axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From <>
Subject Is wss4j still an active project? (was: Rampart configuration question)
Date Mon, 09 Jul 2007 14:59:20 GMT

I didn't see any replies to the question below, so I started digging through the rampart/wss4j
code. I found a workaround that will allow me to hard-code the private key into my client
and server, and not have to have absolute paths to key files. This involves making a small
change to one of the wss4j classes.

I got the wss4j source code and tried to build it. Unfortunately it was build with axis version
1, and I'm using axis2. It's trying to import org.apache.axis packages whereas the new version's
package names begin with org.apache.axis2. Moreover, some classes from the old version have
moved since the new one. For example, wss4j tries to import org.apache.axix.Message, but there
is no such class org.apache.axis2.Message, so I can't just change the package names.

Anyway, is wss4j still in active development? It doesn't look like it. Has anyone moved the
source to be compatible with axis2?


> -----Original Message-----
> From: Davis, Michael 
> Sent: Friday, July 06, 2007 2:28 PM
> To: ''
> Subject: Rampart configuration question
> Hi,
> I'm trying to use Rampart to encrypt my message body using a 
> symetric secret key.
> Sample 9, included with the Rampart distibution, does just 
> this. The actual key is hard-coded in a callback function 
> both on the client and the server. My understanding is that 
> the key is the only piece of data needed to encode the message.
> I was wondering why this part of the client config file:
>         <action>
>             <items>Encrypt</items>
>             <user>client</user>
> <encryptionKeyIdentifier>EmbeddedKeyName</encryptionKeyIdentifier>
> <EmbeddedKeyCallbackClass>org.apache.rampart.samples.sample09.
> PWCBHandler</EmbeddedKeyCallbackClass>
>             <encryptionPropFile></encryptionPropFile>
>             <EmbeddedKeyName>SessionKey</EmbeddedKeyName>
>         </action>
> contains the encryptionPropFile property. The said property 
> file contains this:
> components.crypto.Merlin
> Now, I can see why we need to configure the provider class. 
> But why does Rampart need the keystore? I'm not using 
> public/private keys or certificates, just one secret key.
> The code works, but I'd like to simplify it as much as 
> possible. The properties and keystore files shouldn't be 
> necessary, unless I'm misunderstanding something.
> Many thanks
> Michael Davis

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message