axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From thomasV <thomas.vandierendo...@admb.be>
Subject Re: Apache rampart without encryption -> nullpointerException
Date Tue, 12 Feb 2008 08:12:49 GMT

Oh boy, hitting myself to the head now.
I thought you could specifiy an encryptionToken OR a SignatureToken. i guess
the jira issue can be set to completed. Sorry for that...

I am using the X509 certificates with a private key.
I'm gonna give it a try with the endorsingTokens.

Tnx for your help
that's 5 stars for you!



Nunny wrote:
> 
> Hi Thomas,
> 
>> So, this is something i don't get:
>> I only add add a signatureToken and still rampart tries to add an
>> encryptionToken?!
>> It looks like it is impossible to add a signature without an
>> encryptionToken.
> -- 
> 
> According to WS - Security Policy Specification, a symmetric binding
> has to have either  a protection token or both encryption token and
> signature token.
> 
> <sp:SymmetricBinding ... >
>  <wsp:Policy>
>    (
>       <sp:EncryptionToken ... >
> 	<wsp:Policy> ... </wsp:Policy>
>       </sp:EncryptionToken>
>       <sp:SignatureToken ... >
>         <wsp:Policy> ... </wsp:Policy>
>       </sp:SignatureToken>
>    ) | (
>       <sp:ProtectionToken ... >
>         <wsp:Policy> ... </wsp:Policy>
>       </sp:ProtectionToken>
>    )
>    ...
>  </wsp:Policy>
> </sp:SymmetricBinding>
> 
>      This how the symmetric binding works when a protection token is
> defined.
> The web service client creates an encrypted key by encrypting a random key
> using the web service's public key.  Then this encrypted key is used to
> sign
> and encrypt the messages back and forth. So only the web service need to
> have a key pair to do symmetric binding. If the web service need to
> authenticate
> the client, then a X509 token can be used as an endorsing supporting
> token.
> When an endorsing supporting token is used, the client signs the
> message signature
> again generating a second signature ( To do this client has to have
> the private key
> of his X509Token, so the client can be authenticated ).
>    In your case, are you using web service's X509 certificate ?
> 
> Thanks,
> /nandana
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-user-help@ws.apache.org
> 
> 
> 

-- 
View this message in context: http://www.nabble.com/Apache-rampart-without-encryption--%3E-nullpointerException-tp15408083p15428346.html
Sent from the Axis - User mailing list archive at Nabble.com.


---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org


Mime
View raw message