ws-fx-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brian Nielsen" <br...@sweetxml.org>
Subject RE: RES: How to configure UsernameTokenSignature
Date Mon, 04 Jul 2005 19:06:29 GMT
Hey Steve

You need to get your addressing stuff enabled by using the addressing
handler.  Look at the small tutorial, it was enough for me [1]. Watchout for
changes in the namespace, since the WS-Adressing spec has been updated since
the version that is implemented i WSE 2.0.

Regards Brian

[1]
http://cvs.apache.org/viewcvs.cgi/ws-addressing/ShortTutorial.txt?rev=1.2&vi
ew=markup




-----Original Message-----
From: Steve Behrendt [mailto:steve@weg.com.br] 
Sent: 4. juli 2005 19:28
To: Werner Dittmann
Cc: fx-dev@ws.apache.org
Subject: RES: RES: How to configure UsernameTokenSignature

Werner,

Thanks for the tip. Now I have another problem. The engine don't signate a
part of the message. It stops with a Exception shown at the bottom of the
Mail. 

.NET with wse2.0 sp3 uses signature based on usernametoken for the
"wsa:Action", "wsa:MessageID", "wsa:ReplayTo", "wsa:To", "wsu:Timestamp" and
the "soap:Body wsu:Id" elements. I began with Timestamp, but it downs't
work.

AxisFault
 faultCode:
{http://schemas.xmlsoap.org/soap/envelope/}Server.generalException
 faultSubcode: 
 faultString: WSDoAllSender: Error during Signatur with UsernameToken
secretorg.apache.ws.security.WSSecurityException: General security error
(WSEncryptBody/WSSignEnvelope: Element to encrypt/sign not found:
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.
0.xsd, Timestamp)
 faultActor: 
 faultNode: 
 faultDetail: 
	{http://xml.apache.org/axis/}stackTrace:WSDoAllSender: Error during
Signatur with UsernameToken
secretorg.apache.ws.security.WSSecurityException: General security error
(WSEncryptBody/WSSignEnvelope: Element to encrypt/sign not found:
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.
0.xsd, Timestamp)
	at
org.apache.ws.axis.security.WSDoAllSender.performUT_SIGNAction(WSDoAllSender
.java:512)
	at
org.apache.ws.axis.security.WSDoAllSender.invoke(WSDoAllSender.java:336)
	at
org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:
32)
	at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
	at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
	at org.apache.axis.client.AxisClient.invoke(AxisClient.java:127)
	at org.apache.axis.client.Call.invokeEngine(Call.java:2765)
	at org.apache.axis.client.Call.invoke(Call.java:2748)
	at org.apache.axis.client.Call.invoke(Call.java:2424)
	at org.apache.axis.client.Call.invoke(Call.java:2347)
	at org.apache.axis.client.Call.invoke(Call.java:1804)
	at
net.weg.service.ServiceInterfaceStub.getClientes(ServiceInterfaceStub.java:2
84)
	at net.weg.service.client.main(client.java:95)

	{http://xml.apache.org/axis/}hostname:brjgsd181091

WSDoAllSender: Error during Signatur with UsernameToken
secretorg.apache.ws.security.WSSecurityException: General security error
(WSEncryptBody/WSSignEnvelope: Element to encrypt/sign not found:
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.
0.xsd, Timestamp)
	at
org.apache.ws.axis.security.WSDoAllSender.performUT_SIGNAction(WSDoAllSender
.java:512)
	at
org.apache.ws.axis.security.WSDoAllSender.invoke(WSDoAllSender.java:336)
	at
org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:
32)
	at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
	at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
	at org.apache.axis.client.AxisClient.invoke(AxisClient.java:127)
	at org.apache.axis.client.Call.invokeEngine(Call.java:2765)
	at org.apache.axis.client.Call.invoke(Call.java:2748)
	at org.apache.axis.client.Call.invoke(Call.java:2424)
	at org.apache.axis.client.Call.invoke(Call.java:2347)
	at org.apache.axis.client.Call.invoke(Call.java:1804)
	at
net.weg.service.ServiceInterfaceStub.getClientes(ServiceInterfaceStub.java:2
84)

	at net.weg.service.client.main(client.java:95)

Here is my .wsdd-File:

<deployment xmlns="http://xml.apache.org/axis/wsdd/"
            xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
         
<globalConfiguration >
	<requestFlow>
		<handler
type="java:org.apache.ws.axis.security.WSDoAllSender" >
  			<parameter name="action"
value="UsernameTokenSignature Timestamp" />
	   		<parameter name="passwordCallbackClass"
value="net.weg.service.PWCallback" />

	   		<parameter name="signatureParts"
value="{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wss
ecurity-secext-1.0.xsd}Timestamp" />
		</handler>
	</requestFlow>
</globalConfiguration>  

<transport name="java"
pivot="java:org.apache.axis.transport.java.JavaSender"/>
<transport name="http"
pivot="java:org.apache.axis.transport.http.HTTPSender"/>
<transport name="local"
pivot="java:org.apache.axis.transport.local.LocalSender"/>
 
</deployment>

Any idea?
Thanks!!!

Steve

-----Mensagem original-----
De: Werner Dittmann [mailto:Werner.Dittmann@t-online.de]
Enviada em: sábado, 2 de julho de 2005 07:42
Para: Steve Behrendt
Cc: fx-dev@ws.apache.org
Assunto: Re: RES: How to configure UsernameTokenSignature


Steve,

just remove the action that you don't want from the scenarios, e.g the
encrypt.

On the Callback problem: as the deployment setup overwrights the progeamatic
setup the "passwordCallbackClass parameter"
will be used by the handler. As I can see you define a java source file here
- not a class. pls check your setup and fix it.

Regards,
Werner

Steve Behrendt schrieb:
> Werner,
> 
> 
>>AFAIK the Secnario 3a (or 2a?) of the interop scenarios show ho to use 
>>the stuff.
> 
> 
> The Problem is that the stuff is only shown with encryption etc. But I
only want to use a signature base on the UsernameToken - for an
implementation with Microsoft .NET.
> But when I call the method of the service, the handler
(PasswordCallBackHandler) is not passed.
> 
> My Handler:
> 
> <deployment xmlns="http://xml.apache.org/axis/wsdd/"
>             
> xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
>          
> <globalConfiguration >
> 	<requestFlow>
> 		<handler
type="java:org.apache.ws.axis.security.WSDoAllSender" >
>   			<parameter name="action"
value="UsernameTokenSignature" />
> 	   		<parameter name="passwordCallbackClass"
value="net.weg.service.PWCallback.java" />
> 		</handler>
> 	</requestFlow>
> </globalConfiguration>
> 
> <transport name="java" 
> pivot="java:org.apache.axis.transport.java.JavaSender"/>
> <transport name="http" 
> pivot="java:org.apache.axis.transport.http.HTTPSender"/>
> <transport name="local" 
> pivot="java:org.apache.axis.transport.local.LocalSender"/>
>  
> </deployment>
> 
> and thats a part of my client:
> 
> 		PWCallback pwCallback = new PWCallback();
> 		ServiceInterfaceStub axisPort =
(ServiceInterfaceStub)service;
> 		
> 		axisPort._setProperty(WSHandlerConstants.USER, usuario);
//fixe o usuario
> 		
> axisPort._setProperty(WSHandlerConstants.PW_CALLBACK_REF,pwCallback); 
> //fixe a classe //do handler
> 
> The Message is sent, but hasn't a Header with the UsenameToken or the
Signature.
> 
> 
> For a little bit of help,
> i'm very gratefully.
> 
> STEVE
> 
> 
> -----Mensagem original-----
> De: Dittmann, Werner [mailto:werner.dittmann@siemens.com]
> Enviada em: quarta-feira, 29 de junho de 2005 11:33
> Para: Steve Behrendt; fx-dev@ws.apache.org
> Assunto: AW: How to configure UsernameTokenSignature
> 
> 
> Steve,
> 
> AFAIK the Secnario 3a (or 2a?) of the interop scenarios show ho to use 
> the stuff.
> 
> We've not fully tested interop with Microsoft or others.
> 
> Regards,
> Werner
> 
> 
>>-----Ursprüngliche Nachricht-----
>>Von: Steve Behrendt [mailto:steve@weg.com.br]
>>Gesendet: Mittwoch, 29. Juni 2005 14:36
>>An: fx-dev@ws.apache.org
>>Betreff: RES: How to configure UsernameTokenSignature
>>
>>
>>Hi,
>>
>>Is there now an existing implementation of the UsernameTokenSignature 
>>"Problem"?
>>Because my implementation is using only a UsernameToken and I want to 
>>implement more security, but without using keys.
>>
>>Greets,
>>Steve
>>
>>-----Mensagem original-----
>>De: Davanum Srinivas [mailto:davanum@gmail.com] Enviada em: 
>>terça-feira, 21 de junho de 2005 10:53
>>Para: Dittmann, Werner
>>Cc: Granqvist, Hans; fx-dev@ws.apache.org
>>Assunto: Re: How to configure UsernameTokenSignature
>>
>>
>>Hi Werner,
>>
>>updated the specs directory. Please take a look and let me know if you 
>>need something else.
>>
>>-- dims
>>
>>On 6/21/05, Dittmann, Werner <werner.dittmann@siemens.com> wrote:
>>
>>>Hans,
>>>
>>>are the drafts publicly available? Can't find them on the OASIS WSS 
>>>pages.
>>>
>>>Regards,
>>>Werner
>>>
>>>
>>>>-----Ursprüngliche Nachricht-----
>>>>Von: Granqvist, Hans [mailto:hgranqvist@verisign.com]
>>>>Gesendet: Montag, 20. Juni 2005 17:31
>>>>An: fx-dev@ws.apache.org
>>>>Betreff: RE: How to configure UsernameTokenSignature
>>>>
>>>>
>>>>
>>>>><quote>
>>>>>The Username Token profile does not currently define a key 
>>>>>derivation algorithm. The OASIS WSS TC is expected to address this 
>>>>>issue in a subsequent specification. </quote>
>>>>
>>>>The latest (March 2005 and onward) WSS 1.1 draft of the 
>>>>UsernameToken profile defines key derivation in section 4.
>>>>
>>>>Hans
>>>>
>>>
>>
>>--
>>Davanum Srinivas -http://blogs.cocoondev.org/dims/
>>
> 
> 



Mime
View raw message