Re: Rampart problem with encryption

Fri, 01 Dec 2006 03:41:34 -0800 

Hi marcel,

I'm just working on this.
I have a new post called "Encrypting Message Failure" from 11/30/06 where Mary Thompson perhaps provides some help. 
You can participate posting there...

It seems that rampart module is not applicable at runtime for the client.

BTW: I am using rampart1.1-RC1 from 27.11.2006
But you should try the nightly builds of rampart with axis2-1.1 latest builds. 

philipp


Marcel Casado schrieb:

Hi Philipp,
I filed a jira http://issues.apache.org/jira/browse/AXIS2-1646 but it has not been taken care for anybody so I gave up until is fixed. Which version of Rampart are you using I stop updating Rampart nigthlies on 11/05/06 so I did not try the nightlies recently neither the Apache Rampart-1.1-RC1. 

Please let me know if you get some progress in the near future.

-Marcel


http://issues.apache.org/jira/browse/AXIS2-1646


Philipp Perner wrote:

Hi,

have you got this problem fixed, and how?
I am having the same problem now - encryption doesn't work, although i have similar configuration like the rampart sample5. 



Marcel Casado schrieb:

Hi,
I'm trying to secure services with Rampart encrypting the body of the soap message. When the load on the body are pure xml elements with no attributes works fine but when the load has elements with attributes when they are decrypted the value is "null". The service was working fine with out encryption.
I sent this before but I was not able to get much help. I'm stuck with this and I need to get it working in a production system soon. Help please, I'm kind of desperate. I told my boss that with axis2 and Rampart will get secure services quite easily and I been stuck almost for one month on this. 


Example of load :

<AllowedValuesSet isStatic="true">
 <NestedMap>
   <MapEntry entryValue="Model Output" entryKey="model_output"/>
   <MapEntry entryValue="Observation" entryKey="observation"/>
   <NestedMap parentKey="observation">
     <MapEntry entryValue="Station" entryKey="observation>station"/>
     <NestedMap parentKey="observation>station">
<MapEntry entryValue="Lightning" entryKey="observation>station>lightning"/> <MapEntry entryValue="Mesowest/WMO" entryKey="observation>station>wmo"/> <MapEntry entryValue="Profiler" entryKey="observation>station>profiler"/> <MapEntry entryValue="SAMS" entryKey="observation>station>sams"/> <MapEntry entryValue="Sounding" entryKey="observation>station>sounding"/> 
     </NestedMap>
   </NestedMap>
   <NestedMap parentKey="model_output">
     <MapEntry entryValue="MM5" entryKey="model_output>mm5"/>
     <NestedMap parentKey="model_output>mm5">
<MapEntry entryValue="Forecast" entryKey="model_output>mm5>forecast"/> 
     </NestedMap>
   </NestedMap>
 </NestedMap>
</AllowedValuesSet>


services.xml :

<!-- This file was auto-generated from WSDL -->
     <!-- by the Apache Axis2 version: #axisVersion# #today# -->
<serviceGroup>
 <service name="MetvaultMetadataService">
   <messageReceivers>
     <messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-out";
class="edu.ucar.rap.metvault.metvaultservice.version1_0.metadataservice.MetvaultMetadataServiceMessageReceiverInOut"/> 
   </messageReceivers>
   <parameter name="ServiceClass" locked="false">
edu.ucar.rap.metvault.metvaultservice.version1_0.metadataservice.MetvaultMetadataServiceSkeleton</parameter> <operation name="getAllowedValuesSet" mep="http://www.w3.org/2004/08/wsdl/in-out";> 
     <actionMapping>getAllowedValuesSet</actionMapping>
   </operation>
<operation name="getMetadata" mep="http://www.w3.org/2004/08/wsdl/in-out";> 
     <actionMapping>getMetadata</actionMapping>
   </operation>
<operation name="retrieveMetadata" mep="http://www.w3.org/2004/08/wsdl/in-out";> 
     <actionMapping>retrieveMetadata</actionMapping>
   </operation>
<operation name="executeService" mep="http://www.w3.org/2004/08/wsdl/in-out";> 
     <actionMapping>executeService</actionMapping>
   </operation>
<operation name="requestServiceSummary" mep="http://www.w3.org/2004/08/wsdl/in-out";> 
     <actionMapping>requestServiceSummary</actionMapping>
   </operation>
<operation name="requestServiceResponse" mep="http://www.w3.org/2004/08/wsdl/in-out";> 
     <actionMapping>requestServiceResponse</actionMapping>
   </operation>
<operation name="requestCrawlerStart" mep="http://www.w3.org/2004/08/wsdl/in-out";> 
     <actionMapping>requestCrawlerStart</actionMapping>
   </operation>
<operation name="requestCrawlerStop" mep="http://www.w3.org/2004/08/wsdl/in-out";> 
     <actionMapping>requestCrawlerStop</actionMapping>
   </operation>
<operation name="requestLogin" mep="http://www.w3.org/2004/08/wsdl/in-out";> 
     <actionMapping>requestLogin</actionMapping>
   </operation>
   <module ref="rampart"/>

  <parameter name="OutflowSecurity">
    <action>
      <items>Timestamp Encrypt</items>
<passwordCallbackClass>edu.ucar.rap.metvault.metvaultservice.version1_0.metadataservice.PWCBHandler</passwordCallbackClass> 
      <encryptionPropFile>service.properties</encryptionPropFile>
      <encryptionKeyIdentifier>IssuerSerial</encryptionKeyIdentifier>
      <encryptionUser>client</encryptionUser>
    </action>
  </parameter>

   <parameter name="InflowSecurity">
     <action>
       <items>UsernameToken Timestamp Encrypt</items>
<passwordCallbackClass>edu.ucar.rap.metvault.metvaultservice.version1_0.metadataservice.PWCBHandler</passwordCallbackClass> 
       <decryptionPropFile>service.properties</decryptionPropFile>
     </action>
   </parameter>

 </service>
</serviceGroup>


client axis2.xml excerpt :

 <module ref="rampart"/>


 <parameter name="InflowSecurity">
   <action>
     <items>Timestamp Encrypt</items>
<passwordCallbackClass>edu.ucar.rap.metvault.metvaultservice.version1_0.metadataservice.PWCBHandler</passwordCallbackClass> 
     <decryptionPropFile>client.properties</decryptionPropFile>
   </action>
 </parameter>


 <parameter name="OutflowSecurity">
   <action>
     <items>UsernameToken Timestamp Encrypt</items>
     <passwordType>PasswordText</passwordType>
     <signaturePropFile>client.properties</signaturePropFile>
     <signatureKeyIdentifier>DirectReference</signatureKeyIdentifier>
     <encryptionUser>service</encryptionUser>
     <encryptionPropFile>client.properties</encryptionPropFile>
     <encryptionIdentifier>IssuerSerial</encryptionIdentifier>
     <encryptionParts>
{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}UsernameToken 
     </encryptionParts>
<! -- The user and password are set up on the client stub with an instance of a pwcallbackHandle --> 
     <!--    <user>marcel</user>   -->
<!-- <passwordCallbackClass>edu.ucar.rap.metvault.metvaultservice.version1_0.metadataservice.PWCBHandler</passwordCallbackClass> --> 
   </action>

 </parameter>
I got another question, how to configure a client for using UsernameToken and Signature since they both use the <user> parameter and in my case are different. Do I have to set up two actions ? Could you send me an example of the setup on the client and on the service ? 


Thanks in advance,

-Marcel

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to