Hi Veli-Pekka, Perhaps you can try tweaking the "signature only" policy sample on Rampart 1.3 distribution? That's the sample #2 on the policy samples folder.
Cheers, Joana On 3/26/08, Veli-Pekka Rannila <[EMAIL PROTECTED]> wrote: > > Hi, > Thanks, Nandana, for your info! I have tried to put couple of examples > of policy.xml (also those which come with Rampart) into my project but > not succeeded perfectly yet. If someone have a very simple example of > policy.xml which only signs (no encryption) the Body, Timestamp and > BinarySecurityToken in SOAP message I would be very happy! > > > This is my current (one of the versions I have tried) policy.xml: > ***************************************************************** > <wsp:Policy wsu:Id="SecConvPolicy2" > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssec > urity-utility-1.0.xsd" > xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";> > <wsp:ExactlyOne> > <wsp:All> > <sp:SymmetricBinding > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> > <wsp:Policy> > <sp:ProtectionToken> > <wsp:Policy> > <sp:X509Token > sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/In > cludeToken/AlwaysToRecipient"/> > > </wsp:Policy> > </sp:ProtectionToken> > <sp:AlgorithmSuite> > <wsp:Policy> > > <sp:TripleDesRsa15/> > </wsp:Policy> > </sp:AlgorithmSuite> > > <sp:SignedParts> > <sp:Body/> > </sp:SignedParts> > > > <sp:Layout> > <wsp:Policy> > <sp:Lax/> > </wsp:Policy> > </sp:Layout> > <sp:IncludeTimestamp/> > > <sp:TokenProtection>true</sp:TokenProtection> > </wsp:Policy> > </sp:SymmetricBinding> > <ramp:RampartConfig > xmlns:ramp="http://ws.apache.org/rampart/policy";> > <ramp:user>client</ramp:user> > > <ramp:encryptionUser>client</ramp:encryptionUser> > > <ramp:passwordCallbackClass>org.xxx.ccc.pwdhandler.PWCBHandler</ramp:pas > swordCallbackClass> > <ramp:signatureCrypto> > <ramp:crypto > provider="org.apache.ws.security.components.crypto.Merlin"> > <ramp:property > name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:prop > erty> > <ramp:property > name="org.apache.ws.security.crypto.merlin.file">path/keys/client.jks</r > amp:property> > <ramp:property > name="org.apache.ws.security.crypto.merlin.keystore.password">xxyyzz</ra > mp:property> > </ramp:crypto> > </ramp:signatureCrypto> > </ramp:RampartConfig> > </wsp:All> > </wsp:ExactlyOne> > </wsp:Policy> > > > > BR, > VP > > > > > > > > > > > > > > > > > > > > > > > -----Original Message----- > From: Nandana Mihindukulasooriya [mailto:[EMAIL PROTECTED] > Sent: 26 March 2008 10:40 > To: [email protected] > Subject: Re: Signing the BinarySecurityToken > > Hi Veli-Pekka, > Sorry for the late reply. You will be get this done > easily in policy based configuration if it is an option for you. > Parameter based is deprecated and it is always recommended to use the > policy based configuration. We can set the [Token Protection] property > true in the security binding assertion and the token used to sign the > message is also signed. You can find more about WS Security policy in > the article [1]. > > thanks, > /nandana > > [1] - http://wso2.org/library/3132#secBindProps > > On Wed, Mar 26, 2008 at 1:05 PM, Veli-Pekka Rannila > <[EMAIL PROTECTED]> wrote: > > Hi, > > > > I still have problems with the item below. Is there any solution for > > this by using OutflowSecurity in axis2.xml? Even negative reply is a > > good reply :-) > > > > > > > > Thanks! > > > > > > > > > > BR, > > > > VP > > > > > > > > ________________________________ > > > > From: Veli-Pekka Rannila > > Sent: 19 March 2008 09:31 > > > > To: [email protected] > > Subject: FW: Signing the BinarySecurityToken > > > > > > > > > > > > Hi again, > > > > I tried also to chain the outflow handler (using two action > elements), > > but with no luck. I received the same error than below. > > > > > > > > Has anyone encountered the same problem with the BinarySecurityToken? > If > > so, how did you manage to solve the situation? > > > > > > > > Replies/hints are very welcome! > > > > > > > > Thanks again! > > > > > > > > BR, > > > > VP > > > > > > > > ________________________________ > > > > From: Veli-Pekka Rannila > > Sent: 18 March 2008 09:04 > > To: [email protected] > > Subject: Signing the BinarySecurityToken > > > > > > > > Hi all, > > > > I use Axis2 v1.3, Rampart v1.3 and Java 1.5 in my project. > > > > > > > > In this project I have to sign Body, Timestamp and > BinarySecurityToken > > (BST) in my SOAP message. Body and Timestamp seems to work OK but I > have > > problems with the BST. I have tried to put BinarySecurityElement > inside > > <signatureParts> element in my Axis2.xml but when I run my client > I'll > > receive the following error: > > > > > > > > "org.apache.axis2.AxisFault: WSHandler: Signature: error during > message > > processingorg.apache.ws.security.WSSecurityException: General > security > > error (WSEncryptBody/WSSignEnvelope: Element to encrypt/sign not > found: > > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utili > > ty-1.0.xsd, BinarySecurityToken)" > > > > > > > > By reading the error it seems that BST element has not been created > yet > > when the signing happens. > > > > > > > > > > > > Below is part of my Axis2.xml (OutflowSecurity) when trying to sign > only > > the BinarySecurityToken: > > > > > > > > **************************************************** > > > > <parameter name="OutflowSecurity"> > > > > <action> > > > > <items>Timestamp Signature</items> > > > > <user>client</user> > > > > <signaturePropFile>client.properties</signaturePropFile> > > > > > > > <passwordCallbackClass>org.cco.service.pwdhandler.PWCBHandler</passwordC > > allbackClass> > > > > > > > <signatureParts>{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-2 > > > 00401-wss-wssecurity-utility-1.0.xsd}BinarySecurityToken</signatureParts > > > > > > > <signatureKeyIdentifier>DirectReference</signatureKeyIdentifier> > > > > </action> > > > > </parameter> > > > > **************************************************** > > > > > > > > > > > > Is there a solution for signing the BST by using the OutflowSecurity > > definitions in Axis2.xml (like above)? Has "ProtectTokens" -element > > something to do with this case (if it does, can you explain how to > use > > it)? > > > > > > > > This is quite urgent for me so any help is very much appreciate > > > <http://www.ilmainensanakirja.fi/trans?q=P-12.Q-appriciate.Q2-appreciate > > > d! > > > > > > > > Thanks! > > > > > > > > Best Regards, > > > > VP > > > > > > > > > > > > -- > Nandana Mihindukulasooriya > Software Engineer > WSO2 inc. > > http://nandana83.blogspot.com/ > http://nandanasm.wordpress.com/ > > -- Student Intern SAP Research - Security & Trust SAP Labs France 805 Avenue du Dr. Maurice Donat 06250 Mougins T +33/492286319 F +33/492286201 Personal Homepage: http://www.inf.ufrgs.br/~jmftrindade
