Re: [AXIS2] - Adding ws-security headers from wsdl2java generated client...

Fri, 10 Sep 2010 01:32:30 -0700 

W dniu 2010-09-10 00:05, Matt Graham pisze:

My head asplode.  If someone can point me in the right direction here,
I'll be very grateful.


I have just made my axis2 generated client talk to JBoss+WS-Security
server so maybe I can help.


[...]
WSDL:  Looking at the wsdl, there is nothing there about security
policies, etc.  Actually, nothing at all about security that I can see.
 Does there need to be?  (Not that I have any control over this...  just
trying to understand.)


Yes, AFAIK WS-Security can be added to WSDL, or separate policy,
but I had no such policy. WSDL looked "normal" and was able
to talk only with WebService emulator without WS-Security.


[...]
Can someone set me straight?  Is Rampart the way to go here?  Am I
missing any steps, or files I need to include?  Maybe I needed rampart
somewhere when I used wsdl2java?


I used Rampard.
There is good tutorial:
http://www.ibm.com/developerworks/webservices/tutorials/ws-understand-web-services4/

My client .java code look the same with and without WS-Security.
All the difference is in configuration axis2.conf file.

You must know what cryptography (signature/encrypt/timestamp) server side  
expects from you, and what cryptography you expect from server.

There is configuration from my client.
In my case query (OutflowSecurity) had to be signed and encrypted,
where in response there was also timestamp. Sequence order is very
important: "Signature Encrypt Timestamp" is very different
from "Timestamp Signature Encrypt", but creators of service
should help you.

<axisconfig name="AxisJava2.0">
    <module ref="rampart" />

    <parameter name="OutflowSecurity">
      <action>
        <items>Signature Encrypt</items>
        <user>myr_alias</user>
        <passwordCallbackClass>PWCallback</passwordCallbackClass>
        <signaturePropFile>client.properties</signaturePropFile>
        <signatureKeyIdentifier>SKIKeyIdentifier</signatureKeyIdentifier>
        
<signatureParts>{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body</signatureParts>
        <encryptionKeyIdentifier>SKIKeyIdentifier</encryptionKeyIdentifier>
        <encryptionUser>server_alias</encryptionUser>
      </action>
    </parameter>

    <parameter name="InflowSecurity">
      <action>
        <items>Signature Encrypt Timestamp</items>
        <passwordCallbackClass>PWCallback</passwordCallbackClass>
        <signaturePropFile>client.properties</signaturePropFile>
        <enableSignatureConfirmation>false</enableSignatureConfirmation>
      </action>
    </parameter>
...

Regards,
Michal Niklas

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]























					Reply via email to