Oh boy, hitting myself to the head now. I thought you could specifiy an encryptionToken OR a SignatureToken. i guess the jira issue can be set to completed. Sorry for that...
I am using the X509 certificates with a private key. I'm gonna give it a try with the endorsingTokens. Tnx for your help that's 5 stars for you! Nunny wrote: > > Hi Thomas, > >> So, this is something i don't get: >> I only add add a signatureToken and still rampart tries to add an >> encryptionToken?! >> It looks like it is impossible to add a signature without an >> encryptionToken. > -- > > According to WS - Security Policy Specification, a symmetric binding > has to have either a protection token or both encryption token and > signature token. > > <sp:SymmetricBinding ... > > <wsp:Policy> > ( > <sp:EncryptionToken ... > > <wsp:Policy> ... </wsp:Policy> > </sp:EncryptionToken> > <sp:SignatureToken ... > > <wsp:Policy> ... </wsp:Policy> > </sp:SignatureToken> > ) | ( > <sp:ProtectionToken ... > > <wsp:Policy> ... </wsp:Policy> > </sp:ProtectionToken> > ) > ... > </wsp:Policy> > </sp:SymmetricBinding> > > This how the symmetric binding works when a protection token is > defined. > The web service client creates an encrypted key by encrypting a random key > using the web service's public key. Then this encrypted key is used to > sign > and encrypt the messages back and forth. So only the web service need to > have a key pair to do symmetric binding. If the web service need to > authenticate > the client, then a X509 token can be used as an endorsing supporting > token. > When an endorsing supporting token is used, the client signs the > message signature > again generating a second signature ( To do this client has to have > the private key > of his X509Token, so the client can be authenticated ). > In your case, are you using web service's X509 certificate ? > > Thanks, > /nandana > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > -- View this message in context: http://www.nabble.com/Apache-rampart-without-encryption--%3E-nullpointerException-tp15408083p15428346.html Sent from the Axis - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
