Hi,
first a question about your config (wsdd): why do you use
a chained (cascaded) handler. It would also work if you just
say: <parameter name="action" value="Signature UsernameToken" />.
Do you need different user names? In that case you shall use chaining.
If you reverse to actions on the client side then you have to do the
same on the server side except you define "NoSecurity" as action. In
that case no check is done if the security actions are in the right
order.
About using LDAP for password: just enable you password callback class
to use e.g. the username as the key into an LDAP directory. That's
why we introduced the callbak class: you can programm it in any way
necessary to get a password.
Same holds true for the Certificate. Merling supports Java Keystore
and PKCS#12 using the BouncyCastle libraries. Merlin is an
implementation of the Crypto interface. You may just have an own class
an inheriting from Merling and add LDAP support. In that case you may
als need to enhance the certificate validation in WSDoAllReceiver. Do
it similar to Merlin. Have an own class that inherits from
WSDoallReceiver and overwrite the appropriate methods.
Aws Ismail schrieb:
I have configured my web service client to Use WSDoAllSender to sign the
soap request (create Signature token) and to also to create a Username
token like this:
<deployment xmlns="http://xml.apache.org/axis/wsdd/";
xmlns:java="http://xml.apache.org/axis/wsdd/providers/java";>
<transport name="http"
pivot="java:org.apache.axis.transport.http.HTTPSender" />
<globalConfiguration>
<requestFlow>
<handler
type="java:org.apache.ws.axis.security.WSDoAllSender">
<parameter name="user" value="user1" />
<parameter name="passwordCallbackClass"
value="PWCallback" />
<parameter name="action" value="Signature
NoSerialization" />
<parameter name="signaturePropFile"
value="crypto.properties" />
<parameter name="mustUnderstand" value="0" />
</handler>
<handler
type="java:org.apache.ws.axis.security.WSDoAllSender">
<parameter name="action" value="UsernameToken" />
<parameter name="user" value="User1" />
<parameter name="passwordCallbackClass"
value="PWCallback" />
<parameter name="passwordType" value="digested" />
<parameter name="mustUnderstand" value="0" />
</handler>
</requestFlow >
</globalConfiguration >
</deployment>
And in the Server configuration is:
<handler type="java:org.apache.ws.axis.security.WSDoAllReceiver">
<parameter name="passwordCallbackClass" value="PWCallback" />
<parameter name="action" value="Signature UsernameToken" />
<parameter name="signaturePropFile" value="crypto.properties" />
</handler>
Question 1:
Everything works fine if the order of security tokens in the client side
was like above, *however it does not work if they were revered*?! And I
don’t have the control on all the clients to send first the user token
then the signature in the Security header all the times?
Question 2:
The PWCallback class required that I have to set the password for the
identifier (on the server side) so that it can be authenticated; *I have
the need to authenticate through the LDAP, what is the best way to
accomplish this?*
Question 3:
I could configure the crypto.properties to read the needed keys for
signing and validating the signature from a keystore stored on the file
system, *how can I configure Merlin to utilize Digital Certificates
stored in LDAP to do the Signature Validation?*
Thanks in advanced.
Aws Ismail
