ws-wss4j-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ruchith Fernando <ruchith.ferna...@gmail.com>
Subject Re: WSS4J and Kerberos signatures
Date Fri, 18 Nov 2005 16:51:43 GMT
Hi,

On 11/18/05, Laurence Brockman <laurence.brockman@sjrb.ca> wrote:
> Exactly! What I'm wondering though is what are the components that make
> up the QName?
>
> The QName would be calculated using two values, the first being a
> Namespace and the other being a local name (Or local part according to
> the XML specification).
>
> Would the namespace for the Kerberos instance be
> "http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1"
> and the local name be "BinarySecurityToken"?
>
> I read that the namespace above would map to the prefix "wsse" and would
> make the Qname be "wsse: BinarySecurityToken".

Seems like the namespace should be :
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
in the case of wsse:BinarySecurityToken

And the 'ValueType' attribute of wsse:BinarySecurityToken element
should be set appropriately using the URI starting with
http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1

>
> In the draft on page 10 of 19, they have the following line in the
> example:
>
>         <wsse:Security xmlns:wsse="...">
>
> Would the contents of this namespace ("...") be the Kerberos namespace
> (This "http://docs.oasis-open.org/...)?
>
> Once I've done the receiver then I will move on to the sender portion,
> but for now the critical part of the project I am working on is the
> receiver portion. After I've completed the work, would you guys be
> interested in the code I implement?
>
> Thanks!
>
> -----Original Message-----
> From: Werner Dittmann [mailto:Werner.Dittmann@t-online.de]
> Sent: November 17, 2005 11:28 PM
> To: Laurence Brockman
> Cc: dims@apache.org; wss4j-dev@ws.apache.org
> Subject: Re: WSS4J and Kerberos signatures
>
> Laurence,
>
> on the receiver side the code is trigge "automatically" if a
> Kerberos QName is detected and the processor gets loaded.
>
> On the sender side please ahave a look at WSHandler.java,
> doSenderAction(). For the sender you shall define an action
> (similar to the processor at the receiver). Its the same
> technique on both sides (something like a plugin).
>
> Regards,
> Werner
>
> Laurence Brockman wrote:
> > Ok, I feel kind of sheepish about asking this question, but looking at
> > the WSDoAllReceiver code I've begun adding in the hooks for the
> Kerberos
> > code (Adding what I think are the appropriate checks for a new case in
> > various classes) I'm not sure what to do to trigger it to actually
> > execute the new class that I am making.
> >
> > The QName has to match in when looking at the security headers to get
> it
> > to execute the appropriate processor (Kerberos in this case). The
> QName
> > is created based on the NS and LN attribute for other cases and I'm
> > unsure of what to use for the Kerberos cases below to get it to
> > instantiate the appropriate QName object.
> >
> > If anyone could provide some guidance I would definitely appreciate
> it.
> > I believe the name space should be that defined in the draft
> >
> ("http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1")
> > but I'm not sure of this.
> >
> > Here's what I have done so far:
> >
> > In WSConstants.java (This is what I'm not sure of):
> >
> >     /*
> >      * The definitions for Kerberos -- This is what I am unsure of how
> > to set.
> >      */
> >     public static final String KERBEROS_NS = "";
> >     public static final String KERBEROS_LN = "";
> >
> > And
> >
> >     /*
> >      * Added by Laurence Nov 16, 2005 for Kerberos authentication
> >      */
> >     public static final int KERBEROS = 0x400;
> >
> >
> > In WSSConfig:
> >
> >     Added a case to the getProcessor method to return
> > "org.apache.ws.security.processor.KerberosProcessor" when it matches
> > WSSecurityEngine.KERBEROS_TOKEN
> >
> >
> >     /**
> >      * <code>KERBEROS</code> as defined by KERBEROS Specification
> >      */
> >     public static final QName KERBEROS_TOKEN = new
> > QName(WSConstants.KERBEROS_NS, WSConstants.KERBEROS_LN);
> >
> > In WSSecurityEngine:
> >       Added in the new QName to be created:
> >       public static final QName KERBEROS_TOKEN = new
> > QName(WSConstants.KERBEROS_NS, WSConstants.KERBEROS_LN);
> >
> > To WSHandlerConstants:
> >       I added the below constant
> >
> >     /**
> >      * Perform a Kerberos identification.
> >      */
> >     public static final String KERBEROS = "Kerberos";
> >
> > Within decodeAction:
> >             } else if (single[i].equals(WSHandlerConstants.KERBEROS))
> {
> >               doAction |= WSConstants.KERBEROS;
> >               actions.add(new Integer(WSConstants.KERBEROS));
> >               }
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> > For additional commands, e-mail: wss4j-dev-help@ws.apache.org
> >
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
>

Thanks,
--
Ruchith

---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org


Mime
View raw message