axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jochen Zink <jochenl...@web.de>
Subject [Axis2][Rampart] MTOM Attachment secure?
Date Thu, 08 Mar 2007 12:00:26 GMT
Hello,

I tried to sign and encrypted messages with rampart module 1.1 and axis2 1.1.1.

To check, if the messages are really encrypted, I view the soap messages with tcpmon. 

I'm sending an attachment with MTOM from the client to the service, like the mtom example
in axis2. The sending file is a simple xml File. 

The File is transferred correctly. But I'm not sure, that both message Parts (the soap Message
and the attachment) are encrypted. Without rampart, I can read the XML-File content in clear
text on tcpmon. With Rampart and sending the file with Soap With Attachment, its also clear
text (Rampart can't secure SWA). Therefore I tried to send the File with mtom. Know, I can't
read the xml File. But it doesn't look like an xml encryption. If you open a binary file in
an text editor, you getan similar result. I don't know, how I can check that the attachment
is really encrypted. Has anyone an idea, how can I check, or can anyone take a look to my
configuration to check, if mtom attachments are surly encrypted??

Here are my service.xml
<serviceGroup>
	<service name="RampertFileService">
		<messageReceivers>
			<messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-out"
				class="de.nepatec.jzink.webservice.MTOMSampleMessageReceiverInOut" />
		</messageReceivers>
		<parameter locked="false" name="ServiceClass">
			de.nepatec.jzink.webservice.RampertFileService
		</parameter>
		<operation name="attachment"
			mep="http://www.w3.org/2004/08/wsdl/in-out">
			<actionMapping>attachment</actionMapping>
			<outputActionMapping>
				//schemas.xmlsoap.org/wsdl/MTOMServicePortType/AttachmentResponse
			</outputActionMapping>
		</operation>
		
		<parameter name="enableMTOM" locked="false">true</parameter>
		
		<module ref="rampart" />
		    
		<parameter name="InflowSecurity">
			<action>
				<items>Timestamp Signature Encrypt</items>
				<passwordCallbackClass>de.nepatec.jzink.webservice.PWCBHandler</passwordCallbackClass>
				<signaturePropFile>service.properties</signaturePropFile>			
			</action>
		</parameter>
	    
		<parameter name="OutflowSecurity">
			<action>
				<items>Timestamp Signature Encrypt</items>
				<user>service</user>
				<passwordCallbackClass>de.nepatec.jzink.webservice.PWCBHandler</passwordCallbackClass>
				<signaturePropFile>service.properties</signaturePropFile>
				<signatureKeyIdentifier>DirectReference</signatureKeyIdentifier>
				<encryptionKeyIdentifier>SKIKeyIdentifier</encryptionKeyIdentifier>
				<encryptionUser>useReqSigCert</encryptionUser>
			</action>
		</parameter>
		
	</service>
</serviceGroup>


And the client configuration

<module ref="rampart" />
	
    <parameter name="OutflowSecurity">
      <action>
        <items>Timestamp Signature Encrypt</items>
        <user>client</user>
        <passwordCallbackClass>de.nepatec.jzink.webservice.client.PWCBHandler</passwordCallbackClass>
        <signaturePropFile>client.properties</signaturePropFile>
        <signatureKeyIdentifier>DirectReference</signatureKeyIdentifier>
        <encryptionKeyIdentifier>SKIKeyIdentifier</encryptionKeyIdentifier>
        <encryptionUser>service</encryptionUser>
		  <optimizeParts>//xenc:EncryptedData/xenc:CipherData/xenc:CipherValue</optimizeParts>
      </action>
    </parameter>

    <parameter name="InflowSecurity">
      <action>
        <items>Timestamp Signature Encrypt</items>
        <passwordCallbackClass>de.nepatec.jzink.webservice.client.PWCBHandler</passwordCallbackClass>
        <signaturePropFile>client.properties</signaturePropFile>
      </action>
    </parameter>


Thanks for reading!




_____________________________________________________________________
Der WEB.DE SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen!
http://smartsurfer.web.de/?mc=100071&distributionid=000000000066


---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org


Mime
View raw message