Hi,
I'm trying to secure services with Rampart encrypting the body of
the soap message. When the load on the body are pure xml elements
with no attributes works fine but when the load has elements with
attributes when they are decrypted the value is "null". The service
was working fine with out encryption.
I sent this before but I was not able to get much help. I'm stuck
with this and I need to get it working in a production system soon.
Help please, I'm kind of desperate. I told my boss that with axis2
and Rampart will get secure services quite easily and I been stuck
almost for one month on this.
Example of load :
<AllowedValuesSet isStatic="true">
<NestedMap>
<MapEntry entryValue="Model Output" entryKey="model_output"/>
<MapEntry entryValue="Observation" entryKey="observation"/>
<NestedMap parentKey="observation">
<MapEntry entryValue="Station" entryKey="observation>station"/>
<NestedMap parentKey="observation>station">
<MapEntry entryValue="Lightning"
entryKey="observation>station>lightning"/>
<MapEntry entryValue="Mesowest/WMO"
entryKey="observation>station>wmo"/>
<MapEntry entryValue="Profiler"
entryKey="observation>station>profiler"/>
<MapEntry entryValue="SAMS"
entryKey="observation>station>sams"/>
<MapEntry entryValue="Sounding"
entryKey="observation>station>sounding"/>
</NestedMap>
</NestedMap>
<NestedMap parentKey="model_output">
<MapEntry entryValue="MM5" entryKey="model_output>mm5"/>
<NestedMap parentKey="model_output>mm5">
<MapEntry entryValue="Forecast"
entryKey="model_output>mm5>forecast"/>
</NestedMap>
</NestedMap>
</NestedMap>
</AllowedValuesSet>
services.xml :
<!-- This file was auto-generated from WSDL -->
<!-- by the Apache Axis2 version: #axisVersion# #today# -->
<serviceGroup>
<service name="MetvaultMetadataService">
<messageReceivers>
<messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-out"
class="edu.ucar.rap.metvault.metvaultservice.version1_0.metadataservice.MetvaultMetadataServiceMessageReceiverInOut"/>
</messageReceivers>
<parameter name="ServiceClass" locked="false">
edu.ucar.rap.metvault.metvaultservice.version1_0.metadataservice.MetvaultMetadataServiceSkeleton</parameter>
<operation name="getAllowedValuesSet"
mep="http://www.w3.org/2004/08/wsdl/in-out">
<actionMapping>getAllowedValuesSet</actionMapping>
</operation>
<operation name="getMetadata"
mep="http://www.w3.org/2004/08/wsdl/in-out">
<actionMapping>getMetadata</actionMapping>
</operation>
<operation name="retrieveMetadata"
mep="http://www.w3.org/2004/08/wsdl/in-out">
<actionMapping>retrieveMetadata</actionMapping>
</operation>
<operation name="executeService"
mep="http://www.w3.org/2004/08/wsdl/in-out">
<actionMapping>executeService</actionMapping>
</operation>
<operation name="requestServiceSummary"
mep="http://www.w3.org/2004/08/wsdl/in-out">
<actionMapping>requestServiceSummary</actionMapping>
</operation>
<operation name="requestServiceResponse"
mep="http://www.w3.org/2004/08/wsdl/in-out">
<actionMapping>requestServiceResponse</actionMapping>
</operation>
<operation name="requestCrawlerStart"
mep="http://www.w3.org/2004/08/wsdl/in-out">
<actionMapping>requestCrawlerStart</actionMapping>
</operation>
<operation name="requestCrawlerStop"
mep="http://www.w3.org/2004/08/wsdl/in-out">
<actionMapping>requestCrawlerStop</actionMapping>
</operation>
<operation name="requestLogin"
mep="http://www.w3.org/2004/08/wsdl/in-out">
<actionMapping>requestLogin</actionMapping>
</operation>
<module ref="rampart"/>
<parameter name="OutflowSecurity">
<action>
<items>Timestamp Encrypt</items>
<passwordCallbackClass>edu.ucar.rap.metvault.metvaultservice.version1_0.metadataservice.PWCBHandler</passwordCallbackClass>
<encryptionPropFile>service.properties</encryptionPropFile>
<encryptionKeyIdentifier>IssuerSerial</encryptionKeyIdentifier>
<encryptionUser>client</encryptionUser>
</action>
</parameter>
<parameter name="InflowSecurity">
<action>
<items>UsernameToken Timestamp Encrypt</items>
<passwordCallbackClass>edu.ucar.rap.metvault.metvaultservice.version1_0.metadataservice.PWCBHandler</passwordCallbackClass>
<decryptionPropFile>service.properties</decryptionPropFile>
</action>
</parameter>
</service>
</serviceGroup>
client axis2.xml excerpt :
<module ref="rampart"/>
<parameter name="InflowSecurity">
<action>
<items>Timestamp Encrypt</items>
<passwordCallbackClass>edu.ucar.rap.metvault.metvaultservice.version1_0.metadataservice.PWCBHandler</passwordCallbackClass>
<decryptionPropFile>client.properties</decryptionPropFile>
</action>
</parameter>
<parameter name="OutflowSecurity">
<action>
<items>UsernameToken Timestamp Encrypt</items>
<passwordType>PasswordText</passwordType>
<signaturePropFile>client.properties</signaturePropFile>
<signatureKeyIdentifier>DirectReference</signatureKeyIdentifier>
<encryptionUser>service</encryptionUser>
<encryptionPropFile>client.properties</encryptionPropFile>
<encryptionIdentifier>IssuerSerial</encryptionIdentifier>
<encryptionParts>
{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}UsernameToken
</encryptionParts>
<! -- The user and password are set up on the client stub with
an instance of a pwcallbackHandle -->
<!-- <user>marcel</user> -->
<!--
<passwordCallbackClass>edu.ucar.rap.metvault.metvaultservice.version1_0.metadataservice.PWCBHandler</passwordCallbackClass>
-->
</action>
</parameter>
I got another question, how to configure a client for using
UsernameToken and Signature since they both use the <user> parameter
and in my case are different. Do I have to set up two actions ?
Could you send me an example of the setup on the client and on the
service ?
Thanks in advance,
-Marcel
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]