axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marcel Casado <mar...@ucar.edu>
Subject Rampart problem with encryption
Date Tue, 07 Nov 2006 20:12:29 GMT
Hi,

I'm trying to secure services with Rampart encrypting the body of the 
soap message. When the load on the body are pure xml elements with no 
attributes works fine but when the load has elements with attributes 
when they are decrypted the value is "null". The service was working 
fine with out encryption.

I sent this before but I was not able to get much help. I'm stuck with 
this and I need to get it working in a production system soon. Help 
please, I'm kind of desperate. I told my boss that with axis2 and 
Rampart will get secure services quite easily and I been stuck almost 
for one month on this.


Example of load :

<AllowedValuesSet isStatic="true">
  <NestedMap>
    <MapEntry entryValue="Model Output" entryKey="model_output"/>
    <MapEntry entryValue="Observation" entryKey="observation"/>
    <NestedMap parentKey="observation">
      <MapEntry entryValue="Station" entryKey="observation>station"/>
      <NestedMap parentKey="observation>station">
        <MapEntry entryValue="Lightning" 
entryKey="observation>station>lightning"/>
        <MapEntry entryValue="Mesowest/WMO" 
entryKey="observation>station>wmo"/>
        <MapEntry entryValue="Profiler" 
entryKey="observation>station>profiler"/>
        <MapEntry entryValue="SAMS" entryKey="observation>station>sams"/>
        <MapEntry entryValue="Sounding" 
entryKey="observation>station>sounding"/>
      </NestedMap>
    </NestedMap>
    <NestedMap parentKey="model_output">
      <MapEntry entryValue="MM5" entryKey="model_output>mm5"/>
      <NestedMap parentKey="model_output>mm5">
        <MapEntry entryValue="Forecast" 
entryKey="model_output>mm5>forecast"/>
      </NestedMap>
    </NestedMap>
  </NestedMap>
</AllowedValuesSet>


services.xml :

<!-- This file was auto-generated from WSDL -->
      <!-- by the Apache Axis2 version: #axisVersion# #today# -->
<serviceGroup>
  <service name="MetvaultMetadataService">
    <messageReceivers>
      <messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-out"
                       
class="edu.ucar.rap.metvault.metvaultservice.version1_0.metadataservice.MetvaultMetadataServiceMessageReceiverInOut"/>
    </messageReceivers>
    <parameter name="ServiceClass" locked="false">
      
edu.ucar.rap.metvault.metvaultservice.version1_0.metadataservice.MetvaultMetadataServiceSkeleton</parameter>
    <operation name="getAllowedValuesSet" 
mep="http://www.w3.org/2004/08/wsdl/in-out">
      <actionMapping>getAllowedValuesSet</actionMapping>
    </operation>
    <operation name="getMetadata" 
mep="http://www.w3.org/2004/08/wsdl/in-out">
      <actionMapping>getMetadata</actionMapping>
    </operation>
    <operation name="retrieveMetadata" 
mep="http://www.w3.org/2004/08/wsdl/in-out">
      <actionMapping>retrieveMetadata</actionMapping>
    </operation>
    <operation name="executeService" 
mep="http://www.w3.org/2004/08/wsdl/in-out">
      <actionMapping>executeService</actionMapping>
    </operation>
    <operation name="requestServiceSummary" 
mep="http://www.w3.org/2004/08/wsdl/in-out">
      <actionMapping>requestServiceSummary</actionMapping>
    </operation>
    <operation name="requestServiceResponse" 
mep="http://www.w3.org/2004/08/wsdl/in-out">
      <actionMapping>requestServiceResponse</actionMapping>
    </operation>
    <operation name="requestCrawlerStart" 
mep="http://www.w3.org/2004/08/wsdl/in-out">
      <actionMapping>requestCrawlerStart</actionMapping>
    </operation>
    <operation name="requestCrawlerStop" 
mep="http://www.w3.org/2004/08/wsdl/in-out">
      <actionMapping>requestCrawlerStop</actionMapping>
    </operation>
   <operation name="requestLogin" 
mep="http://www.w3.org/2004/08/wsdl/in-out">
      <actionMapping>requestLogin</actionMapping>
    </operation>
    <module ref="rampart"/>

   <parameter name="OutflowSecurity">
     <action>
       <items>Timestamp Encrypt</items>
       
<passwordCallbackClass>edu.ucar.rap.metvault.metvaultservice.version1_0.metadataservice.PWCBHandler</passwordCallbackClass>
       <encryptionPropFile>service.properties</encryptionPropFile>
       <encryptionKeyIdentifier>IssuerSerial</encryptionKeyIdentifier>
       <encryptionUser>client</encryptionUser>
     </action>
   </parameter>

    <parameter name="InflowSecurity">
      <action>
        <items>UsernameToken Timestamp Encrypt</items>
        
<passwordCallbackClass>edu.ucar.rap.metvault.metvaultservice.version1_0.metadataservice.PWCBHandler</passwordCallbackClass>
        <decryptionPropFile>service.properties</decryptionPropFile>
      </action>
    </parameter>

  </service>
</serviceGroup>


client axis2.xml excerpt :

  <module ref="rampart"/>


  <parameter name="InflowSecurity">
    <action>
      <items>Timestamp Encrypt</items>
      
<passwordCallbackClass>edu.ucar.rap.metvault.metvaultservice.version1_0.metadataservice.PWCBHandler</passwordCallbackClass>
      <decryptionPropFile>client.properties</decryptionPropFile>
    </action>
  </parameter>


  <parameter name="OutflowSecurity">
    <action>
      <items>UsernameToken Timestamp Encrypt</items>
      <passwordType>PasswordText</passwordType>
      <signaturePropFile>client.properties</signaturePropFile>
      <signatureKeyIdentifier>DirectReference</signatureKeyIdentifier>
      <encryptionUser>service</encryptionUser>
      <encryptionPropFile>client.properties</encryptionPropFile>
      <encryptionIdentifier>IssuerSerial</encryptionIdentifier>
      <encryptionParts>
        
{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}UsernameToken
      </encryptionParts>
      <! -- The user and password are set up on the client stub with an 
instance of a pwcallbackHandle -->
      <!--    <user>marcel</user>   -->
      <!--    
<passwordCallbackClass>edu.ucar.rap.metvault.metvaultservice.version1_0.metadataservice.PWCBHandler</passwordCallbackClass>

-->
    </action>
 
  </parameter>


I got another question, how to configure a client for using 
UsernameToken and Signature since they both use the <user> parameter and 
in my case are different. Do I have to set up two  actions ? Could you 
send me an example of the setup on the client and on the service  ?


Thanks in advance,

-Marcel

---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org


Mime
View raw message