axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bhushan Gupte" <bgu...@ARCCorp.com>
Subject RE: How to stop calling PWCallback logic for authentication using SecureConversation
Date Thu, 24 Jan 2008 15:54:46 GMT
Hi Nandana,

I am trying to merge the policy's of Sample01 and Sample04 from the
"samples/policy".
I am trying to test a policy to pass SecureConversation Token without
using encryption certificate (X.509) as defined in policy of Sample04. 
As the web service URI will be on secure HTTP connection (https) can we
have a policy with Secure Conversation Token (as we are passing multiple
messages) and not have one more encryption layer of X509 in the policy
file?

I am testing with this modified policy, can you please check what I am
missing in this:

 <wsp:Policy wsu:Id="UTOverTransport"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssec
urity-utility-1.0.xsd"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
	<wsp:ExactlyOne>
	  <wsp:All>
		<sp:TransportBinding
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
		  <wsp:Policy>
			<sp:SecureConversationToken
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/In
cludeToken/AlwaysToRecipient">
			  <wsp:Policy>
				<sp:HttpsToken
RequireClientCertificate="false"/>
			  </wsp:Policy>
			</sp:SecureConversationToken>
			<sp:AlgorithmSuite>
			  <wsp:Policy>
				<sp:Basic256/>
			  </wsp:Policy>
			</sp:AlgorithmSuite>
			<sp:Layout>
			  <wsp:Policy>
				<sp:Lax/>
			  </wsp:Policy>
			</sp:Layout>
			<sp:IncludeTimestamp/>
		  </wsp:Policy>
		</sp:TransportBinding>
		<sp:SignedSupportingTokens
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
			<wsp:Policy>
				<sp:UsernameToken
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/In
cludeToken/AlwaysToRecipient" />
		  </wsp:Policy>
		</sp:SignedSupportingTokens>
		
		<ramp:RampartConfig
xmlns:ramp="http://ws.apache.org/rampart/policy"> 
			<ramp:user>client</ramp:user>
	
<ramp:passwordCallbackClass>org.apache.rampart.samples.policy.sample04.P
WCBHandler</ramp:passwordCallbackClass>
		</ramp:RampartConfig>
		
	  </wsp:All>
	</wsp:ExactlyOne>
</wsp:Policy>

Thanks

Bhushan


From: Nandana Mihindukulasooriya [mailto:nandana.cse@gmail.com] 
Sent: Wednesday, January 23, 2008 10:03 PM
To: axis-user@ws.apache.org
Subject: Re: How to stop calling PWCallback logic for authentication
using SecureConversation

Hi Bhushan,

Can you post the modified  policy you are using  for this scenario so we
can debug and see ? 
In real project scenario the PWCallback class will contain calls to LDAP
for authentication and the whole purpose we are trying to implement
WS-SecureConversation in addition to WS-Security is that we can to
Secure Conversation between messages and not have to do LDAP
authentication for every message. 
Yes, I also wonder why we need to call the PWCallback once a SCT is
established. 

Thanks,
Nandana


 

Bhushan Gupte
 [1]         OMElement response = client.sendReceive(getPayload("Hello 
world1"));
        System.out.println("Response 1 : " + response);
        response = client.sendReceive(getPayload("Hello world2"));
        System.out.println("Response 2 : " + response);
        response = client.sendReceive(getPayload("Hello world3"));
        System.out.println("Response 3 : " + response);
[2]        for (int i = 0; i < callbacks.length; i++) {
            WSPasswordCallback pwcb = (WSPasswordCallback)callbacks[i];
            String id = pwcb.getIdentifer();
            if("client".equals(id)) {
                pwcb.setPassword("apache");
            } else if("service".equals(id)) {
                pwcb.setPassword("apache");
            }
        }


Mime
View raw message