axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Håkon Sagehaug <Hakon.Sageh...@bccs.uib.no>
Subject Re: Adding security header to STSClient in rahas
Date Fri, 13 Mar 2009 11:09:16 GMT
Hi h

Here is the soap message

POST /axis2/services/EsysbioStSService HTTP/1.1
Content-Type: application/soap+xml; charset=UTF-8; action="
http://bccs.uib.no/esysbio/sts/RequestSecurityToken2"
User-Agent: Axis2
Host: 127.0.0.1:10000
Transfer-Encoding: chunked


<?xml version="1.0" encoding="UTF-8"?>
   <soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope"
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
      <soapenv:Header xmlns:wsa="
http://schemas.xmlsoap.org/ws/2004/08/addressing">
         <wsse:Security xmlns:wsse="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
soapenv:mustUnderstand="true">
            <wsu:Timestamp xmlns:wsu="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="Timestamp-10486149">
               <wsu:Created>2009-03-13T11:06:29.741Z</wsu:Created>
               <wsu:Expires>2009-03-13T11:11:29.741Z</wsu:Expires>
            </wsu:Timestamp>
            <xenc:EncryptedKey
Id="EncKeyId-urn:uuid:7FF488256833766ADB12369423904222">
               <xenc:EncryptionMethod Algorithm="
http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"></xenc:EncryptionMethod>
               <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                  <wsse:SecurityTokenReference>
                     <wsse:KeyIdentifier EncodingType="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
ValueType="
http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1
">7BGXYqhH2bzZH20yCLbzvv5SuEo=</wsse:KeyIdentifier>
                  </wsse:SecurityTokenReference>
               </ds:KeyInfo>
               <xenc:CipherData>

<xenc:CipherValue>olighcszt3Xvwr0M0gPHHfilO3CMHeAJoW/yMYV7XMw84u+5gY/Z4Xi0+zyrJ15+rjabIHKjb2GW/GgJu/TKpibtiue11kJu6P60EVca/fRrE/0QdsGesiDPCWHLPmZu88CPaiMBgEkSrYF1V0lfv37/Li67l6Dm5Xx3o/KnsJ4=</xenc:CipherValue>
               </xenc:CipherData>
            </xenc:EncryptedKey>
            <wsc:DerivedKeyToken xmlns:wsc="
http://schemas.xmlsoap.org/ws/2005/02/sc" xmlns:wsu="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="derivedKeyId-1711465251">
               <wsse:SecurityTokenReference>
                  <wsse:Reference
URI="#EncKeyId-urn:uuid:7FF488256833766ADB12369423904222" ValueType="
http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
"></wsse:Reference>
               </wsse:SecurityTokenReference>
               <wsc:Offset>0</wsc:Offset>
               <wsc:Length>32</wsc:Length>
               <wsc:Nonce>uE+u3t79hqOza8BjRj+zZQ==</wsc:Nonce>
            </wsc:DerivedKeyT oken>
            <xenc:ReferenceList>
               <xenc:DataReference
URI="#EncDataId-1860295362"></xenc:DataReference>
            </xenc:ReferenceList>
            <xenc:EncryptedData Id="EncDataId-1860295362" Type="
http://www.w3.org/2001/04/xmlenc#Element">
               <xenc:EncryptionMethod Algorithm="
http://www.w3.org/2001/04/xmlenc#aes256-cbc"></xenc:EncryptionMethod>
               <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                  <wsse:SecurityTokenReference>
                     <wsse:Reference
URI="#derivedKeyId-1711465251"></wsse:Reference>
                  </wsse:SecurityTokenReference>
               </ds:KeyInfo>
               <xenc:CipherData>
<xenc:CipherValue>k6qUdStYCBzygcThGPa0dEw1ZHD3OA6yKKp7/UZR0G1DyZT6lb6vLvW+Ha72jvAE9O1ZrJk/YYpqrhIzdmsz7e0wnbRwRrNMDywTPzZ8htC9xjVEt2AwXMp/OCF7T9uA9k8fZ7uFOYI0p/pEz3wJkWSmQ8S064zKahX9sJ11wHYzVuj751hbKmRGait5fzv42vyLdP+Z+D1OjCzHqwQFOWKCc8KNeLUDmTNQVVIwMWdKTJxBEhyNP8EgK2xAIqGLrgomCqs3LSwDq11tzMQPD/BCh1gtdKjqqFlKCIDmdgSeUVQT74wN2cJ3leGZQNl/SqEHERb0fQPVGz+lUKuqwQitUmVo5mG5wtFxB6A2Ctqhs0ijTK3HvNced28qK1C3uvt4Ew7QetEd/W1Z/m0+tJNib0NPLdU6RE6dMOXrx0N53xjkPeYBW/RZ9+4dRD0VBhrbNxaT7P4qN94WsPw3i6kG1+BhIfc4OLUWDxfImRXr0yVCnRtI5tJXzhY3G3TN2wculzsdW9bkNitq7UhBZV6NSmsDV5zfv1pqCVLfpV9IkuzwtGTmueR8HauhVsuhCMpwYwgc8XDUSmydVTfuQnun/q7oE6+phlhQNQUxynSY51gvcZnRLI17OVvJjYmU/FMd/ChJm/8B2CloADvoFvXsOumOqSEQKDuG+8XhB1tBqAn8uvFQVk2NtACWd8Ckp1Hrd13b0I0n0HWPOeYkHSIKvrAhyMi9NIPYIENm4li8cWiiOA3JF5dDf0KUSBwm68dvynbTZ4Yz19aNuzJDT3Pxoin1S0D+XkV9CmCImjfGvYSkdWGVNEBclMvgJ+k1</xenc:CipherValue>
               </xenc:CipherData>
            </xenc:EncryptedData>
            <wsc:DerivedKeyToken xmlns:wsc="
http://schemas.xmlsoap.org/ws/2005/02/sc" xmlns:wsu="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="derivedKeyId-1583486197">
               <wsse:SecurityTokenReference>
                  <wsse:Reference
URI="#EncKeyId-urn:uuid:7FF488256833766ADB12369423904222" ValueType="
http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
"></wsse:Reference>
               </wsse:SecurityTokenReference>
               <wsc:Offset>0</wsc:Offset>
               <wsc:Length>24</wsc:Length>
               <wsc:Nonce>CItmvqelaH6tbNeZWh218A==</wsc:Nonce>
            </wsc:DerivedKeyToken>
            <ds:Signature xmlns:ds="http://www.w3.o rg/2000/09/xmldsig#"
Id="Signature-1469198150">
               <ds:SignedInfo>
                  <ds:CanonicalizationMethod Algorithm="
http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMethod>
                  <ds:SignatureMethod Algorithm="
http://www.w3.org/2000/09/xmldsig#hmac-sha1"></ds:SignatureMethod>
                  <ds:Reference URI="#Id-1090032292">
                     <ds:Transforms>
                        <ds:Transform Algorithm="
http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform>
                     </ds:Transforms>
                     <ds:DigestMethod Algorithm="
http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>

<ds:DigestValue>Sb6hKiQpULdrLrtWOSVA2gumLyI=</ds:DigestValue>
                  </ds:Reference>
                  <ds:Reference URI="#Timestamp-10486149">
                     <ds:Transforms>
                        <ds:Transform Algorithm="
http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform>
                     </ds:Transforms>
                     <ds:DigestMethod Algorithm="
http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>

<ds:DigestValue>/XQ2TuBASW+fPG5UGMQWRU+scdc=</ds:DigestValue>
                  </ds:Reference>
               </ds:SignedInfo>

<ds:SignatureValue>ZV9ed7GZWFue0D+v1ztcEKVyFos=</ds:SignatureValue>
               <ds:KeyInfo Id="KeyId-2136814472">
                  <wsse:SecurityTokenReference xmlns:wsu="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="STRId-1071802123">
                     <wsse:Reference
URI="#derivedKeyId-1583486197"></wsse:Reference>
                  </wsse:SecurityTokenReference>
               </ds:KeyInfo>
            </ds:Signature>
         </wsse:Security>
         <wsa:To>http://localhost:10000/axis2/services/EsysbioStSService
</wsa:To>
         <wsa:ReplyTo>
            <wsa:Address>
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
</wsa:Address>
         </wsa:ReplyTo>

<wsa:MessageID>urn:uuid:E5FEE226666F29F02E1236942388626</wsa:MessageID>
         <wsa:Action>http://bccs.uib.no/esysbio/sts/RequestSecurityToken2
</wsa:Action>
      </soapenv:Header>
      <soapenv:Body xmlns:wsu="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="Id-1090032292">
         <wst:RequestSecurityToken xmlns:wst="
http://docs.oasis-open.org/ws-sx/ws-trust/200512">
            <wst:RequestType>
http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</wst:RequestType>
            <wst:Lifetime>
               <wsu:Created>2009-03-13T11:06:28.462Z</wsu:Created>
               <wsu :Expires>2009-03-13T11:11:28.462Z</wsu:Expires>
            </wst:Lifetime>
            <wst:TokenType>urn:no:bccs:esysbio:user:role</wst:TokenType>
            <wst:KeyType>
http://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey</wst:KeyType>
            <wst:KeySize>256</wst:KeySize>
            <wsse:UsernameToken xmlns:wsse="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
">
               <wsse:Username>testu</wsse:Username>
            </wsse:UsernameToken>
            <wst:Entropy>
               <wst:BinarySecret Type="
http://docs.oasis-open.org/ws-sx/ws-trust/200512/Nonce
">niKcIVG+hmMnjTZ3uqqNyCQoBK4AbbEpwlRrUCOtba0=</wst:BinarySecret>
            </wst:Entropy>
            <wst:ComputedKeyAlgorithm>
http://docs.oasis-open.org/ws-sx/ws-trust/200512/CK/PSHA1
</wst:ComputedKeyAlgorithm>
         </wst:RequestSecurityToken>
      </soapenv:Body>
   </soapenv:Envelope>


2009/3/13 Nandana Mihindukulasooriya <nandana.cse@gmail.com>

> Can you post the SOAP message ? In the case of symmetric binding username
> token header is encrypted.
>
> thanks,
> nandana
>
>
> On Thu, Mar 12, 2009 at 5:06 PM, Håkon Sagehaug <
> Hakon.Sagehaug@bccs.uib.no> wrote:
>
>>
>>
>> ---------- Forwarded message ----------
>> From: Håkon Sagehaug <Hakon.Sagehaug@bccs.uib.no>
>> Date: 2009/3/12
>> Subject: Re: Adding security header to STSClient in rahas
>> To: rampart-dev@ws.apache.org
>>
>>
>> Hi
>>
>> what I read out of the code is that if username and password is set in
>> options it should be picked up, but I set it in option and still no
>> unsername token header.
>>
>> Here is my policy, if anyone sees something wrong it's highly appreciated
>>
>> <wsp:Policy wsu:Id="SigOnly"
>>     xmlns:wsu="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
>> "
>>     xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:sp="
>> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
>>     <wsp:All>
>>         <sp:SymmetricBinding>
>>             <wsp:Policy>
>>                 <sp:ProtectionToken>
>>                     <wsp:Policy>
>>                         <sp:X509Token
>>                             sp:IncludeToken="
>> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
>>                             <wsp:Policy>
>>                                 <sp:RequireDerivedKeys />
>>                                 <sp:RequireThumbprintReference />
>>                                 <sp:WssX509V3Token10 />
>>                             </wsp:Policy>
>>                         </sp:X509Token>
>>                     </wsp:Policy>
>>                 </sp:ProtectionToken>
>>                 <sp:AlgorithmSuite>
>>                     <wsp:Policy>
>>                         <sp:Basic256 />
>>                     </wsp:Policy>
>>                 </sp:AlgorithmSuite>
>>                 <sp:Layout>
>>                     <wsp:Policy>
>>                         <sp:Lax />
>>                     </wsp:Policy>
>>                 </sp:Layout>
>>                 <sp:IncludeTimestamp />
>>                 <sp:OnlySignEntireHeadersAndBody />
>>             </wsp:Policy>
>>         </sp:SymmetricBinding>
>>         <sp:SupportingTokens
>>             xmlns:sp="
>> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
>>             <wsp:Policy>
>>                 <sp:UsernameToken
>>                     sp:IncludeToken="
>> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"
>> />
>>             </wsp:Policy>
>>         </sp:SupportingTokens>
>>         <sp:SignedParts>
>>             <sp:Body />
>>         </sp:SignedParts>
>>         <sp:Wss11 xmlns:sp="
>> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
>>             <wsp:Policy>
>>                 <sp:MustSupportRefKeyIdentifier />
>>                 <sp:MustSupportRefIssuerSerial />
>>                 <sp:MustSupportRefThumbprint />
>>                 <sp:MustSupportRefEncryptedKey />
>>             </wsp:Policy>
>>         </sp:Wss11>
>>         <ramp:RampartConfig xmlns:ramp="
>> http://ws.apache.org/rampart/policy">
>>             <ramp:user>client</ramp:user>
>>             <ramp:encryptionUser>service
>>             </ramp:encryptionUser>
>>             <ramp:passwordCallbackClass>PWCBHandler
>>             </ramp:passwordCallbackClass>
>>             <ramp:signatureCrypto>
>>                 <ramp:crypto
>> provider="org.apache.ws.security.components.crypto.Merlin">
>>                     <ramp:property
>> name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
>>                     <ramp:property
>> name="org.apache.ws.security.crypto.merlin.file">
>>                        clientTrustStore.jks
>>                                 </ramp:property>
>>                     <ramp:property
>>
>>  name="org.apache.ws.security.crypto.merlin.keystore.password">pass</ramp:property>
>>                 </ramp:crypto>
>>             </ramp:signatureCrypto>
>>         </ramp:RampartConfig>
>>     </wsp:All>
>> </wsp:Policy>
>>
>> 2009/3/11 Martin Gainty <mgainty@hotmail.com>
>>
>>
>>>    /**
>>>     * Sets the crypto information required to process the RSTR.
>>>     *
>>>     * @param crypto    Crypto information
>>>     * @param cbHandler Callback handler to provide the private key
>>> password to
>>>     *                  decrypt
>>>     */
>>>    public void setCryptoInfo(Crypto crypto, CallbackHandler cbHandler) {
>>>        this.crypto = crypto;
>>>        this.cbHandler = cbHandler;
>>>    }
>>>
>>> Test Harness from RampartUtil:
>>> public static String getToken(RampartMessageData rmd, OMElement
>>> rstTemplate,
>>>            String issuerEpr, String action, Policy issuerPolicy) throws
>>> RampartException {
>>>
>>>        try {
>>>            //First check whether the user has provided the token
>>>            MessageContext msgContext = rmd.getMsgContext();
>>>            String customTokeId = (String) msgContext
>>>
>>>  .getProperty(RampartMessageData.KEY_CUSTOM_ISSUED_TOKEN);
>>>            if(customTokeId != null) {
>>>                return customTokeId;
>>>            } else {
>>>
>>>                Axis2Util.useDOOM(false);
>>>
>>>                STSClient client = new STSClient(rmd.getMsgContext()
>>>                        .getConfigurationContext());
>>>                // Set request action
>>>                client.setAction(action);
>>>
>>>                client.setRstTemplate(rstTemplate);
>>>
>>>                // Set crypto information
>>>                Crypto crypto =
>>> RampartUtil.getSignatureCrypto(rmd.getPolicyData().getRampartConfig(),
>>>
>>>  rmd.getMsgContext().getAxisService().getClassLoader());
>>>                CallbackHandler cbh = RampartUtil.getPasswordCB(rmd);
>>>                client.setCryptoInfo(crypto, cbh);
>>>
>>> which is called from BindingBuilder:
>>>  protected WSSecUsernameToken addUsernameToken(RampartMessageData rmd)
>>> throws RampartException {
>>>
>>>        log.debug("Adding a UsernameToken");
>>>
>>>        RampartPolicyData rpd = rmd.getPolicyData();
>>>
>>>        //Get the user
>>>        //First try options
>>>        Options options = rmd.getMsgContext().getOptions();
>>>        String user = options.getUserName();
>>>        if(user == null || user.length() == 0) {
>>>            //Then try RampartConfig
>>>            if(rpd.getRampartConfig() != null) {
>>>                user = rpd.getRampartConfig().getUser();
>>>            }
>>>        }
>>>
>>>        if(user != null && !"".equals(user)) {
>>>            log.debug("User : " + user);
>>>
>>>            //Get the password
>>>
>>>            //First check options object for a password
>>>            String password = options.getPassword();
>>>
>>>            if((password == null || password.length() == 0) &&
>>>                    rpd.getRampartConfig() != null) {
>>>
>>>                //Then try to get the password from the given callback
>>> handler
>>>                CallbackHandler handler = RampartUtil.getPasswordCB(rmd);
>>>
>>> where RampartPolicyData has mutator method for recipientToken
>>> /*** @param recipientToken The recipientToken to set. */
>>>    public void setRecipientToken(Token recipientToken) {
>>>        this.recipientToken = recipientToken;
>>>    }
>>>
>>> and in the RecipientBuilder.java
>>>  /**
>>>     * Evaluate policy data that is specific to asymmetric binding.
>>>     *
>>>     * @param binding
>>>     *            The asymmetric binding data
>>>     * @param rpd
>>>     *            The WSS4J data to initialize
>>>     */
>>>    private static void asymmetricBinding(AsymmetricBinding binding,
>>>            RampartPolicyData rpd) throws WSSPolicyException {
>>>        TokenWrapper tokWrapper = binding.getRecipientToken();
>>>        TokenWrapper tokWrapper1 = binding.getInitiatorToken();
>>>        if (tokWrapper == null && tokWrapper1 == null) {
>>>            // this is an error - throw something
>>>        }
>>>        rpd.setRecipientToken(((RecipientToken)
>>> tokWrapper).getReceipientToken());
>>>        rpd.setInitiatorToken(((InitiatorToken)
>>> tokWrapper1).getInitiatorToken());
>>>    }
>>>
>>> the key is to make sure Rec<e>ipientToken is included in the binding
>>> /** in the case of AssymetricBinding ******/
>>>    public PolicyComponent normalize() {
>>>
>>>        if (isNormalized()) {
>>>            return this;
>>>        }
>>>
>>>        AlgorithmSuite algorithmSuite = getAlgorithmSuite();
>>>        List configs = algorithmSuite.getConfigurations();
>>>
>>>        Policy policy = new Policy();
>>>        ExactlyOne exactlyOne = new ExactlyOne();
>>>
>>>        policy.addPolicyComponent(exactlyOne);
>>>
>>>        All wrapper;
>>>        AsymmetricBinding asymmetricBinding;
>>>
>>>        for (Iterator iterator = configs.iterator(); iterator.hasNext();)
>>> {
>>>            wrapper = new All();
>>>            asymmetricBinding = new AsymmetricBinding();
>>>
>>>            asymmetricBinding.setAlgorithmSuite((AlgorithmSuite) iterator
>>>                    .next());
>>>            asymmetricBinding
>>>
>>>  .setEntireHeadersAndBodySignatures(isEntireHeadersAndBodySignatures());
>>>            asymmetricBinding.setIncludeTimestamp(isIncludeTimestamp());
>>>            asymmetricBinding.setInitiatorToken(getInitiatorToken());
>>>            asymmetricBinding.setLayout(getLayout());
>>>            asymmetricBinding.setProtectionOrder(getProtectionOrder());
>>>            asymmetricBinding.setRecipientToken(getRecipientToken());
>>> /********here is where the recipientToken is inserted to the Binding
>>> *******/
>>> Martin
>>> ______________________________________________
>>> Disclaimer and confidentiality note
>>> Everything in this e-mail and any attachments relates to the official
>>> business of Sender. This transmission is of a confidential nature and Sender
>>> does not endorse distribution to any party other than intended recipient.
>>> Sender does not necessarily endorse content contained within this
>>> transmission.
>>>
>>>
>>>
>>>
>>> > Date: Wed, 11 Mar 2009 08:55:09 +0100
>>> > Subject: Re: Adding security header to STSClient in rahas
>>> > From: Hakon.Sagehaug@bccs.uib.no
>>> > To: rampart-dev@ws.apache.org
>>> >
>>> > Hi
>>> >
>>> > Yes, I've got this in the policy
>>> >
>>> > <sp:SupportingTokens
>>> >                 xmlns:sp="
>>> > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
>>> >                 <wsp:Policy>
>>> >                     <sp:UsernameToken
>>> >                         sp:IncludeToken="
>>> >
>>> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient
>>> "
>>> > />
>>> >                 </wsp:Policy>
>>> >             </sp:SupportingTokens>
>>> >
>>> > After I define the symmetricbinding element. Do you know if what I
>>> asked
>>> > about how to test if the callback handler should provide a password to
>>> the
>>> > keystore or actually check username and password was correct?
>>> >
>>> > cheers, Håkon
>>> >
>>> >
>>> > 2009/3/10 Massimiliano Masi <masi@math.unifi.it>
>>> >
>>> > > Hi,
>>> > >
>>> > > Did you add in your STS policy something like:
>>> > >
>>> > >  <wsp:Policy>
>>> > >              <sp:UsernameToken sp:IncludeToken="
>>> > > http://docs.oasis-open.org/ws-s
>>> > > x/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
>>> > >                <wsp:Policy>
>>> > >                        <sp:HashPassword />
>>> > >                    </wsp:Policy>
>>> > >              </sp:UsernameToken>
>>> > >            </wsp:Policy>
>>> > >
>>> > >
>>> > >
>>> > >
>>> > > Quoting Håkon Sagehaug <Hakon.Sagehaug@bccs.uib.no>:
>>> > >
>>> > >  Hi all,
>>> > >>
>>> > >> I wanted to add username/password token in my request to my sts
>>> service.
>>> > >> I'm
>>> > >> using the STSClient from rahas and tried with this
>>> > >>
>>> > >> Options options = new Options();
>>> > >>        options.setUserName("user");
>>> > >>        options.setPassword("pass");
>>> > >>        options.setProperty(RampartMessageData.KEY_RAMPART_POLICY,
>>> > >>                loadPolicy("policy/sts_policy.xml"));
>>> > >>        stsClient.setOptions(options);
>>> > >>
>>> > >> But the messages don't have a security header.
>>> > >>
>>> > >> Alos how should I configure the callback handler, since it need
to
>>> both
>>> > >> validate the username password and fetch the certificate for
>>> validating
>>> > >> the
>>> > >> signed message. Should it be something like this
>>> > >>
>>> > >> if(pwcb.getUsage() == WSPasswordCallback.USERNAME_TOKEN){
>>> > >>   /* Do password validation*/
>>> > >> }
>>> > >>
>>> > >> if(pwcb.getUsage() == WSPasswordCallback.SIGNATURE){
>>> > >> /* Do set password for keystore*/
>>> > >> }
>>> > >>
>>> > >> cheers, Håkon
>>> > >> --
>>> > >> Håkon Sagehaug, Scientific Programmer
>>> > >> Parallab, Bergen Center for Computational Science (BCCS)
>>> > >> UNIFOB AS (University of Bergen Research Company)
>>> > >>
>>> > >>
>>> > >
>>> > >
>>> > > ----------------------------------------------------------------
>>> > > This message was sent using IMP, the Internet Messaging Program.
>>> > >
>>> > >
>>> > >
>>> >
>>> >
>>> > --
>>> > Håkon Sagehaug, Scientific Programmer
>>> > Parallab, Bergen Center for Computational Science (BCCS)
>>> > UNIFOB AS (University of Bergen Research Company)
>>>
>>> _________________________________________________________________
>>> Windows Live™: Life without walls.
>>> http://windowslive.com/explore?ocid=TXT_TAGLM_WL_allup_1a_explore_032009
>>
>>
>>
>>
>> --
>> Håkon Sagehaug, Scientific Programmer
>> Parallab, Bergen Center for Computational Science (BCCS)
>> UNIFOB AS (University of Bergen Research Company)
>>
>>
>>
>> --
>> Håkon Sagehaug, Scientific Programmer
>> Parallab, Bergen Center for Computational Science (BCCS)
>> UNIFOB AS (University of Bergen Research Company)
>>
>
>
>


-- 
Håkon Sagehaug, Scientific Programmer
Parallab, Bergen Center for Computational Science (BCCS)
UNIFOB AS (University of Bergen Research Company)

Mime
View raw message