4J already has support for creation sig and encr using a
SecurityContextToken (SCT).
Have a look at the following test cases [1].

If you follow the above test cases you can see how to build a message
to with an SCT and to sign/encr with keys derived from it.

Right now the rampart Axis2 module only support features of the
WS-Security but  next rampart release will come with
WS-SecureConversation support.

Thanks,
Ruchith

[1] https://svn.apache.org/repos/asf/webservices/wss4j/trunk/test/wssec/TestWSSecurityNewDK.java
[2] https://svn.apache.org/repos/asf/webservices/wss4j/trunk/test/wssec/TestWSSecurityNewSCT.java

On 5/29/06, Shepherd McIlroy <smcilroy@stillsecure.com> wrote:
>
>
>
>
> Hello,
>
>  I'm trying to talk to a .NET service that requires messages to be signed
> and encrypted (using a symetric key created by a custom algorithm).  I have
> .NET client code for this that I would like to duplicate under Java using
> Axis2 and WSS4J.  The .NET client does the following to create a
> SecurityContextToken:
>
>  UsernameToken unt = new UsernameToken(user, user);
>
>  unt.Id = UTID;
>
>  sct = new SecurityContextToken(unt, SCTIdentifier);
>
>  sct.KeyBytes = sKey;
>
>  sct.LifeTime = new
> Microsoft.Web.Services2.Security.LifeTime(SCTExpires.ToLocalTime());
>
>  and then signs and encrypts the message using:
>
>  service.RequestSoapContext.Security.Tokens.Clear();
>
>  service.RequestSoapContext.Security.Elements.Clear();
>
>  service.RequestSoapContext.Security.Tokens.Add(sct);
>
>  service.RequestSoapContext.Security.Elements.Add(new
> EncryptedData(sct));
>
>  service.RequestSoapContext.Security.Elements.Add(new
> MessageSignature(sct));
>
>
>  Creating the key is not a problem.  A method of signing and encrypting SOAP
> messages in a similar manner using Axis2 and WSS4J is not obvious.  How can
> i create a custom security context token using WSS4J?  How can i apply that
> token to a message sent using Axis2?
>
>  Thanks

---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org


Mime
View raw message