Hi riis, Monitor the SOAP message using a TCP monitor. Then you can find answers to most of your questions.
Sample07 did it use TripleDesRsa15 or Basic128Rsa15?
It uses Rsa15 for encryption.
Do you know which part of the document that was signed?
SOAP Body - this is the default. I realized this by studying the SOAP message. As for the question below, please refer Security Policy specification at [1]
Did it use a Asymmetric binding?
Yes. The Securit policy specification states. "The AsymmetricBinding assertion is used in scenarios in which message protection is provided by means defined in WSS: SOAP Message Security." When we used client.axis2.xml file for configuration what we did was configure WSS.
Would it be possible at all to change my service to use policies without changing the clients. The clients are already running with the old configuration style and it would be hard work changing them. But it would be nice to support policies for new clients.
Yes. Cheers, Dimuthu http://wso2.org [1]http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0.pdf On 2/19/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
Hi Dimuthu, Thank you for answering. I have already tried to compare the samples from the basic and policy folder. But I still have some problems figuring it out. In the old way you didn't specify encryption protocol or whether it was header, body or the entire soap message that should be signed. I have some questions then. Sample07 did it use TripleDesRsa15 or Basic128Rsa15? Do you know which part of the document that was signed? Did it use a Asymmetric binding? Would it be possible at all to change my service to use policies without changing the clients. The clients are already running with the old configuration style and it would be hard work changing them. But it would be nice to support policies for new clients. Hope you can help me! Regards Multi-Support A/S Torben Riis -------------------------------------------------------------------- Phone +45 96 600 600, Fax +45 96 600 601 E-mail: [EMAIL PROTECTED] http://www.multi-support.com "Dimuthu Leelaratne" <dimuthu.leelarat To [EMAIL PROTECTED]> axis-user@ws.apache.org cc 19-02-2007 04:37 Subject Re: Rampart 1.1 - Sample07 as Please respond to policy [EMAIL PROTECTED] he.org Hi Riis, Please have a look at samples/policy folder in rampart 1.1 distribution. It has 4 samples and they could help you. Cheers, Dimuthu On 2/16/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > Hi, > > I'm trying to change my implementation to use policies instead of the old > way. > But I have some problems figuring it out. > > If I should implement sample07 as policies instead of the below way, what > would it take? > Could some one give an example of "Sample07" from the Rampart 1.1 > distribution as policies? > > Client (axis.conf) > <parameter name="OutflowSecurity"> > <action> > <items>Timestamp Encrypt Signature</items> > <user>client</user> > > <passwordCallbackClass>org.apache.rampart.samples.sample07.PWCBHandler</passwordCallbackClass> > <signaturePropFile>client.properties</signaturePropFile> > <signatureKeyIdentifier>DirectReference</signatureKeyIdentifier> > <encryptionKeyIdentifier>SKIKeyIdentifier</encryptionKeyIdentifier> > <encryptionUser>service</encryptionUser> > </action> > </parameter> > > <parameter name="InflowSecurity"> > <action> > <items>Timestamp Encrypt Signature</items> > > <passwordCallbackClass>org.apache.rampart.samples.sample07.PWCBHandler</passwordCallbackClass> > <signaturePropFile>client.properties</signaturePropFile> > </action> > </parameter> > > Service (service.conf) > <parameter name="InflowSecurity"> > <action> > <items>Timestamp Encrypt Signature</items> > > <passwordCallbackClass>org.apache.rampart.samples.sample07.PWCBHandler</passwordCallbackClass> > <signaturePropFile>service.properties</signaturePropFile> > </action> > </parameter> > > <parameter name="OutflowSecurity"> > <action> > <items>Timestamp Encrypt Signature</items> > <user>service</user> > > <passwordCallbackClass>org.apache.rampart.samples.sample07.PWCBHandler</passwordCallbackClass> > <signaturePropFile>service.properties</signaturePropFile> > <signatureKeyIdentifier>DirectReference</signatureKeyIdentifier> > <encryptionKeyIdentifier>SKIKeyIdentifier</encryptionKeyIdentifier> > <encryptionUser>useReqSigCert</encryptionUser> > </action> > </parameter> > > Regards > Multi-Support A/S > > Torben Riis > -------------------------------------------------------------------- > Phone +45 96 600 600, Fax +45 96 600 601 > E-mail: [EMAIL PROTECTED] > http://www.multi-support.com > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
