ws-wss4j-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Laurence Brockman <>
Subject RE: WSS4J and Kerberos signatures
Date Fri, 18 Nov 2005 16:30:08 GMT
Exactly! What I'm wondering though is what are the components that make
up the QName?

The QName would be calculated using two values, the first being a
Namespace and the other being a local name (Or local part according to
the XML specification).

Would the namespace for the Kerberos instance be
and the local name be "BinarySecurityToken"?

I read that the namespace above would map to the prefix "wsse" and would
make the Qname be "wsse: BinarySecurityToken".

In the draft on page 10 of 19, they have the following line in the

	<wsse:Security xmlns:wsse="...">

Would the contents of this namespace ("...") be the Kerberos namespace
(This "

Once I've done the receiver then I will move on to the sender portion,
but for now the critical part of the project I am working on is the
receiver portion. After I've completed the work, would you guys be
interested in the code I implement?


-----Original Message-----
From: Werner Dittmann [] 
Sent: November 17, 2005 11:28 PM
To: Laurence Brockman
Subject: Re: WSS4J and Kerberos signatures


on the receiver side the code is trigge "automatically" if a
Kerberos QName is detected and the processor gets loaded.

On the sender side please ahave a look at,
doSenderAction(). For the sender you shall define an action
(similar to the processor at the receiver). Its the same
technique on both sides (something like a plugin).


Laurence Brockman wrote:
> Ok, I feel kind of sheepish about asking this question, but looking at
> the WSDoAllReceiver code I've begun adding in the hooks for the
> code (Adding what I think are the appropriate checks for a new case in
> various classes) I'm not sure what to do to trigger it to actually
> execute the new class that I am making.
> The QName has to match in when looking at the security headers to get
> to execute the appropriate processor (Kerberos in this case). The
> is created based on the NS and LN attribute for other cases and I'm
> unsure of what to use for the Kerberos cases below to get it to
> instantiate the appropriate QName object.
> If anyone could provide some guidance I would definitely appreciate
> I believe the name space should be that defined in the draft
> but I'm not sure of this.
> Here's what I have done so far:
> In (This is what I'm not sure of):
>     /*
>      * The definitions for Kerberos -- This is what I am unsure of how
> to set.
>      */
>     public static final String KERBEROS_NS = "";
>     public static final String KERBEROS_LN = "";
> And
>     /*
>      * Added by Laurence Nov 16, 2005 for Kerberos authentication
>      */
>     public static final int KERBEROS = 0x400;
> In WSSConfig:
>     Added a case to the getProcessor method to return
> "" when it matches
>     /**
>      * <code>KERBEROS</code> as defined by KERBEROS Specification
>      */
>     public static final QName KERBEROS_TOKEN = new
> QName(WSConstants.KERBEROS_NS, WSConstants.KERBEROS_LN);
> In WSSecurityEngine:
> 	Added in the new QName to be created:
> 	public static final QName KERBEROS_TOKEN = new
> QName(WSConstants.KERBEROS_NS, WSConstants.KERBEROS_LN);
> To WSHandlerConstants:
> 	I added the below constant
>     /**
>      * Perform a Kerberos identification.
>      */
>     public static final String KERBEROS = "Kerberos";
> Within decodeAction:
>             } else if (single[i].equals(WSHandlerConstants.KERBEROS))
>             	doAction |= WSConstants.KERBEROS;
>             	actions.add(new Integer(WSConstants.KERBEROS));
> 		}
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message