ws-fx-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Aws Ismail" <aws.ism...@tatweersoftware.com>
Subject Cascaded security tokens order and the Configuration
Date Sat, 09 Jul 2005 16:57:03 GMT
I have configured my web service client to Use WSDoAllSender to sign the
soap request (create Signature token) and to also to create a Username token
like this:

 

<deployment xmlns="http://xml.apache.org/axis/wsdd/"
xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">

      <transport name="http"
pivot="java:org.apache.axis.transport.http.HTTPSender" />

      <globalConfiguration>

            <requestFlow>

                  <handler
type="java:org.apache.ws.axis.security.WSDoAllSender">

                        <parameter name="user" value="user1" />

                        <parameter name="passwordCallbackClass"
value="PWCallback" />

                        <parameter name="action" value="Signature
NoSerialization" />

                        <parameter name="signaturePropFile"
value="crypto.properties" />

                        <parameter name="mustUnderstand" value="0" />

                  </handler>

                  <handler
type="java:org.apache.ws.axis.security.WSDoAllSender">

                        <parameter name="action" value="UsernameToken" />

                        <parameter name="user" value="User1" />

                        <parameter name="passwordCallbackClass"
value="PWCallback" />

                        <parameter name="passwordType" value="digested" />

                        <parameter name="mustUnderstand" value="0" />

                  </handler>

            </requestFlow >

      </globalConfiguration >

</deployment>

 

And in the Server configuration is: 

 

<handler type="java:org.apache.ws.axis.security.WSDoAllReceiver">

<parameter name="passwordCallbackClass" value="PWCallback" />

      <parameter name="action" value="Signature UsernameToken" />

      <parameter name="signaturePropFile" value="crypto.properties" />

</handler>

 

Question 1:

Everything works fine if the order of security tokens in the client side was
like above, however it does not work if they were revered?! And I don't have
the control on all the clients to send first the user token then the
signature in the Security header all the times?

 

Question 2:

The PWCallback class required that I have to set the password for the
identifier (on the server side) so that it can be authenticated; I have the
need to authenticate through the LDAP, what is the best way to accomplish
this?

 

Question 3:

I could configure the crypto.properties to read the needed keys for signing
and validating the signature from a keystore stored on the file system, how
can I configure Merlin to utilize Digital Certificates stored in LDAP to do
the Signature Validation?

 

 

Thanks in advanced.

 

Aws Ismail

 


Mime
View raw message