Hi
Samisa, Dinesh, and John,
Thanks
for taking on my WS-Security question.
I've
got a Linux C++ application that I'm modifying to send web services requests to
a Microsoft WS server that is implementing the Web Services Enhancements (WSE)
package that includes WS-Security. I have no choice in the server as we
are a third party developer that is integrating our product into an existing
system (and we're not a Microsoft shop to boot -- so not taking on a MS WS
client!). I've had them turn off the security stuff on the dev system
we're testing against so I can continue my application dev/testing but the
WS-Security obviously needs to be in place for us to go to
production.
This
is the format of soap messages I am required to support:
<?xml
version="1.0" encoding="utf-16"?>
<soap:Envelope
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<soap:Header>
<wsrp:path soap:actor="http://schemas.xmlsoap.org/soap/actor/next"
soap:mustUnderstand="1"
xmlns:wsrp="http://schemas.xmlsoap.org/rp">
<wsrp:action wsu:Id="Id-d579335c-2dd7-456c-8858-7ef6942b5de1"
xmlns:wsu="http://schemas.xmlsoap.org/ws/2002/07/utility">http://webservices.cox.com/CustomerProfile/GetProfileByAccountNumberAndSiteId</wsrp:action>
<wsrp:to wsu:Id="Id-82b10467-2f1d-49ca-a473-51f5322ccba9"
xmlns:wsu="http://schemas.xmlsoap.org/ws/2002/07/utility">http://iwslib/cox.web.services.profile/ServiceCustomer.asmx</wsrp:to>
<wsrp:id wsu:Id="Id-ff1f9f68-3c2c-4241-9dde-13615792f440"
xmlns:wsu="http://schemas.xmlsoap.org/ws/2002/07/utility">uuid:0c58b657-0242-4e43-9bf7-68904b9e6294</wsrp:id>
</wsrp:path>
<wsu:Timestamp
xmlns:wsu="http://schemas.xmlsoap.org/ws/2002/07/utility">
<wsu:Created
wsu:Id="Id-d76e05cc-0cfc-4bb4-b488-fbbab35f3f78">2005-05-11T14:41:07Z</wsu:Created>
<wsu:Expires
wsu:Id="Id-0519fa62-4a7f-4c78-bfaf-770819003582">2005-05-11T14:46:07Z</wsu:Expires>
</wsu:Timestamp>
<wsse:Security soap:mustUnderstand="1"
xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/07/secext">
<wsse:UsernameToken
xmlns:wsu="http://schemas.xmlsoap.org/ws/2002/07/utility"
wsu:Id="SecurityToken-9d8ff073-b0ea-41a7-ae7f-c76f5b6558b0">
<wsse:Username>webserviceuser</wsse:Username>
<wsse:Password
Type="wsse:PasswordText">aa</wsse:Password>
<wsse:Nonce>xmOrtuc7SgN2QoFJgBk8uw==</wsse:Nonce>
<wsu:Created>2005-05-11T14:41:07Z</wsu:Created>
</wsse:UsernameToken>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"
/>
<Reference
URI="#Id-da5e3a0c-295a-4cb3-80cc-7d823fc48e3a">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
/>
<DigestValue>qRU8kf9YQDtevGGRLqbJ7k5biuc=</DigestValue>
</Reference>
<Reference
URI="#Id-d579335c-2dd7-456c-8858-7ef6942b5de1">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
/>
<DigestValue>FMEJoIBD7T0uXY3eizSz0oiwzRE=</DigestValue>
</Reference>
<Reference
URI="#Id-82b10467-2f1d-49ca-a473-51f5322ccba9">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
/>
<DigestValue>wdST6LxVV+0XOZ7xqhVe9zIJ2G4=</DigestValue>
</Reference>
<Reference
URI="#Id-ff1f9f68-3c2c-4241-9dde-13615792f440">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
/>
<DigestValue>2MJUGSiUzDLBFyDAH0OrJP46R6k=</DigestValue>
</Reference>
<Reference
URI="#Id-d76e05cc-0cfc-4bb4-b488-fbbab35f3f78">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
/>
<DigestValue>cqRYyBRHatKNRvAQM01OrvBERyw=</DigestValue>
</Reference>
<Reference
URI="#Id-0519fa62-4a7f-4c78-bfaf-770819003582">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
/>
<DigestValue>j6AxeTlBcpfKuVJHD1TvoMuEaes=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>IwEDjgV/jC/HjyXPxyzaF738eZc=</SignatureValue>
<KeyInfo>
<wsse:SecurityTokenReference>
<wsse:Reference URI="#SecurityToken-9d8ff073-b0ea-41a7-ae7f-c76f5b6558b0"
/>
</wsse:SecurityTokenReference>
</KeyInfo>
</Signature>
</wsse:Security>
</soap:Header>
<soap:Body
wsu:Id="Id-da5e3a0c-295a-4cb3-80cc-7d823fc48e3a"
xmlns:wsu="http://schemas.xmlsoap.org/ws/2002/07/utility">
<GetProfileByAccountNumberAndSiteId
xmlns="http://webservices.cox.com/CustomerProfile">
<accountNumber9 />
<siteId>0</siteId>
</GetProfileByAccountNumberAndSiteId>
</soap:Body>
</soap:Envelope>
It sounds like you guys have done alot of good work on
this. What are the chances of getting it completed in the near
future? Other than me trying to hack something to make it work, do I have
any other options?
Thanks again,
pat
-----Original Message-----
From: John Hawkins [mailto:[EMAIL PROTECTED]
Sent: Thursday, May 12, 2005 3:30 AM
To: Apache AXIS C User List
Subject: Re: WS-Security
So, it doesn't sound like we're that far off - if we just implement the getSOAPBodyAsString() method then we would be able to have ws-security on client-side (at least)?
Din%$h <[EMAIL PROTECTED]> 12/05/2005 10:21
Please respond to
"Apache AXIS C User List"
ToApache AXIS C User List <axis-c-user@ws.apache.org> cc SubjectRe: WS-Security
Hi John,
Let me breif what we tried to do.
When Client make a request , we get the Body from the serializer and Encrypt it again set those encrypted Body to the message. At the server end we got the encrypted message from the deserializer and decrypted it. and get the original message. For the response flow also scenario remains same. We hoped to do it using an handler.
Since there was a method called getBodyAsString(), (as I remember). We creadted DOM tree using that body. ( If we could get Object Model that was easier).
giving soap message as a String I was able to Encrypt it and Giving that Encrypt message I was able to got that original message too.
Since there wasn't a way to get acess to the Body( getSoapBodyAsString () or any other method which can access body didn't implemented at that time). We didn't able to integrate it with axis using a handler.
regards,
Dinesh
On 5/12/05, John Hawkins <[EMAIL PROTECTED]> wrote:
Hi Dinesh,
Can I ask - how you wanted that soap body?
Would you need a byte stream or an object model?
Was this client or server side or both?
Was it on the outgoing or incoming message or both?
cheers,
John.
Din%$h <[EMAIL PROTECTED]> 12/05/2005 08:07
Please respond to
"Apache AXIS C User List"
ToApache AXIS C User List <axis-c-user@ws.apache.org > cc SubjectRe: WS-Security
Hi,
Both Sameera and my self had worked on this (WSS4C). We needed to get body of Soap Message through a handler.( from Serilizer). But Unfortunately It was not implemented at that time.( It was commented /* To do */). There were some threads discussing about those methods.
We were unable to get access to the Body of the Soap message through a handler.So we
stopped at that point. ( Until those methods are implemented )
http://wiki.apache.org/ws/WSS4C
I don't know whether some one is working on this Project now.
thanx,
Dinesh
On 5/12/05, Samisa Abeysinghe <[EMAIL PROTECTED] > wrote:
There were some efforts and there were some improvements proposed to the
current engine to help implement WS-Security ,like opening up the SOAP
body in handlers. But we did not hear from anyone on this lately.
Is there anyone working on WS-Sec at the moment?
Thanks,
Samisa...
-----Original Message-----
From: Patrick Heffernan [mailto:[EMAIL PROTECTED] ]
Sent: Thursday, May 12, 2005 12:14 PM
To: axis-c-user@ws.apache.org
Subject: WS-Security
I apologize if I've missed this in some publication. What is the plan
for Axis C++ support WS-Security? I've got a project that requires the
WSE Username/Password token and I'm trying to determine what options are
available to me.
Thanks, pat
--
W.Dinesh Premalal
[EMAIL PROTECTED]
http://www.cse.mrt.ac.lk/~premalwd/
--
W.Dinesh Premalal
[EMAIL PROTECTED]
http://www.cse.mrt.ac.lk/~premalwd/