ws-fx-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dittmann, Werner" <werner.dittm...@siemens.com>
Subject AW: RES: How to configure UsernameTokenSignature
Date Tue, 05 Jul 2005 06:27:37 GMT
Steve.

about the problem "Timestamp" not found, just
reverse the actions. That is do "Timestamp"
first, then the Signature. The handler works
from left to right, builds up the request
as it works thru the actions. This, you try
to perform a Signature of en element that is 
not yet build into the request.

Regards,
Werner

> -----Ursprüngliche Nachricht-----
> Von: Steve Behrendt [mailto:steve@weg.com.br] 
> Gesendet: Montag, 4. Juli 2005 19:28
> An: Werner Dittmann
> Cc: fx-dev@ws.apache.org
> Betreff: RES: RES: How to configure UsernameTokenSignature
> 
> 
> Werner,
> 
> Thanks for the tip. Now I have another problem. The engine 
> don't signate a part of the message. It stops with a 
> Exception shown at the bottom of the Mail. 
> 
> .NET with wse2.0 sp3 uses signature based on usernametoken 
> for the "wsa:Action", "wsa:MessageID", "wsa:ReplayTo", 
> "wsa:To", "wsu:Timestamp" and the "soap:Body wsu:Id" 
> elements. I began with Timestamp, but it downs't work.
> 
> AxisFault
>  faultCode: 
> {http://schemas.xmlsoap.org/soap/envelope/}Server.generalException
>  faultSubcode: 
>  faultString: WSDoAllSender: Error during Signatur with 
> UsernameToken 
> secretorg.apache.ws.security.WSSecurityException: General 
> security error (WSEncryptBody/WSSignEnvelope: Element to 
> encrypt/sign not found: 
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecu
> rity-secext-1.0.xsd, Timestamp)
>  faultActor: 
>  faultNode: 
>  faultDetail: 
> 	{http://xml.apache.org/axis/}stackTrace:WSDoAllSender: 
> Error during Signatur with UsernameToken 
> secretorg.apache.ws.security.WSSecurityException: General 
> security error (WSEncryptBody/WSSignEnvelope: Element to 
> encrypt/sign not found: 
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecu
> rity-secext-1.0.xsd, Timestamp)
> 	at 
> org.apache.ws.axis.security.WSDoAllSender.performUT_SIGNAction
> (WSDoAllSender.java:512)
> 	at 
> org.apache.ws.axis.security.WSDoAllSender.invoke(WSDoAllSender
> .java:336)
> 	at 
> org.apache.axis.strategies.InvocationStrategy.visit(Invocation
> Strategy.java:32)
> 	at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
> 	at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
> 	at org.apache.axis.client.AxisClient.invoke(AxisClient.java:127)
> 	at org.apache.axis.client.Call.invokeEngine(Call.java:2765)
> 	at org.apache.axis.client.Call.invoke(Call.java:2748)
> 	at org.apache.axis.client.Call.invoke(Call.java:2424)
> 	at org.apache.axis.client.Call.invoke(Call.java:2347)
> 	at org.apache.axis.client.Call.invoke(Call.java:1804)
> 	at 
> net.weg.service.ServiceInterfaceStub.getClientes(ServiceInterf
> aceStub.java:284)
> 	at net.weg.service.client.main(client.java:95)
> 
> 	{http://xml.apache.org/axis/}hostname:brjgsd181091
> 
> WSDoAllSender: Error during Signatur with UsernameToken 
> secretorg.apache.ws.security.WSSecurityException: General 
> security error (WSEncryptBody/WSSignEnvelope: Element to 
> encrypt/sign not found: 
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecu
> rity-secext-1.0.xsd, Timestamp)
> 	at 
> org.apache.ws.axis.security.WSDoAllSender.performUT_SIGNAction
> (WSDoAllSender.java:512)
> 	at 
> org.apache.ws.axis.security.WSDoAllSender.invoke(WSDoAllSender
> .java:336)
> 	at 
> org.apache.axis.strategies.InvocationStrategy.visit(Invocation
> Strategy.java:32)
> 	at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
> 	at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
> 	at org.apache.axis.client.AxisClient.invoke(AxisClient.java:127)
> 	at org.apache.axis.client.Call.invokeEngine(Call.java:2765)
> 	at org.apache.axis.client.Call.invoke(Call.java:2748)
> 	at org.apache.axis.client.Call.invoke(Call.java:2424)
> 	at org.apache.axis.client.Call.invoke(Call.java:2347)
> 	at org.apache.axis.client.Call.invoke(Call.java:1804)
> 	at 
> net.weg.service.ServiceInterfaceStub.getClientes(ServiceInterf
> aceStub.java:284)
> 
> 	at net.weg.service.client.main(client.java:95)
> 
> Here is my .wsdd-File:
> 
> <deployment xmlns="http://xml.apache.org/axis/wsdd/"
>             
> xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
>          
> <globalConfiguration >
> 	<requestFlow>
> 		<handler 
> type="java:org.apache.ws.axis.security.WSDoAllSender" >
>   			<parameter name="action" 
> value="UsernameTokenSignature Timestamp" />
> 	   		<parameter name="passwordCallbackClass" 
> value="net.weg.service.PWCallback" />				
> 								  
> 	   		<parameter name="signatureParts" 
> value="{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-
> 200401-wss-wssecurity-secext-1.0.xsd}Timestamp" />
> 		</handler>
> 	</requestFlow>
> </globalConfiguration>  
> 
> <transport name="java" 
> pivot="java:org.apache.axis.transport.java.JavaSender"/>
> <transport name="http" 
> pivot="java:org.apache.axis.transport.http.HTTPSender"/>
> <transport name="local" 
> pivot="java:org.apache.axis.transport.local.LocalSender"/>
>  
> </deployment>
> 
> Any idea?
> Thanks!!!
> 
> Steve
> 
> -----Mensagem original-----
> De: Werner Dittmann [mailto:Werner.Dittmann@t-online.de]
> Enviada em: sábado, 2 de julho de 2005 07:42
> Para: Steve Behrendt
> Cc: fx-dev@ws.apache.org
> Assunto: Re: RES: How to configure UsernameTokenSignature
> 
> 
> Steve,
> 
> just remove the action that you don't want from the scenarios, e.g
> the encrypt.
> 
> On the Callback problem: as the deployment setup overwrights the
> progeamatic setup the "passwordCallbackClass parameter"
> will be used by the handler. As I can see you define a java
> source file here - not a class. pls check your setup and fix
> it.
> 
> Regards,
> Werner
> 
> Steve Behrendt schrieb:
> > Werner,
> > 
> > 
> >>AFAIK the Secnario 3a (or 2a?) of the interop scenarios
> >>show ho to use the stuff. 
> > 
> > 
> > The Problem is that the stuff is only shown with encryption 
> etc. But I only want to use a signature base on the 
> UsernameToken - for an implementation with Microsoft .NET.
> > But when I call the method of the service, the handler 
> (PasswordCallBackHandler) is not passed.
> > 
> > My Handler:
> > 
> > <deployment xmlns="http://xml.apache.org/axis/wsdd/"
> >             
> xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
> >          
> > <globalConfiguration >
> > 	<requestFlow>
> > 		<handler 
> type="java:org.apache.ws.axis.security.WSDoAllSender" >
> >   			<parameter name="action" 
> value="UsernameTokenSignature" />
> > 	   		<parameter name="passwordCallbackClass" 
> value="net.weg.service.PWCallback.java" />
> > 		</handler>
> > 	</requestFlow>
> > </globalConfiguration>  
> > 
> > <transport name="java" 
> pivot="java:org.apache.axis.transport.java.JavaSender"/>
> > <transport name="http" 
> pivot="java:org.apache.axis.transport.http.HTTPSender"/>
> > <transport name="local" 
> pivot="java:org.apache.axis.transport.local.LocalSender"/>
> >  
> > </deployment>
> > 
> > and thats a part of my client:
> > 
> > 		PWCallback pwCallback = new PWCallback();
> > 		ServiceInterfaceStub axisPort = 
> (ServiceInterfaceStub)service;
> > 		
> > 		axisPort._setProperty(WSHandlerConstants.USER, 
> usuario); //fixe o usuario
> > 		
> axisPort._setProperty(WSHandlerConstants.PW_CALLBACK_REF,pwCal
> lback); //fixe a classe //do handler
> > 
> > The Message is sent, but hasn't a Header with the 
> UsenameToken or the Signature.
> > 
> > 
> > For a little bit of help,
> > i'm very gratefully.
> > 
> > STEVE
> > 
> > 
> > -----Mensagem original-----
> > De: Dittmann, Werner [mailto:werner.dittmann@siemens.com]
> > Enviada em: quarta-feira, 29 de junho de 2005 11:33
> > Para: Steve Behrendt; fx-dev@ws.apache.org
> > Assunto: AW: How to configure UsernameTokenSignature
> > 
> > 
> > Steve,
> > 
> > AFAIK the Secnario 3a (or 2a?) of the interop scenarios
> > show ho to use the stuff. 
> > 
> > We've not fully tested interop with Microsoft or others.
> > 
> > Regards,
> > Werner
> > 
> > 
> >>-----Ursprüngliche Nachricht-----
> >>Von: Steve Behrendt [mailto:steve@weg.com.br] 
> >>Gesendet: Mittwoch, 29. Juni 2005 14:36
> >>An: fx-dev@ws.apache.org
> >>Betreff: RES: How to configure UsernameTokenSignature
> >>
> >>
> >>Hi,
> >>
> >>Is there now an existing implementation of the 
> >>UsernameTokenSignature "Problem"?
> >>Because my implementation is using only a UsernameToken and I 
> >>want to implement more security, but without using keys.
> >>
> >>Greets,
> >>Steve
> >>
> >>-----Mensagem original-----
> >>De: Davanum Srinivas [mailto:davanum@gmail.com]
> >>Enviada em: terça-feira, 21 de junho de 2005 10:53
> >>Para: Dittmann, Werner
> >>Cc: Granqvist, Hans; fx-dev@ws.apache.org
> >>Assunto: Re: How to configure UsernameTokenSignature
> >>
> >>
> >>Hi Werner,
> >>
> >>updated the specs directory. Please take a look and let me 
> know if you
> >>need something else.
> >>
> >>-- dims
> >>
> >>On 6/21/05, Dittmann, Werner <werner.dittmann@siemens.com> wrote:
> >>
> >>>Hans,
> >>>
> >>>are the drafts publicly available? Can't find
> >>>them on the OASIS WSS pages.
> >>>
> >>>Regards,
> >>>Werner
> >>>
> >>>
> >>>>-----Ursprüngliche Nachricht-----
> >>>>Von: Granqvist, Hans [mailto:hgranqvist@verisign.com]
> >>>>Gesendet: Montag, 20. Juni 2005 17:31
> >>>>An: fx-dev@ws.apache.org
> >>>>Betreff: RE: How to configure UsernameTokenSignature
> >>>>
> >>>>
> >>>>
> >>>>><quote>
> >>>>>The Username Token profile does not currently define a key
> >>>>>derivation algorithm. The OASIS WSS TC is expected to address
> >>>>>this issue in a subsequent specification. </quote>
> >>>>
> >>>>The latest (March 2005 and onward) WSS 1.1 draft of the
> >>>>UsernameToken profile defines key derivation in section 4.
> >>>>
> >>>>Hans
> >>>>
> >>>
> >>
> >>-- 
> >>Davanum Srinivas -http://blogs.cocoondev.org/dims/
> >>
> > 
> > 
> 
> 

Mime
View raw message