Hi
Thanks for the response. Where can I download the
axis2-security-SNAPSHOT.jar for using the OutflowConfiguration and
InflowConfiguration classes? The nightly downloads site from people.apache.org
is not available. ? Please let me know.
Thanks
Sriram
-----Original Message-----
From: Ruchith Fernando [mailto:[EMAIL PROTECTED]
Sent: Wednesday, October 25, 2006 5:23 AM
To: [email protected]
Subject: Re: Rampart module
Hi Sriram,
We cannot specify service specific parameters in the axis2.xml file.
Therefore we have an alternative way to configure the clients when
talking to multiple services. You can use two helper classes to
generate the parameters dynamically and set them in the options object
of the client before invoking the service.
Please have a look at "sample11" of this [1] presentation.
Thanks,
Ruchith
[1] http://www.wso2.net/presentations/rampart/java/2006/08/04/secure-ws
On 10/25/06, Sriram Vaidyanathan <[EMAIL PROTECTED]> wrote:
> Hi Ruchith,
> Thanks a lot for the response. That solved the issue.
>
> I have another question regarding using a single client to send secure
> messages to different services and each service expects the incoming message
> to be encrypted.
>
> But in my client's axis2.xml for the OutflowSecurity parameter the
> <encryptionUser> can specify the alias for any one of the service's public
> certificate. Is there any way this alias can be supplied dynamically based on
> a condition instead of having it hardcoded in the axis2.xml. Any insight on
> this would be appreciated.
>
> Thanks
> Sriram
>
>
> ________________________________
>
> From: Ruchith Fernando [mailto:[EMAIL PROTECTED]
> Sent: Wed 10/18/2006 9:51 PM
> To: [email protected]
> Subject: Re: Rampart module
>
>
>
> Hi Sriram,
>
> Seems like the body is encrypted twice! That's why you cannot find the
> the second DataReference
> (EncryptedContent-35c3b4c0-4192-48b3-ab5d-629c7abcc6e2) in the message
> - since its encrypted.
>
> Therefore please try changing the "items" in the inflow configuration to :
> <items>Signature Encrypt Encrypt Timestamp</items>
>
> Thanks,
> Ruchith
>
> On 10/19/06, Sriram Vaidyanathan <[EMAIL PROTECTED]> wrote:
> > Hi Ruchith,
> > Pasted below is the generated message from the .NET client with the
> > extra encryptedKey element and on the server side, the axis2 xml is
> > configured for InflowSecurity as "<items>Signature Encrypt
> > Timestamp</items>"
> >
> > Thanks
> > Sriram
> >
> > <?xml version="1.0" encoding="utf-8"?>
> > <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";
> > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
> > xmlns:xsd="http://www.w3.org/2001/XMLSchema";
> > xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/03/addressing";
> > xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
> >
> > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";>
> > <soap:Header>
> > <wsa:Action
> > wsu:Id="Id-392264f7-703f-4ac0-b84d-810f91fe8f86">http://abc.testservice.com/echo</wsa:Action>
> > <wsa:MessageID
> > wsu:Id="Id-5d8a4918-a4f4-46d6-b275-66a3bba829c5">uuid:a9d09b03-8924-4bdb-b29b-2a88d4c9d457</wsa:MessageID>
> > <wsa:ReplyTo wsu:Id="Id-9579ae46-5658-4e12-9119-64e2d440e89e">
> >
> > <wsa:Address>http://schemas.xmlsoap.org/ws/2004/03/addressing/role/anonymous</wsa:Address>
> > </wsa:ReplyTo>
> > <wsa:To
> > wsu:Id="Id-e0ea75ce-232b-45c7-a069-475e602b6f49">https://abc.testservice.com/services/SampleService</wsa:To>
> > <wsse:Security soap:mustUnderstand="1">
> > <wsu:Timestamp
> > wsu:Id="Timestamp-3655fce3-efaa-4ee4-8143-2d9bb5b0ccb6">
> > <wsu:Created>2006-10-18T13:36:56Z</wsu:Created>
> > <wsu:Expires>2006-10-18T13:41:56Z</wsu:Expires>
> > </wsu:Timestamp>
> > <wsse:BinarySecurityToken
> > ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3";
> >
> > EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary";
> >
> > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
> >
> > wsu:Id="SecurityToken-d51b1d39-71ff-46d8-9e13-64bd8b3ff398">MIIBujCCAWigAwIBAgIQ8RrjeUJb0JNNW53UzT9SWzAJBgUrDgMCHQUAMBYxFDASBgNVBAMTC1Jvb3QgQWdlbmN5MB4XDTA2MTAwMjE1NDcxNVoXDTM5MTIzMTIzNTk1OVowHTEbMBkGA1UEAxMSQ0RUVGVzdENlcnRpZmljYXRlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDAUVXoOkoffCVPxzmGLGaPtLT8vF3h+Im8gbByZu/CBZWjPmqHRk62NsBr5923NtsMJR52fuMgaYbivSk9xxJfd4Q0OD35Y1sqx/veUOPW0N1kTdB5r51KadOU05C4/B3hBOJYq/FEpPwMYLEgZbUH2tDKbo8Qj+ntJmkD9yYQJQIDAQABo0swSTBHBgNVHQEEQDA+gBAS5AktBh0dTwCNYSHcFmRjoRgwFjEUMBIGA1UEAxMLUm9vdCBBZ2VuY3mCEAY3bACqAGSKEc+41KpcNfQwCQYFKw4DAh0FAANBADuVU60NZd3oX90ZJNasST6EsvNKpKLE7WtjXIS/QpxgLA3xwuTUQViGSZ5rKw7Z3TNy3LDxA4K8TY/Kh7fo9Xg=</wsse:BinarySecurityToken>
> > <xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";>
> > <xenc:EncryptionMethod
> > Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"; />
> > <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#";>
> > <wsse:SecurityTokenReference>
> > <wsse:KeyIdentifier
> > ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier";
> >
> > EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary";>6+TG/qjIwXgY6PC0uB9PEV+DEfE=</wsse:KeyIdentifier>
> > </wsse:SecurityTokenReference>
> > </KeyInfo>
> > <xenc:CipherData>
> >
> > <xenc:CipherValue>NQ5JNFqRvllJ00dhS9pQ1Ux+n+on1dwSayYMFZ7JK9whQYC8ZXiiw3IwXXdrGYRtyuKqvdoPn1rZyBh+KWMguISsTz2SclRhsBmg2UpBuzUKabedVxdY2nU6wsI55i2JX0qLZhGURdVYZ0B/hKsQMWunYGjncEcJGuO1GAyFFFI=</xenc:CipherValue>
> > </xenc:CipherData>
> > <xenc:ReferenceList>
> > <xenc:DataReference
> > URI="#EncryptedContent-8b343733-6984-4b42-9b35-83bb20fa5f0f" />
> > </xenc:ReferenceList>
> > </xenc:EncryptedKey>
> > <xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";>
> > <xenc:EncryptionMethod
> > Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"; />
> > <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#";>
> > <wsse:SecurityTokenReference>
> > <wsse:KeyIdentifier
> > ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier";
> >
> > EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary";>6+TG/qjIwXgY6PC0uB9PEV+DEfE=</wsse:KeyIdentifier>
> > </wsse:SecurityTokenReference>
> > </KeyInfo>
> > <xenc:CipherData>
> >
> > <xenc:CipherValue>a1PVPSkrjtjVf4R+4U5UODOSCqBaENKvXCIl+/jJyTilsTAUyasv5Iy/tay5oMzgVQvrgYhsOnETLrjx7MJXwFIL0stKhOIOeQLmP94MMnrNim6+KujylObPdMh/hTtSesJFGg0A9lZ79gWmNLH/vCagP5HZPSQ/9+BiOfkPWfE=</xenc:CipherValue>
> > </xenc:CipherData>
> > <xenc:ReferenceList>
> > <xenc:DataReference
> > URI="#EncryptedContent-35c3b4c0-4192-48b3-ab5d-629c7abcc6e2" />
> > </xenc:ReferenceList>
> > </xenc:EncryptedKey>
> > <Signature xmlns="http://www.w3.org/2000/09/xmldsig#";>
> > <SignedInfo>
> > <ds:CanonicalizationMethod
> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";
> > xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; />
> > <SignatureMethod
> > Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"; />
> > <Reference URI="#Id-392264f7-703f-4ac0-b84d-810f91fe8f86">
> > <Transforms>
> > <Transform
> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; />
> > </Transforms>
> > <DigestMethod
> > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; />
> > <DigestValue>XPsgAkRid9zqbvBCCcRAtfuDdvc=</DigestValue>
> > </Reference>
> > <Reference URI="#Id-5d8a4918-a4f4-46d6-b275-66a3bba829c5">
> > <Transforms>
> > <Transform
> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; />
> > </Transforms>
> > <DigestMethod
> > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; />
> > <DigestValue>4oqh/ZBIeqGO8aZBizjab2nA1Do=</DigestValue>
> > </Reference>
> > <Reference URI="#Id-9579ae46-5658-4e12-9119-64e2d440e89e">
> > <Transforms>
> > <Transform
> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; />
> > </Transforms>
> > <DigestMethod
> > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; />
> > <DigestValue>HAK41b2OHRKQ32hMS/jf0Mz0Gp4=</DigestValue>
> > </Reference>
> > <Reference URI="#Id-e0ea75ce-232b-45c7-a069-475e602b6f49">
> > <Transforms>
> > <Transform
> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; />
> > </Transforms>
> > <DigestMethod
> > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; />
> > <DigestValue>cwCmR+Yko4zoBey8wOVizE6zPTw=</DigestValue>
> > </Reference>
> > <Reference
> > URI="#Timestamp-3655fce3-efaa-4ee4-8143-2d9bb5b0ccb6">
> > <Transforms>
> > <Transform
> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; />
> > </Transforms>
> > <DigestMethod
> > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; />
> > <DigestValue>veIjhp8Ubw/V2Sa6kdArohMD6nw=</DigestValue>
> > </Reference>
> > <Reference URI="#Id-89cc079d-6dea-406e-ad20-5b7c7a925767">
> > <Transforms>
> > <Transform
> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; />
> > </Transforms>
> > <DigestMethod
> > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; />
> > <DigestValue>jeT3j5JGalurE0pODG0gS1qmeCw=</DigestValue>
> > </Reference>
> > </SignedInfo>
> >
> > <SignatureValue>vGgQHG8/MvSsM8xXaahSyGZ408ji8LfbX7yfxcnJ40c7CDCDYwoj75ZmZD7T7u1Igzmn7CmM7rzFCcb+MM34bj7HVChMTAuw8bluKEHksTzJItqwSYxWmPb2QHyuGaea8ahy3CFmr+FNCujZ/kfEZQ98CmtXmj9idtMvTzJkBbQ=</SignatureValue>
> > <KeyInfo>
> > <wsse:SecurityTokenReference>
> > <wsse:Reference
> > URI="#SecurityToken-d51b1d39-71ff-46d8-9e13-64bd8b3ff398"
> > ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3";
> > />
> > </wsse:SecurityTokenReference>
> > </KeyInfo>
> > </Signature>
> > </wsse:Security>
> > </soap:Header>
> > <soap:Body wsu:Id="Id-89cc079d-6dea-406e-ad20-5b7c7a925767">
> > <xenc:EncryptedData
> > Id="EncryptedContent-8b343733-6984-4b42-9b35-83bb20fa5f0f"
> > Type="http://www.w3.org/2001/04/xmlenc#Content";
> > xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";>
> > <xenc:EncryptionMethod
> > Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"; />
> > <xenc:CipherData>
> >
> > <xenc:CipherValue>/tc/143BkwW4h6qmKy4bi+iLMEYI8xe5XdIy83kwDlSZZpFgA9RePh9c0Z+whSlZ3nQ7j3FPnODKA9eknQh02BHZwcmp2GcdghfnB8HNGm7rnKSJmXUkG6C5FzPWqI84lhYToQTJh/rpmbwMzav1uBqVvPWzeUaYRFnGTvNlEkddDuOfOXaX+VY7BahU/ExCXANlk1LY9nGrm+j5dda7uQjbKNTzsULFXvqgyKLU4S4Zq9zcy2bFHqTXavJotQnafIRQheSRzHdk2FkhJOYYAzAdStLfYS4Tzx4x2L2w8ZrqnkdHgLn8I0Hq05XGHI2c5GxOt5CqXkuCQ93ZlR1DLY+5nnnVaWIk75vjePIrw8kmXgpcy2/bI7AYnZxWJpSpzXXGvOiznvcF7iQubgi674j0PPrA7cbGlY+fS4pAIUaRAM00wMyjPQcs6jPJrjvV5Ndj+6siCl9Ptj6BPpCmPHxS+wW0zXeVGpPn1u9nquvQXsTEhldknsc7p/gIOSf8wQmlPJAjOvAe+4lUHnGBkq6mF7A+9uqbt2xCuzbMMEKg9pRCVCtM2GVdhGNSSsKLmuPpdnTzAdKlcHPHaIx659kcAKKcq0XTXDZInOJK7ggkwwPQKSeLajwkVIbCs8UTOuUErI39t2m79T3Wvy5JTC+6ptCSbSM1J7dsV2IKrN5NmoyWSsIzbKC4RSOGEL/P</xenc:CipherValue>
> > </xenc:CipherData>
> > </xenc:EncryptedData>
> > </soap:Body>
> > </soap:Envelope>
> >
> > -----Original Message-----
> > From: Ruchith Fernando [mailto:[EMAIL PROTECTED]
> > Sent: Wednesday, October 18, 2006 6:57 PM
> > To: [email protected]
> > Subject: Re: Rampart module
> >
> > Hi Sriram,
> >
> > Yes, the extra EncryptedKey with a RefList (meaning there's content
> > that is encrypted with that key) can be causing the action mismatch.
> > Can you please post the message generated by the .NET client?
> >
> > Thanks,
> > Ruchith
> >
> > On 10/18/06, Sriram Vaidyanathan <[EMAIL PROTECTED]> wrote:
> > > Thanks for the response, Ruchith.
> > >
> > > I had a question with the WSDoAllReceiver. There is a check for
> > > matching the Actions in the right order, which throws a WSDoAllReceiver:
> > > security processing failed (actions mismatch)") in case the actions don't
> > > match with the actual results and the configured actions.
> > > We are having a .NET client trying to send the message but it always
> > > fails for the actions mismatch check. On looking at it they have an extra
> > > <xenc:encryptedKey> element, which is having a referenceData URI, but the
> > > URI doesn't match to any particular element in the document. We have
> > > the Server axis2.xml configured as
> > > "<items>Signature Encrypt Timestamp</items>"
> > >
> > > Could the extra encrypted element in the request be causing this "Actions
> > > Mismatch" error. Any help on this would be appreciated.
> > >
> > > Thanks
> > > Sriram
> > >
> > >
> > > -----Original Message-----
> > > From: Ruchith Fernando [mailto:[EMAIL PROTECTED]
> > > Sent: Wednesday, October 18, 2006 12:47 AM
> > > To: [email protected]
> > > Subject: Re: Rampart module
> > >
> > > Hi Sriram,
> > >
> > > On 10/18/06, Sriram Vaidyanathan <[EMAIL PROTECTED]> wrote:
> > > > Hi,
> > > > Where can I get the source files for the Rampart Module?
> > >
> > > Trunk:
> > > https://svn.apache.org/repos/asf/webservices/axis2/trunk/java/modules/security
> > >
> > > 1.1 Branch:
> > > https://svn.apache.org/repos/asf/webservices/axis2/branches/java/1_1/modules/security
> > >
> > > > Also, any idea when will the Rampart 1.1 version coming out?
> > > I think we can release rampart a week or two after the Axis2 1.1 release.
> > >
> > > Thanks,
> > > Ruchith
> > >
> > > >
> > > > Thanks
> > > > Sriram
> > > >
> > > >
> > > > -----Original Message-----
> > > > From: Ruchith Fernando [mailto:[EMAIL PROTECTED]
> > > > Sent: Monday, October 16, 2006 10:45 PM
> > > > To: [email protected]
> > > > Subject: Re: Rampart module
> > > >
> > > > Please try this :
> > > >
> > > > http://people.apache.org/repository/org.apache.axis2/mars/rampart-1.1-SNAPSHOT.mar
> > > >
> > > > Thanks,
> > > > Ruchith
> > > >
> > > > On 10/17/06, Marcel Casado <[EMAIL PROTECTED]> wrote:
> > > > > Hi,
> > > > >
> > > > > Where I can find a snapshot of the Rampart module that works fine with
> > > > > an snapshot of Axis2 1.1 ?
> > > > >
> > > > > Thanks,
> > > > >
> > > > > -Marcel
> > > > >
> > > > > ---------------------------------------------------------------------
> > > > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > > > For additional commands, e-mail: [EMAIL PROTECTED]
> > > > >
> > > > >
> > > >
> > > >
> > > > --
> > > > www.ruchith.org
> > > >
> > > > ---------------------------------------------------------------------
> > > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > > For additional commands, e-mail: [EMAIL PROTECTED]
> > > >
> > > > ---------------------------------------------------------------------
> > > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > > For additional commands, e-mail: [EMAIL PROTECTED]
> > > >
> > > >
> > >
> > >
> > > --
> > > www.ruchith.org
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > For additional commands, e-mail: [EMAIL PROTECTED]
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > For additional commands, e-mail: [EMAIL PROTECTED]
> > >
> > >
> >
> >
> > --
> > www.ruchith.org
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
>
>
> --
> www.ruchith.org
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
--
www.ruchith.org
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
