I don't think your scenario is directly supported by Rampart (either with 1.0 config or policy based config) ...
But if you use WSS4J directly the way Rampart uses it then you probably should be able to do this. Do you have any sample messages or the policy of the service? Thanks, Ruchith On Mon, Sep 29, 2008 at 2:29 PM, Dejan <[EMAIL PROTECTED]> wrote: > I'm trying to use Rampart to encrypt my message body using a symmetric > secret key. Sample 9, included with the Rampart distribution, does just > this. The actual key is hard-coded in a callback function. My understanding > is that the key (EmbededKeyName) is the only piece of data needed to encode > the message. Please correct me if I am wrong. > > I was wondering why this part of the client config file: > > <action> > <items>Encrypt</items> > <user>client</user> > <encryptionKeyIdentifier>EmbeddedKeyName</encryptionKeyIdentifier> > <EmbeddedKeyCallbackClass>org.apache.rampart.samples.sample09.PWCBHandler</EmbeddedKeyCallbackClass> > <encryptionPropFile>client.properties</encryptionPropFile> > <EmbeddedKeyName>SessionKey</EmbeddedKeyName> > </action> > > contains the encryptionPropFile property. > Why do we need client.properties in this case. I do not understand why does > Rampart need the keystore in this case? I'm not using public/private keys or > certificates, just one secret key. > > The service side security is implemented using the SUN Metro and XWSS > implementation. From WS provider I got for my client the username/password, > client shared secret to encrypt and service shared secret to decrypt. The > symmetric keys is computed during runtime programmatically, generating for a > given sharedsecret an AES256 Key and using the > Decryption/EncryptionKeyCallback. > > My problem is to translate this using the Rampart and WSS4J implementation. > Is this scenario supported in Ramapart? If so can you point me in right > direction? > > > Thanks in advance, > Dejan > > 2008/9/29 Ruchith Fernando <[EMAIL PROTECTED]> > >> There were some discussions on the WS-SX TC about this : >> >> Please see the following : >> >> http://lists.oasis-open.org/archives/ws-sx/200801/msg00011.html >> >> The issue # is 163 : >> >> http://lists.oasis-open.org/archives/ws-sx/200802/msg00014.html >> >> I think we can improve rampart to support this scenario. >> Nandana can you please confirm whether this is already available? >> >> Thanks, >> Ruchith >> >> >> On Mon, Sep 29, 2008 at 4:26 AM, Dejan <[EMAIL PROTECTED]> wrote: >> > Hi, >> > >> > When the client and service already has a shared key, can I use that to >> sign >> > and encrypt? Do I still need client.properties and how to define this in >> the >> > policy.xml in that case. Where should I store the shared secret? >> > Is there any client sample that does this. I check sample09 from rampart >> > installation but I its not clear to me howto use >> > <EmbeddedKeyName>SessionKey</EmbeddedKeyName>. >> > >> > *Any help is much appreciated* ! >> > >> >> >> >> -- >> http://blog.ruchith.org >> > -- http://blog.ruchith.org
