axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jochen Zink <jochenl...@web.de>
Subject Re: [Axis2][Rampart] MTOM Attachment secure?
Date Thu, 08 Mar 2007 14:33:50 GMT
I know that rampart handels the file as binary file. :)  That is the reason, why I can not
check, that the attachment is also encrypted. If I do not write the <optimizeParts>
Element to the clients config file, I can see, that the file is encrypted. Because, there
is no binary stuff inside the message and the file ist transfered correctly. With <optimizeParts>
It looks like, that only the soap message is encrypted and not the attachment. But I'm not
sure. I don't know a way to check this.

If anybody knows, how can I check, please let me know. Or does anybody know, that rampart
encrypted mtom attachments?! 

Thanks for all


> -----Urspr√ľngliche Nachricht-----
> Von: axis-user@ws.apache.org
> Gesendet: 08.03.07 15:09:14
> An: axis-user@ws.apache.org
> Betreff: Re: [Axis2][Rampart] MTOM Attachment secure?


> > The File is transferred correctly. But I'm not sure, that both message Parts (the
soap >Message and the attachment) are encrypted. Without rampart, I can read the XML-File
>content in clear text on tcpmon. With Rampart and sending the file with Soap With >Attachment,
its also clear text (Rampart can't secure SWA). Therefore I tried to send the >File with
mtom. Know, I can't read the xml File. But it doesn't look like an xml encryption.
> AFAIK rampart will treat your attachment as a binary file.. It'll not
> be aware of whether you are sending XML as the attachment...
> 
> ~Thilina
> 
> >If you open a binary file in an text editor, you getan similar
> result. I don't know, how I can check that the attachment is really
> encrypted. Has anyone an idea, how can I check, or can anyone take a
> look to my configuration to check, if mtom attachments are surly
> encrypted??
> >
> > Here are my service.xml
> > <serviceGroup>
> >         <service name="RampertFileService">
> >                 <messageReceivers>
> >                         <messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-out"
> >                                 class="de.nepatec.jzink.webservice.MTOMSampleMessageReceiverInOut"
/>
> >                 </messageReceivers>
> >                 <parameter locked="false" name="ServiceClass">
> >                         de.nepatec.jzink.webservice.RampertFileService
> >                 </parameter>
> >                 <operation name="attachment"
> >                         mep="http://www.w3.org/2004/08/wsdl/in-out">
> >                         <actionMapping>attachment</actionMapping>
> >                         <outputActionMapping>
> >                                 //schemas.xmlsoap.org/wsdl/MTOMServicePortType/AttachmentResponse
> >                         </outputActionMapping>
> >                 </operation>
> >
> >                 <parameter name="enableMTOM" locked="false">true</parameter>
> >
> >                 <module ref="rampart" />
> >
> >                 <parameter name="InflowSecurity">
> >                         <action>
> >                                 <items>Timestamp Signature Encrypt</items>
> >                                 <passwordCallbackClass>de.nepatec.jzink.webservice.PWCBHandler</passwordCallbackClass>
> >                                 <signaturePropFile>service.properties</signaturePropFile>
> >                         </action>
> >                 </parameter>
> >
> >                 <parameter name="OutflowSecurity">
> >                         <action>
> >                                 <items>Timestamp Signature Encrypt</items>
> >                                 <user>service</user>
> >                                 <passwordCallbackClass>de.nepatec.jzink.webservice.PWCBHandler</passwordCallbackClass>
> >                                 <signaturePropFile>service.properties</signaturePropFile>
> >                                 <signatureKeyIdentifier>DirectReference</signatureKeyIdentifier>
> >                                 <encryptionKeyIdentifier>SKIKeyIdentifier</encryptionKeyIdentifier>
> >                                 <encryptionUser>useReqSigCert</encryptionUser>
> >                         </action>
> >                 </parameter>
> >
> >         </service>
> > </serviceGroup>
> >
> >
> > And the client configuration
> >
> > <module ref="rampart" />
> >
> >     <parameter name="OutflowSecurity">
> >       <action>
> >         <items>Timestamp Signature Encrypt</items>
> >         <user>client</user>
> >         <passwordCallbackClass>de.nepatec.jzink.webservice.client.PWCBHandler</passwordCallbackClass>
> >         <signaturePropFile>client.properties</signaturePropFile>
> >         <signatureKeyIdentifier>DirectReference</signatureKeyIdentifier>
> >         <encryptionKeyIdentifier>SKIKeyIdentifier</encryptionKeyIdentifier>
> >         <encryptionUser>service</encryptionUser>
> >                   <optimizeParts>//xenc:EncryptedData/xenc:CipherData/xenc:CipherValue</optimizeParts>
> >       </action>
> >     </parameter>
> >
> >     <parameter name="InflowSecurity">
> >       <action>
> >         <items>Timestamp Signature Encrypt</items>
> >         <passwordCallbackClass>de.nepatec.jzink.webservice.client.PWCBHandler</passwordCallbackClass>
> >         <signaturePropFile>client.properties</signaturePropFile>
> >       </action>
> >     </parameter>
> >
> >
> > Thanks for reading!
> >
> >
> >
> >
> > _____________________________________________________________________
> > Der WEB.DE SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen!
> > http://smartsurfer.web.de/?mc=100071&distributionid=000000000066
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> > For additional commands, e-mail: axis-user-help@ws.apache.org
> >
> >
> 
> 
> -- 
> Thilina Gunarathne
> WSO2, Inc.; http://www.wso2.com/
> Home page: http://webservices.apache.org/~thilina/
> Blog: http://thilinag.blogspot.com/
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-user-help@ws.apache.org
> 
> 


_________________________________________________________________________
In 5 Schritten zur eigenen Homepage. Jetzt Domain sichern und gestalten! 
Nur 3,99 EUR/Monat! http://www.maildomain.web.de/?mc=021114


---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org


Mime
View raw message