Re: AW: WSDoAllReceiver Question

Fri, 22 Jul 2005 13:03:28 -0700 

Shawn,

this is the way (the sequence) the WSS4J handler for Axis
is performing. Not anything you have to deal with.

The problem is some sort of a chicken and egg problem
- first we the the UsernameToken to perform Signature
  based on UsernameToekn
- but UsernameToken must be inserted into request _after_
  the Signature processing.

Thus the WSS4J handler creates a half backed USernameTokne, uses
this to perform Signature, the finishes the UsernameToken and
insertes it into the request.

If you really need to sign the UsernameToken with itself we
have to solve this chicken/egg problem in some other
way.

Regards,
Werner

Shawn McKinney schrieb:

Werner, still confused -



- first create the UsernameToken as internal DOM
element with all



Do I do this with my own custom handler?  A handler
that must fire before the DoAllSender?
internal DOM element with all necessary data. 

- username
-password
-timestamp
- etc
Then do I configure the DoAllSender like this: <globalConfiguration > 
   <requestFlow >
      <handler
type="java:my.new.custom.username.token.handler"/>
    <handler
type="java:org.apache.ws.axis.security.WSDoAllSender"

          <parameter name="action"
value="UsernameTokenSignature Encrypt"/>
      <parameter name="passwordCallbackClass"
value="com.fnf.xes.framework.axis.security.client.PWClientCallback"/>
      <parameter name="passwordType"
value="PasswordText" /> <parameter name="addUTElements" value="Nonce 
Created" />
      <parameter name="encryptionPropFile"
value="crypto.client.properties" />
      <parameter name="encryptionKeyIdentifier"
value="X509KeyIdentifier" />               
      <parameter name="encryptionUser"
value="xespublickey" />
<parameter name="encryptionParts" value="{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}UsernameToken"; 
/>                   
    </handler>
<requestFlow> <handler type="soapmonitor"/> </requestFlow> <responseFlow> <handler type="soapmonitor"/> </responseFlow> </requestFlow > 
  </globalConfiguration >


Then, my server-side will work the way I had it
originally configured, because then DoAllReceiver
handler has everything it needs to complete the
signature and encryption processing. ???

Thanks Werner, this is helping a great deal!

Reply via email to