axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Konstantinos Pateras" <kpate...@googlemail.com>
Subject Re: Cannot encrypt SOAP body
Date Mon, 19 Mar 2007 21:56:57 GMT
I found that the SOAP Monitor phase is the last one called in inflow
messages and the first one called in outflow messages. So I used
tcpmon to see the exchanged SOAP messages and are OK.

Thanks for your interest

On 3/19/07, Konstantinos Pateras <kpateras@googlemail.com> wrote:
> I tried with the minimum configuration and I don't get any error but
> the SOAP message is as follows:
>
> <?xml version='1.0' encoding='utf-8'?>
> <soapenv:Envelope xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
> xmlns:wsa="http://www.w3.org/2005/08/addressing"
> xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope">
>  <soapenv:Header>
>    <wsse:Security
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
> soapenv:mustUnderstand="true">
>      <xenc:EncryptedKey Id="EncKeyId-32486590">
>        <xenc:EncryptionMethod
> Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
>        <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
>          <wsse:SecurityTokenReference>
>            <ds:X509Data>
>              <ds:X509IssuerSerial>
>                <ds:X509IssuerName>CN=Authentication
> Server,OU=Edu,O=AIT,L=Athens,ST=Peania,C=GR</ds:X509IssuerName>
>                <ds:X509SerialNumber>1173638140</ds:X509SerialNumber>
>              </ds:X509IssuerSerial>
>            </ds:X509Data>
>          </wsse:SecurityTokenReference>
>        </ds:KeyInfo>
>        <xenc:CipherData>
>          <xenc:CipherValue>KnhinK1pV33fTV5ahejZbG7FEBVN7I2detR3Tr2g/D+ifniNcyw1gRdW/Kj0fu2YL0s6EQp5GPPAZwmaNNrosKlb55alXflJ9LgLLHG3wR7Be/VsZ/kkOtexcJg1OuZy895ZjOBPc4ijeAyfgawP9B+EViMlWgZxGDxvQiJipE21U/8/EWbYvQuUI7/YkpHJFxUZyOly5oXlNX9O6gDxQkgEAUn3MwjeBqqfQzDaI5+FmazNZc7mj1bj+shXCVXA9XCf11N/FCzyCpCNMOYrU15iy/u5t8lRP58MI5OkoICNWw29M6oz0NtXOmDk7/BLkJG9W+H2tsjWf4jYx2w7Lg==</xenc:CipherValue>
>        </xenc:CipherData>
>        <xenc:ReferenceList>
>          <xenc:DataReference URI="#EncDataId-30303902" />
>        </xenc:ReferenceList>
>      </xenc:EncryptedKey>
>    </wsse:Security>
>    <wsa:To>http://localhost:8080/axis2/services/ClientServices</wsa:To>
>    <wsa:ReplyTo>
>      <wsa:Address>http://www.w3.org/2005/08/addressing/anonymous</wsa:Address>
>    </wsa:ReplyTo>
>    <wsa:MessageID>urn:uuid:97213E266FA84B68CC1174331962751</wsa:MessageID>
>    <wsa:Action>urn:grantAccess</wsa:Action>
>  </soapenv:Header>
>  <soapenv:Body>
>    <ns1:grantAccess xmlns:ns1="http://thesis/xsd">
>      <clntReq xmlns="http://thesis/xsd">
>        <appServerIdentity>appserveridentity</appServerIdentity>
>        <password>109</password>
>        <password>121</password>
>        <password>116</password>
>        <password>101</password>
>        <password>115</password>
>        <password>116</password>
>        <username>mytest</username>
>      </clntReq>
>    </ns1:grantAccess>
>  </soapenv:Body>
> </soapenv:Envelope>
>
> The SOAP body is in clear text!!! Any suggestions?
>
> On 3/19/07, Konstantinos Pateras <kpateras@googlemail.com> wrote:
> > Hi Ruchith,
> >
> > I just use an Axis2.xml file to configure the client and a Service.xml
> > file to configure the server. I did some tests with only action
> > Encrypt and they failed with the Generic error X509Data invalid length
> > of data to encrypt or something like that. So I suppose that no
> > encryption was taking place due to an error and the error message
> > wasn't displayed. Any clue on this error?
> >
> > On 3/19/07, Ruchith Fernando <ruchith.fernando@gmail.com> wrote:
> > > Hi,
> > >
> > > Did you use the axis2.xml file of the service to configure the service?
> > >
> > > This can happen is if you have a different configuration in the
> > > service.xml file which does only signature. In this case the
> > > configuration of the axis2.xml will be overridden (unless you use the
> > > locked="true" attribute of the parameters).
> > >
> > > Thanks,
> > > Ruchith
> > >
> > > p.s. Please use rampart-dev@ws.apache.org for rampart related posts.
> > >
> > > On 3/19/07, Konstantinos Pateras <kpateras@googlemail.com> wrote:
> > > > Hi, I am relatively new in web services and security and I am facing a
> > > > problem. I have set up Axis2 1.1.1 and Rampart 1.1 and configure it (I
> > > > followed the configuration instructions for Rampart 1.0 that are still
> > > > supported). I use the actions Timestamp Sign Encrypt to sign the body
> > > > and then encrypt it. The messages are generated fine and I get the
> > > > response from the server but I only see from SOAP monitor the
> > > > signature of the body. The actual data are still there unencrypted and
> > > > the response is also in plain text.
> > > >
> > > > Client configuration:
> > > >
> > > >    <parameter name = "OutflowSecurity">
> > > >        <action>
> > > >            <items>Timestamp Encrypt Signature</items>
> > > >            <user>client</user>
> > > >            <passwordCallbackClass>thesis.PWCBHandler</passwordCallbackClass>
> > > >            <signaturePropFile>client.properties</signaturePropFile>
> > > >            <signatureKeyIdentifier>SKIKeyIdentifier</signatureKeyIdentifier>
> > > >            <encryptionKeyIdentifier>SKIKeyIdentifier</encryptionKeyIdentifier>
> > > >            <encryptionUser>srv_cert</encryptionUser>
> > > >        </action>
> > > >    </parameter>
> > > >    <parameter name = "InflowSecurity">
> > > >        <action>
> > > >            <items>Timestamp Encrypt Signature</items>
> > > >            <passwordCallbackClass>thesis.PWCBHandler</passwordCallbackClass>
> > > >            <signaturePropFile>client.properties</signaturePropFile>
> > > >        </action>
> > > >    </parameter>
> > > >
> > > >
> > > > Server configuration:
> > > >
> > > >    <parameter name = "InflowSecurity">
> > > >        <action>
> > > >            <items>Timestamp Encrypt Signature</items>
> > > >            <passwordCallbackClass>thesis.PWCBHandler</passwordCallbackClass>
> > > >            <signaturePropFile>service.properties</signaturePropFile>
> > > >        </action>
> > > >    </parameter>
> > > >    <parameter name = "OutflowSecurity">
> > > >        <action>
> > > >            <items>Timestamp Encrypt Signature</items>
> > > >            <user>authsrv</user>
> > > >            <passwordCallbackClass>thesis.PWCBHandler</passwordCallbackClass>
> > > >            <signaturePropFile>service.properties</signaturePropFile>
> > > >            <signatureKeyIdentifier>SKIKeyIdentifier</signatureKeyIdentifier>
> > > >            <encryptionKeyIdentifier>SKIKeyIdentifier</encryptionKeyIdentifier>
> > > >            <encryptionUser>useReqSigCert</encryptionUser>
> > > >        </action>
> > > >    </parameter>
> > > >
> > > > Please help!
> > > > Thanks in advance
> > > >
> > > > ---------------------------------------------------------------------
> > > > To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> > > > For additional commands, e-mail: axis-user-help@ws.apache.org
> > > >
> > > >
> > >
> > >
> > > --
> > > www.ruchith.org
> > > www.wso2.org
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> > > For additional commands, e-mail: axis-user-help@ws.apache.org
> > >
> > >
> >
>

---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org


Mime
View raw message