Hi Dennis,
Thanks Dennis for this valuable feedback! and will definitely work on
providing better documentation.
Actually its possible to configure rampart dynamically using different
keys :-) (I know I should have this documented). This is shown here
[1] in the getOutflowConfiguration() method where we define two
actions to sign twice with two users. Note the use of the overloaded
constructor and ofc.nextAction(); method.
Right now I'm doing some changes to Rampart to provide a WS-SecPoicy
based configuration. Will keep you posted on the progress.
Thanks,
Ruchith
[1]
https://svn.apache.org/repos/asf/webservices/axis2/trunk/java/modules/integration/test/org/apache/axis2/security/Scenario5Test.java
On 8/21/06, Dennis Sosnoski <[EMAIL PROTECTED]> wrote:
I understood about configuring multiple actions - the part that was
confusing me was how to use different keys or certificates for the
different actions. I'm guessing you handle that by using the setUser()
method to identify the key used for signing, and the setEncryptionUser()
method to identify the certificate used for encryption. That still
leaves a lot of unknowns for the cases I was trying to handle, though.
What if you want to use multiple keys for different signatures, for
instance? I also found the callback approach to obtaining the passwords
a little cumbersome for my purposes.
In my case I needed to work with older Microsoft server code, including
pre-submission WS-Addressing, so going direct was really easier than
trying to fit this into Axis2. The WSS4J JavaDocs are also somewhat
easier for me to understand than the current Rampart documentation. Once
you've got some better documentation in place I'm sure Rampart is going
to be great for Axis2 users.
- Dennis
Ruchith Fernando wrote:
> On 8/21/06, Dennis Sosnoski <[EMAIL PROTECTED]> wrote:
>> Hi Ruchith,
>>
>> I'd looked at these samples before writing my email. It's not very clear
>> from the presentation slides exactly what some of the samples are doing,
>> so I hadn't realized this one matched what I was looking for.
>
> I will try to add some details to explain what each sample does.
> Sample 11 shows how to combine different actions and to configure it
> dynamically using the InflowConfiguration and OutflowConfiguration
> instances.
>
> Example: Following configures rampart to add a Timestamp and sign and
> encrypt the outgoing message:
>
> OutflowConfiguration ofc = new OutflowConfiguration();
> ofc.setActionItems("Timestamp Signature Encrypt");
>
> Thanks,
> Ruchith
>
>>
>> In any case, I'd already decided to switch to just using WSS4J directly.
>> For what I'm doing the Axis2 benefits would have been minimal, and using
>> WSS4J directly gives me full control over the security details. I was
>> surprised that I immediately ran into a bug in WSS4J, but I fixed it and
>> now everything looks good.
>>
>> - Dennis
>>
>> Ruchith Fernando wrote:
>> > Hi Dennis,
>> >
>> > Please have a look at Sample 11 in the samples provided with this [1]
>> > presentation. That has answers to both questions.
>> >
>> > Thanks,
>> > Ruchith
>> >
>> > [1]
>> > http://www.wso2.net/presentations/wss4j/java/2006/08/04/apache-rampart
>> >
>> > On 8/17/06, Dennis Sosnoski <[EMAIL PROTECTED]> wrote:
>> >> Hi Ruchith,
>> >>
>> >> I've been trying to do some similar things with Rampart, and running
>> >> into a few unknowns. First off, how do I set the configuration to do
>> >> multiple steps in the outflow and inflow? In my case, I need to
>> sign the
>> >> outgoing message with my local private key, then encrypt with the
>> >> server's public key (from the certificate in my keystore).
>> >>
>> >> Secondly, how do I control the type of SecurityTokenReference used in
>> >> the message? By default I get an X509Data with X509IssuerSerial; I'd
>> >> prefer to use a KeyIdentifier instead. I tried:
>> >>
>> >>
>> >>
>> ofc.setSignatureKeyIdentifier(WSSHandlerConstants.X509_KEY_IDENTIFIER);
>> >>
>> >> But this didn't appear to have any effect.
>> >>
>> >> - Dennis
>> >>
>> >> Dennis M. Sosnoski
>> >> SOA, Web Services, and XML
>> >> Training and Consulting
>> >> http://www.sosnoski.com - http://www.sosnoski.co.nz
>> >> Seattle, WA +1-425-296-6194 - Wellington, NZ +64-4-298-6117
>> >>
>> >>
>> >>
>> >> Ruchith Fernando wrote:
>> >> > Please add the axis2-security-SNAPSHOT.jar [1] into your
>> classpath to
>> >> > access the OutflowConfiguration/InflowConfiguration classes.
>> >> >
>> >> > Latest rampart-SNAPSHOT.mar is available here : [2].
>> >> >
>> >> > Thanks,
>> >> > Ruchith
>> >> >
>> >> > [1]
>> >> >
>> >>
>> http://people.apache.org/repository/axis2/jars/axis2-security-SNAPSHOT.jar
>>
>> >>
>> >> >
>> >> > [2]
>> >> http://people.apache.org/repository/axis2/mars/rampart-SNAPSHOT.mar
>> >> >
>> >> > On 8/10/06, Brecht Yperman <[EMAIL PROTECTED]> wrote:
>> >> >> Ok,
>> >> >>
>> >> >> Apparently I'm shit at using Axis2, no progress last two days...
>> >> >>
>> >> >> Where can I find the latest rampart.mar-build?
>> >> >> Can I rename the .mar-file to .jar and add it to my build path (to
>> >> use
>> >> >> the OutflowConfiguration class)?
>> >> >>
>> >> >> Thanks,
>> >> >> Brecht
>> >> >>
>> >> >> -----Original Message-----
>> >> >> From: Ruchith Fernando [mailto:[EMAIL PROTECTED]
>> >> >> Sent: donderdag 10 augustus 2006 10:02
>> >> >> To: axis-user@ws.apache.org
>> >> >> Subject: Re: [Axis2] Configure Rampart dynamically
>> >> >>
>> >> >> Hi Brecht,
>> >> >>
>> >> >> Yes it is possible. Please see here:
>> >> >> http://marc.theaimsgroup.com/?l=axis-user&m=115517624610919&w=2
>> >> >>
>> >> >> Thanks,
>> >> >> Ruchith
>> >> >>
>> >> >> On 8/10/06, Brecht Yperman <[EMAIL PROTECTED]> wrote:
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >> > Hi,
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >> > how do I configure Rampart dynamically?
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >> > I tried something like this, but it does not work...
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >> > private void configureSecurity(ServiceClient client) throws
>> >> AxisFault
>> >> >> {
>> >> >> >
>> >> >> > if (true /*security == on*/) {
>> >> >> >
>> >> >> > Parameter parm = new Parameter();
>> >> >> >
>> >> >> > parm.setName("OutflowSecurity");
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >> > OMFactory fact =
>> >> OMAbstractFactory.getOMFactory();
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >> > OMNamespace emptyNS =
>> >> fact.createOMNamespace(null,
>> >> >> "");
>> >> >> >
>> >> >> > OMElement actionEl =
>> >> fact.createOMElement("action",
>> >> >> > emptyNS);
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >> > OMElement itemsEl =
>> fact.createOMElement("items",
>> >> >> > emptyNS);
>> >> >> >
>> >> >> > itemsEl.setText("UsernameToken");
>> >> >> >
>> >> >> > actionEl.addChild(itemsEl);
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >> > OMElement userEl =
>> fact.createOMElement("user",
>> >> >> emptyNS);
>> >> >> >
>> >> >> > userEl.setText("bob");
>> >> >> >
>> >> >> > actionEl.addChild(userEl);
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >> > OMElement pwCbEl =
>> >> >> > fact.createOMElement("passwordCallbackClass", emptyNS);
>> >> >> >
>> >> >> > pwCbEl.setText("CallbackHandler");
>> >> >> >
>> >> >> > actionEl.addChild(pwCbEl);
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >> > parm.setParameterElement(actionEl);
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >> > client.engageModule(new QName("rampart-1.0"));
>> >> >> >
>> >> >> > }
>> >> >> >
>> >> >> > }
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >> > Thanks,
>> >> >> >
>> >> >> > Brecht
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >> > Invenso - The "Integration Software" specialists.
>> >> >> > _____________________________________________
>> >> >> >
>> >> >> > Brecht Yperman
>> >> >> > Development team
>> >> >> >
>> >> >> > Direct: +32 (0)3 780 30 05
>> >> >> > Email: [EMAIL PROTECTED]
>> >> >> >
>> >> >> > INVENSO bvba
>> >> >> > Industriepark-West 75
>> >> >> > 9100 Sint-Niklaas
>> >> >> > Belgium - Europe
>> >> >> >
>> >> >> > Phone: +32 (0)3 780 30 02
>> >> >> > Fax: +32 (0)3 780 30 03
>> >> >> > Email: [EMAIL PROTECTED]
>> >> >> > Website: www.invenso.com
>> >> >> >
>> >> >> > "E-mail disclaimer: This e-mail, and any attachments thereto, is
>> >> >> intended
>> >> >> > only for use by the addressee(s) named herein and may contain
>> >> legally
>> >> >> > privileged and/or confidential information. If you are not the
>> >> >> intended
>> >> >> > recipient, please note that any review, dissemination,
>> disclosure,
>> >> >> > alteration, printing, copying or transmission of this e-mail
>> and/or
>> >> >> any file
>> >> >> > transmitted with it, is strictly prohibited and may be
>> unlawful. If
>> >> >> you have
>> >> >> > received this e-mail by mistake, please immediately notify the
>> >> sender
>> >> >> and
>> >> >> > permanently delete the original as well as any copy of any
>> >> e-mail and
>> >> >> any
>> >> >> > printout thereof."
>> >> >> >
>> >> >> >
>> >> >>
>> >> >>
>> >> >> --
>> >> >> www.ruchith.org
>> >> >>
>> >> >>
>> ---------------------------------------------------------------------
>> >> >> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> >> >> For additional commands, e-mail: [EMAIL PROTECTED]
>> >> >>
>> >> >>
>> >> >>
>> ---------------------------------------------------------------------
>> >> >> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> >> >> For additional commands, e-mail: [EMAIL PROTECTED]
>> >> >>
>> >> >>
>> >> >
>> >> >
>> >>
>> >> ---------------------------------------------------------------------
>> >> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> >> For additional commands, e-mail: [EMAIL PROTECTED]
>> >>
>> >>
>> >
>> >
>>
>
>
--
www.ruchith.org
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
