axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Håkon Sagehaug <Hakon.Sageh...@bccs.uib.no>
Subject Re: Adding security header to STSClient in rahas
Date Fri, 13 Mar 2009 11:16:52 GMT
Hi

Thanks for the tip, looks like it was encrypted, I got it out in the
password callback handler at the sts service. One question though where can
I locate the element that is the encrypted username token element in the
message?

cheers, Håkon

2009/3/13 Håkon Sagehaug <Hakon.Sagehaug@bccs.uib.no>

> Hi h
>
> Here is the soap message
>
> POST /axis2/services/EsysbioStSService HTTP/1.1
> Content-Type: application/soap+xml; charset=UTF-8; action="
> http://bccs.uib.no/esysbio/sts/RequestSecurityToken2"
> User-Agent: Axis2
> Host: 127.0.0.1:10000
> Transfer-Encoding: chunked
>
>
> <?xml version="1.0" encoding="UTF-8"?>
>    <soapenv:Envelope xmlns:soapenv="
> http://www.w3.org/2003/05/soap-envelope" xmlns:xenc="
> http://www.w3.org/2001/04/xmlenc#">
>       <soapenv:Header xmlns:wsa="
> http://schemas.xmlsoap.org/ws/2004/08/addressing">
>          <wsse:Security xmlns:wsse="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
> soapenv:mustUnderstand="true">
>             <wsu:Timestamp xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
> wsu:Id="Timestamp-10486149">
>                <wsu:Created>2009-03-13T11:06:29.741Z</wsu:Created>
>                <wsu:Expires>2009-03-13T11:11:29.741Z</wsu:Expires>
>             </wsu:Timestamp>
>             <xenc:EncryptedKey
> Id="EncKeyId-urn:uuid:7FF488256833766ADB12369423904222">
>                <xenc:EncryptionMethod Algorithm="
> http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"></xenc:EncryptionMethod>
>                <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
>                   <wsse:SecurityTokenReference>
>                      <wsse:KeyIdentifier EncodingType="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
> ValueType="
> http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1
> ">7BGXYqhH2bzZH20yCLbzvv5SuEo=</wsse:KeyIdentifier>
>                   </wsse:SecurityTokenReference>
>                </ds:KeyInfo>
>                <xenc:CipherData>
>
> <xenc:CipherValue>olighcszt3Xvwr0M0gPHHfilO3CMHeAJoW/yMYV7XMw84u+5gY/Z4Xi0+zyrJ15+rjabIHKjb2GW/GgJu/TKpibtiue11kJu6P60EVca/fRrE/0QdsGesiDPCWHLPmZu88CPaiMBgEkSrYF1V0lfv37/Li67l6Dm5Xx3o/KnsJ4=</xenc:CipherValue>
>                </xenc:CipherData>
>             </xenc:EncryptedKey>
>             <wsc:DerivedKeyToken xmlns:wsc="
> http://schemas.xmlsoap.org/ws/2005/02/sc" xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
> wsu:Id="derivedKeyId-1711465251">
>                <wsse:SecurityTokenReference>
>                   <wsse:Reference
> URI="#EncKeyId-urn:uuid:7FF488256833766ADB12369423904222" ValueType="
> http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
> "></wsse:Reference>
>                </wsse:SecurityTokenReference>
>                <wsc:Offset>0</wsc:Offset>
>                <wsc:Length>32</wsc:Length>
>                <wsc:Nonce>uE+u3t79hqOza8BjRj+zZQ==</wsc:Nonce>
>             </wsc:DerivedKeyT oken>
>             <xenc:ReferenceList>
>                <xenc:DataReference
> URI="#EncDataId-1860295362"></xenc:DataReference>
>             </xenc:ReferenceList>
>             <xenc:EncryptedData Id="EncDataId-1860295362" Type="
> http://www.w3.org/2001/04/xmlenc#Element">
>                <xenc:EncryptionMethod Algorithm="
> http://www.w3.org/2001/04/xmlenc#aes256-cbc"></xenc:EncryptionMethod>
>                <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
>                   <wsse:SecurityTokenReference>
>                      <wsse:Reference
> URI="#derivedKeyId-1711465251"></wsse:Reference>
>                   </wsse:SecurityTokenReference>
>                </ds:KeyInfo>
>                <xenc:CipherData>
> <xenc:CipherValue>k6qUdStYCBzygcThGPa0dEw1ZHD3OA6yKKp7/UZR0G1DyZT6lb6vLvW+Ha72jvAE9O1ZrJk/YYpqrhIzdmsz7e0wnbRwRrNMDywTPzZ8htC9xjVEt2AwXMp/OCF7T9uA9k8fZ7uFOYI0p/pEz3wJkWSmQ8S064zKahX9sJ11wHYzVuj751hbKmRGait5fzv42vyLdP+Z+D1OjCzHqwQFOWKCc8KNeLUDmTNQVVIwMWdKTJxBEhyNP8EgK2xAIqGLrgomCqs3LSwDq11tzMQPD/BCh1gtdKjqqFlKCIDmdgSeUVQT74wN2cJ3leGZQNl/SqEHERb0fQPVGz+lUKuqwQitUmVo5mG5wtFxB6A2Ctqhs0ijTK3HvNced28qK1C3uvt4Ew7QetEd/W1Z/m0+tJNib0NPLdU6RE6dMOXrx0N53xjkPeYBW/RZ9+4dRD0VBhrbNxaT7P4qN94WsPw3i6kG1+BhIfc4OLUWDxfImRXr0yVCnRtI5tJXzhY3G3TN2wculzsdW9bkNitq7UhBZV6NSmsDV5zfv1pqCVLfpV9IkuzwtGTmueR8HauhVsuhCMpwYwgc8XDUSmydVTfuQnun/q7oE6+phlhQNQUxynSY51gvcZnRLI17OVvJjYmU/FMd/ChJm/8B2CloADvoFvXsOumOqSEQKDuG+8XhB1tBqAn8uvFQVk2NtACWd8Ckp1Hrd13b0I0n0HWPOeYkHSIKvrAhyMi9NIPYIENm4li8cWiiOA3JF5dDf0KUSBwm68dvynbTZ4Yz19aNuzJDT3Pxoin1S0D+XkV9CmCImjfGvYSkdWGVNEBclMvgJ+k1</xenc:CipherValue>
>                </xenc:CipherData>
>             </xenc:EncryptedData>
>             <wsc:DerivedKeyToken xmlns:wsc="
> http://schemas.xmlsoap.org/ws/2005/02/sc" xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
> wsu:Id="derivedKeyId-1583486197">
>                <wsse:SecurityTokenReference>
>                   <wsse:Reference
> URI="#EncKeyId-urn:uuid:7FF488256833766ADB12369423904222" ValueType="
> http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
> "></wsse:Reference>
>                </wsse:SecurityTokenReference>
>                <wsc:Offset>0</wsc:Offset>
>                <wsc:Length>24</wsc:Length>
>                <wsc:Nonce>CItmvqelaH6tbNeZWh218A==</wsc:Nonce>
>             </wsc:DerivedKeyToken>
>             <ds:Signature xmlns:ds="http://www.w3.o rg/2000/09/xmldsig#"
> Id="Signature-1469198150">
>                <ds:SignedInfo>
>                   <ds:CanonicalizationMethod Algorithm="
> http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMethod>
>                   <ds:SignatureMethod Algorithm="
> http://www.w3.org/2000/09/xmldsig#hmac-sha1"></ds:SignatureMethod>
>                   <ds:Reference URI="#Id-1090032292">
>                      <ds:Transforms>
>                         <ds:Transform Algorithm="
> http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform>
>                      </ds:Transforms>
>                      <ds:DigestMethod Algorithm="
> http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
>
> <ds:DigestValue>Sb6hKiQpULdrLrtWOSVA2gumLyI=</ds:DigestValue>
>                   </ds:Reference>
>                   <ds:Reference URI="#Timestamp-10486149">
>                      <ds:Transforms>
>                         <ds:Transform Algorithm="
> http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform>
>                      </ds:Transforms>
>                      <ds:DigestMethod Algorithm="
> http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
>
> <ds:DigestValue>/XQ2TuBASW+fPG5UGMQWRU+scdc=</ds:DigestValue>
>                   </ds:Reference>
>                </ds:SignedInfo>
>
> <ds:SignatureValue>ZV9ed7GZWFue0D+v1ztcEKVyFos=</ds:SignatureValue>
>                <ds:KeyInfo Id="KeyId-2136814472">
>                   <wsse:SecurityTokenReference xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
> wsu:Id="STRId-1071802123">
>                      <wsse:Reference
> URI="#derivedKeyId-1583486197"></wsse:Reference>
>                   </wsse:SecurityTokenReference>
>                </ds:KeyInfo>
>             </ds:Signature>
>          </wsse:Security>
>          <wsa:To>http://localhost:10000/axis2/services/EsysbioStSService
> </wsa:To>
>          <wsa:ReplyTo>
>             <wsa:Address>
> http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
> </wsa:Address>
>          </wsa:ReplyTo>
>
> <wsa:MessageID>urn:uuid:E5FEE226666F29F02E1236942388626</wsa:MessageID>
>          <wsa:Action>http://bccs.uib.no/esysbio/sts/RequestSecurityToken2
> </wsa:Action>
>       </soapenv:Header>
>       <soapenv:Body xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
> wsu:Id="Id-1090032292">
>          <wst:RequestSecurityToken xmlns:wst="
> http://docs.oasis-open.org/ws-sx/ws-trust/200512">
>             <wst:RequestType>
> http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</wst:RequestType>
>             <wst:Lifetime>
>                <wsu:Created>2009-03-13T11:06:28.462Z</wsu:Created>
>                <wsu :Expires>2009-03-13T11:11:28.462Z</wsu:Expires>
>             </wst:Lifetime>
>             <wst:TokenType>urn:no:bccs:esysbio:user:role</wst:TokenType>
>             <wst:KeyType>
> http://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey
> </wst:KeyType>
>             <wst:KeySize>256</wst:KeySize>
>             <wsse:UsernameToken xmlns:wsse="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
> ">
>                <wsse:Username>testu</wsse:Username>
>             </wsse:UsernameToken>
>             <wst:Entropy>
>                <wst:BinarySecret Type="
> http://docs.oasis-open.org/ws-sx/ws-trust/200512/Nonce
> ">niKcIVG+hmMnjTZ3uqqNyCQoBK4AbbEpwlRrUCOtba0=</wst:BinarySecret>
>             </wst:Entropy>
>             <wst:ComputedKeyAlgorithm>
> http://docs.oasis-open.org/ws-sx/ws-trust/200512/CK/PSHA1
> </wst:ComputedKeyAlgorithm>
>          </wst:RequestSecurityToken>
>       </soapenv:Body>
>    </soapenv:Envelope>
>
>
> 2009/3/13 Nandana Mihindukulasooriya <nandana.cse@gmail.com>
>
>  Can you post the SOAP message ? In the case of symmetric binding username
>> token header is encrypted.
>>
>> thanks,
>> nandana
>>
>>
>> On Thu, Mar 12, 2009 at 5:06 PM, Håkon Sagehaug <
>> Hakon.Sagehaug@bccs.uib.no> wrote:
>>
>>>
>>>
>>> ---------- Forwarded message ----------
>>> From: Håkon Sagehaug <Hakon.Sagehaug@bccs.uib.no>
>>> Date: 2009/3/12
>>> Subject: Re: Adding security header to STSClient in rahas
>>> To: rampart-dev@ws.apache.org
>>>
>>>
>>> Hi
>>>
>>> what I read out of the code is that if username and password is set in
>>> options it should be picked up, but I set it in option and still no
>>> unsername token header.
>>>
>>> Here is my policy, if anyone sees something wrong it's highly appreciated
>>>
>>> <wsp:Policy wsu:Id="SigOnly"
>>>     xmlns:wsu="
>>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
>>> "
>>>     xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:sp="
>>> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
>>>     <wsp:All>
>>>         <sp:SymmetricBinding>
>>>             <wsp:Policy>
>>>                 <sp:ProtectionToken>
>>>                     <wsp:Policy>
>>>                         <sp:X509Token
>>>                             sp:IncludeToken="
>>> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never
>>> ">
>>>                             <wsp:Policy>
>>>                                 <sp:RequireDerivedKeys />
>>>                                 <sp:RequireThumbprintReference />
>>>                                 <sp:WssX509V3Token10 />
>>>                             </wsp:Policy>
>>>                         </sp:X509Token>
>>>                     </wsp:Policy>
>>>                 </sp:ProtectionToken>
>>>                 <sp:AlgorithmSuite>
>>>                     <wsp:Policy>
>>>                         <sp:Basic256 />
>>>                     </wsp:Policy>
>>>                 </sp:AlgorithmSuite>
>>>                 <sp:Layout>
>>>                     <wsp:Policy>
>>>                         <sp:Lax />
>>>                     </wsp:Policy>
>>>                 </sp:Layout>
>>>                 <sp:IncludeTimestamp />
>>>                 <sp:OnlySignEntireHeadersAndBody />
>>>             </wsp:Policy>
>>>         </sp:SymmetricBinding>
>>>         <sp:SupportingTokens
>>>             xmlns:sp="
>>> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
>>>             <wsp:Policy>
>>>                 <sp:UsernameToken
>>>                     sp:IncludeToken="
>>> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"
>>> />
>>>             </wsp:Policy>
>>>         </sp:SupportingTokens>
>>>         <sp:SignedParts>
>>>             <sp:Body />
>>>         </sp:SignedParts>
>>>         <sp:Wss11 xmlns:sp="
>>> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
>>>             <wsp:Policy>
>>>                 <sp:MustSupportRefKeyIdentifier />
>>>                 <sp:MustSupportRefIssuerSerial />
>>>                 <sp:MustSupportRefThumbprint />
>>>                 <sp:MustSupportRefEncryptedKey />
>>>             </wsp:Policy>
>>>         </sp:Wss11>
>>>         <ramp:RampartConfig xmlns:ramp="
>>> http://ws.apache.org/rampart/policy">
>>>             <ramp:user>client</ramp:user>
>>>             <ramp:encryptionUser>service
>>>             </ramp:encryptionUser>
>>>             <ramp:passwordCallbackClass>PWCBHandler
>>>             </ramp:passwordCallbackClass>
>>>             <ramp:signatureCrypto>
>>>                 <ramp:crypto
>>> provider="org.apache.ws.security.components.crypto.Merlin">
>>>                     <ramp:property
>>> name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
>>>                     <ramp:property
>>> name="org.apache.ws.security.crypto.merlin.file">
>>>                        clientTrustStore.jks
>>>                                 </ramp:property>
>>>                     <ramp:property
>>>
>>>  name="org.apache.ws.security.crypto.merlin.keystore.password">pass</ramp:property>
>>>                 </ramp:crypto>
>>>             </ramp:signatureCrypto>
>>>         </ramp:RampartConfig>
>>>     </wsp:All>
>>> </wsp:Policy>
>>>
>>> 2009/3/11 Martin Gainty <mgainty@hotmail.com>
>>>
>>>
>>>>    /**
>>>>     * Sets the crypto information required to process the RSTR.
>>>>     *
>>>>     * @param crypto    Crypto information
>>>>     * @param cbHandler Callback handler to provide the private key
>>>> password to
>>>>     *                  decrypt
>>>>     */
>>>>    public void setCryptoInfo(Crypto crypto, CallbackHandler cbHandler) {
>>>>        this.crypto = crypto;
>>>>        this.cbHandler = cbHandler;
>>>>    }
>>>>
>>>> Test Harness from RampartUtil:
>>>> public static String getToken(RampartMessageData rmd, OMElement
>>>> rstTemplate,
>>>>            String issuerEpr, String action, Policy issuerPolicy) throws
>>>> RampartException {
>>>>
>>>>        try {
>>>>            //First check whether the user has provided the token
>>>>            MessageContext msgContext = rmd.getMsgContext();
>>>>            String customTokeId = (String) msgContext
>>>>
>>>>  .getProperty(RampartMessageData.KEY_CUSTOM_ISSUED_TOKEN);
>>>>            if(customTokeId != null) {
>>>>                return customTokeId;
>>>>            } else {
>>>>
>>>>                Axis2Util.useDOOM(false);
>>>>
>>>>                STSClient client = new STSClient(rmd.getMsgContext()
>>>>                        .getConfigurationContext());
>>>>                // Set request action
>>>>                client.setAction(action);
>>>>
>>>>                client.setRstTemplate(rstTemplate);
>>>>
>>>>                // Set crypto information
>>>>                Crypto crypto =
>>>> RampartUtil.getSignatureCrypto(rmd.getPolicyData().getRampartConfig(),
>>>>
>>>>  rmd.getMsgContext().getAxisService().getClassLoader());
>>>>                CallbackHandler cbh = RampartUtil.getPasswordCB(rmd);
>>>>                client.setCryptoInfo(crypto, cbh);
>>>>
>>>> which is called from BindingBuilder:
>>>>  protected WSSecUsernameToken addUsernameToken(RampartMessageData rmd)
>>>> throws RampartException {
>>>>
>>>>        log.debug("Adding a UsernameToken");
>>>>
>>>>        RampartPolicyData rpd = rmd.getPolicyData();
>>>>
>>>>        //Get the user
>>>>        //First try options
>>>>        Options options = rmd.getMsgContext().getOptions();
>>>>        String user = options.getUserName();
>>>>        if(user == null || user.length() == 0) {
>>>>            //Then try RampartConfig
>>>>            if(rpd.getRampartConfig() != null) {
>>>>                user = rpd.getRampartConfig().getUser();
>>>>            }
>>>>        }
>>>>
>>>>        if(user != null && !"".equals(user)) {
>>>>            log.debug("User : " + user);
>>>>
>>>>            //Get the password
>>>>
>>>>            //First check options object for a password
>>>>            String password = options.getPassword();
>>>>
>>>>            if((password == null || password.length() == 0) &&
>>>>                    rpd.getRampartConfig() != null) {
>>>>
>>>>                //Then try to get the password from the given callback
>>>> handler
>>>>                CallbackHandler handler = RampartUtil.getPasswordCB(rmd);
>>>>
>>>> where RampartPolicyData has mutator method for recipientToken
>>>> /*** @param recipientToken The recipientToken to set. */
>>>>    public void setRecipientToken(Token recipientToken) {
>>>>        this.recipientToken = recipientToken;
>>>>    }
>>>>
>>>> and in the RecipientBuilder.java
>>>>  /**
>>>>     * Evaluate policy data that is specific to asymmetric binding.
>>>>     *
>>>>     * @param binding
>>>>     *            The asymmetric binding data
>>>>     * @param rpd
>>>>     *            The WSS4J data to initialize
>>>>     */
>>>>    private static void asymmetricBinding(AsymmetricBinding binding,
>>>>            RampartPolicyData rpd) throws WSSPolicyException {
>>>>        TokenWrapper tokWrapper = binding.getRecipientToken();
>>>>        TokenWrapper tokWrapper1 = binding.getInitiatorToken();
>>>>        if (tokWrapper == null && tokWrapper1 == null) {
>>>>            // this is an error - throw something
>>>>        }
>>>>        rpd.setRecipientToken(((RecipientToken)
>>>> tokWrapper).getReceipientToken());
>>>>        rpd.setInitiatorToken(((InitiatorToken)
>>>> tokWrapper1).getInitiatorToken());
>>>>    }
>>>>
>>>> the key is to make sure Rec<e>ipientToken is included in the binding
>>>> /** in the case of AssymetricBinding ******/
>>>>    public PolicyComponent normalize() {
>>>>
>>>>        if (isNormalized()) {
>>>>            return this;
>>>>        }
>>>>
>>>>        AlgorithmSuite algorithmSuite = getAlgorithmSuite();
>>>>        List configs = algorithmSuite.getConfigurations();
>>>>
>>>>        Policy policy = new Policy();
>>>>        ExactlyOne exactlyOne = new ExactlyOne();
>>>>
>>>>        policy.addPolicyComponent(exactlyOne);
>>>>
>>>>        All wrapper;
>>>>        AsymmetricBinding asymmetricBinding;
>>>>
>>>>        for (Iterator iterator = configs.iterator(); iterator.hasNext();)
>>>> {
>>>>            wrapper = new All();
>>>>            asymmetricBinding = new AsymmetricBinding();
>>>>
>>>>            asymmetricBinding.setAlgorithmSuite((AlgorithmSuite) iterator
>>>>                    .next());
>>>>            asymmetricBinding
>>>>
>>>>  .setEntireHeadersAndBodySignatures(isEntireHeadersAndBodySignatures());
>>>>            asymmetricBinding.setIncludeTimestamp(isIncludeTimestamp());
>>>>            asymmetricBinding.setInitiatorToken(getInitiatorToken());
>>>>            asymmetricBinding.setLayout(getLayout());
>>>>            asymmetricBinding.setProtectionOrder(getProtectionOrder());
>>>>            asymmetricBinding.setRecipientToken(getRecipientToken());
>>>> /********here is where the recipientToken is inserted to the Binding
>>>> *******/
>>>> Martin
>>>> ______________________________________________
>>>> Disclaimer and confidentiality note
>>>> Everything in this e-mail and any attachments relates to the official
>>>> business of Sender. This transmission is of a confidential nature and Sender
>>>> does not endorse distribution to any party other than intended recipient.
>>>> Sender does not necessarily endorse content contained within this
>>>> transmission.
>>>>
>>>>
>>>>
>>>>
>>>> > Date: Wed, 11 Mar 2009 08:55:09 +0100
>>>> > Subject: Re: Adding security header to STSClient in rahas
>>>> > From: Hakon.Sagehaug@bccs.uib.no
>>>> > To: rampart-dev@ws.apache.org
>>>> >
>>>> > Hi
>>>> >
>>>> > Yes, I've got this in the policy
>>>> >
>>>> > <sp:SupportingTokens
>>>> >                 xmlns:sp="
>>>> > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
>>>> >                 <wsp:Policy>
>>>> >                     <sp:UsernameToken
>>>> >                         sp:IncludeToken="
>>>> >
>>>> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient
>>>> "
>>>> > />
>>>> >                 </wsp:Policy>
>>>> >             </sp:SupportingTokens>
>>>> >
>>>> > After I define the symmetricbinding element. Do you know if what I
>>>> asked
>>>> > about how to test if the callback handler should provide a password
to
>>>> the
>>>> > keystore or actually check username and password was correct?
>>>> >
>>>> > cheers, Håkon
>>>> >
>>>> >
>>>> > 2009/3/10 Massimiliano Masi <masi@math.unifi.it>
>>>> >
>>>> > > Hi,
>>>> > >
>>>> > > Did you add in your STS policy something like:
>>>> > >
>>>> > >  <wsp:Policy>
>>>> > >              <sp:UsernameToken sp:IncludeToken="
>>>> > > http://docs.oasis-open.org/ws-s
>>>> > > x/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
>>>> > >                <wsp:Policy>
>>>> > >                        <sp:HashPassword />
>>>> > >                    </wsp:Policy>
>>>> > >              </sp:UsernameToken>
>>>> > >            </wsp:Policy>
>>>> > >
>>>> > >
>>>> > >
>>>> > >
>>>> > > Quoting Håkon Sagehaug <Hakon.Sagehaug@bccs.uib.no>:
>>>> > >
>>>> > >  Hi all,
>>>> > >>
>>>> > >> I wanted to add username/password token in my request to my
sts
>>>> service.
>>>> > >> I'm
>>>> > >> using the STSClient from rahas and tried with this
>>>> > >>
>>>> > >> Options options = new Options();
>>>> > >>        options.setUserName("user");
>>>> > >>        options.setPassword("pass");
>>>> > >>        options.setProperty(RampartMessageData.KEY_RAMPART_POLICY,
>>>> > >>                loadPolicy("policy/sts_policy.xml"));
>>>> > >>        stsClient.setOptions(options);
>>>> > >>
>>>> > >> But the messages don't have a security header.
>>>> > >>
>>>> > >> Alos how should I configure the callback handler, since it
need to
>>>> both
>>>> > >> validate the username password and fetch the certificate for
>>>> validating
>>>> > >> the
>>>> > >> signed message. Should it be something like this
>>>> > >>
>>>> > >> if(pwcb.getUsage() == WSPasswordCallback.USERNAME_TOKEN){
>>>> > >>   /* Do password validation*/
>>>> > >> }
>>>> > >>
>>>> > >> if(pwcb.getUsage() == WSPasswordCallback.SIGNATURE){
>>>> > >> /* Do set password for keystore*/
>>>> > >> }
>>>> > >>
>>>> > >> cheers, Håkon
>>>> > >> --
>>>> > >> Håkon Sagehaug, Scientific Programmer
>>>> > >> Parallab, Bergen Center for Computational Science (BCCS)
>>>> > >> UNIFOB AS (University of Bergen Research Company)
>>>> > >>
>>>> > >>
>>>> > >
>>>> > >
>>>> > > ----------------------------------------------------------------
>>>> > > This message was sent using IMP, the Internet Messaging Program.
>>>> > >
>>>> > >
>>>> > >
>>>> >
>>>> >
>>>> > --
>>>> > Håkon Sagehaug, Scientific Programmer
>>>> > Parallab, Bergen Center for Computational Science (BCCS)
>>>> > UNIFOB AS (University of Bergen Research Company)
>>>>
>>>> _________________________________________________________________
>>>> Windows Live™: Life without walls.
>>>> http://windowslive.com/explore?ocid=TXT_TAGLM_WL_allup_1a_explore_032009
>>>
>>>
>>>
>>>
>>> --
>>> Håkon Sagehaug, Scientific Programmer
>>> Parallab, Bergen Center for Computational Science (BCCS)
>>> UNIFOB AS (University of Bergen Research Company)
>>>
>>>
>>>
>>> --
>>> Håkon Sagehaug, Scientific Programmer
>>> Parallab, Bergen Center for Computational Science (BCCS)
>>> UNIFOB AS (University of Bergen Research Company)
>>>
>>
>>
>>
>
>
> --
> Håkon Sagehaug, Scientific Programmer
> Parallab, Bergen Center for Computational Science (BCCS)
> UNIFOB AS (University of Bergen Research Company)
>



-- 
Håkon Sagehaug, Scientific Programmer
Parallab, Bergen Center for Computational Science (BCCS)
UNIFOB AS (University of Bergen Research Company)

Mime
View raw message