Hello,
Please allow me to correct this information:
I managed to configure security for the client do cypher and sign the
request and for the server to cypher the response. This works
correctly.
Is it possible for the server to also sign the response?
Thanks in advance,
Antonio Lourinho
On 1/16/07, Antonio Lourinho <[EMAIL PROTECTED]> wrote:
Hello,
I did just that. I have two keystores, both containing the personal
private key and the other participant public key certificate.
I have configured in the server the following:
<service>
<name>ClientInformationListSec</name>
<namespace>http://pt.brisa.integration.viaverde/ClientInformationListWS</namespace>
<serviceClass>pt.brisa.clientinformationlist.integration.ws.ClientInformationListWS</serviceClass>
<inHandlers>
<handler handlerClass="org.codehaus.xfire.util.dom.DOMInHandler" />
<bean class="org.codehaus.xfire.security.wss4j.WSS4JInHandler" xmlns="">
<property name="properties">
<props>
<prop key="action">Encrypt Signature UsernameToken</prop>
<prop
key="decryptionPropFile">META-INF/xfire/insecurity_enc.properties</prop>
<prop
key="signaturePropFile">META-INF/xfire/insecurity_sign.properties</prop>
<prop
key="passwordCallbackClass">org.codehaus.xfire.demo.PasswordHandler</prop>
</props>
</property>
</bean>
<handler
handlerClass="org.codehaus.xfire.demo.ValidateUserTokenHandler" />
</inHandlers>
<outHandlers>
<handler handlerClass="org.codehaus.xfire.util.dom.DOMOutHandler" />
<bean class="org.codehaus.xfire.security.wss4j.WSS4JOutHandler"
xmlns="">
<property name="properties">
<props>
<prop key="action">Encrypt Signature</prop>
<prop
key="encryptionPropFile">META-INF/xfire/server_outsecurity_enc.properties</prop>
<prop
key="signaturePropFile">META-INF/xfire/server_outsecurity_sign.properties</prop>
<prop
key="passwordCallbackClass">org.codehaus.xfire.demo.PasswordHandler</prop>
</props>
</property>
</bean>
</outHandlers>
<properties>
<property key="mtom-enabled">true</property>
</properties>
</service>
and in the the client:
properties.setProperty(WSHandlerConstants.ACTION,
WSHandlerConstants.ENCRYPT + " " + WSHandlerConstants.SIGNATURE + " "
+ WSHandlerConstants.USERNAME_TOKEN);
// set user used to encrypt message
properties.setProperty(WSHandlerConstants.ENCRYPTION_USER,
"serveralias");
//sender username for signature
properties.setProperty(WSHandlerConstants.USER, "client-344-839");
// Configuration of public key used to encrypt message goes to
properties file.
properties.setProperty(WSHandlerConstants.ENC_PROP_FILE,
"org/codehaus/xfire/client/outsecurity_enc.properties");
//properties file for signature
properties.setProperty(WSHandlerConstants.SIG_KEY_ID, "IssuerSerial");
properties.setProperty(WSHandlerConstants.SIG_PROP_FILE,
"org/codehaus/xfire/client/outsecurity_sign.properties");
// Specyfy callback class to retrive passwords
properties.setProperty(WSHandlerConstants.PW_CALLBACK_CLASS,
PasswordHandler.class
.getName());
An error occurs:
MIT: 345281 [http-8585-Processor23] INFO
org.codehaus.xfire.handler.DefaultFaultHandler - Fault occurred!
org.codehaus.xfire.fault.XFireFault: WSS4JInHandler: security
processing failed(actions mismatch)
at
org.codehaus.xfire.security.wss4j.WSS4JInHandler.invoke(WSS4JInHandler.java:239)
at
org.codehaus.xfire.handler.HandlerPipeline.invoke(HandlerPipeline.java:131)
at
org.codehaus.xfire.transport.DefaultEndpoint.onReceive(DefaultEndpoint.java:64)
at
org.codehaus.xfire.transport.AbstractChannel.receive(AbstractChannel.java:38)
at
org.codehaus.xfire.transport.http.XFireServletController.invoke(XFireServletController.java:278)
at
org.codehaus.xfire.transport.http.XFireServletController.doService(XFireServletController.java:130)
at
org.codehaus.xfire.transport.http.XFireServlet.doPost(XFireServlet.java:116)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:709)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
at
org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664)
at
org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
at
org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)
at
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
at java.lang.Thread.run(Thread.java:595)
The configuration is symetric. Is there an easy way to know what is the problem?
Thanks in advance,
António Lourinho
On 1/15/07, Tomek Sztelak <[EMAIL PROTECTED]> wrote:
> >
> > Is there any example of signature+cypher both ways available (WS-Security)?
> >
>
> No, but configurations of client and server are symmtric, so you can
> just use example of signature + encryption and copy configuration on
> other side.
>
> ---------------------------------------------------------------------
> To unsubscribe from this list please visit:
>
> http://xircles.codehaus.org/manage_email
>
>
---------------------------------------------------------------------
To unsubscribe from this list please visit:
http://xircles.codehaus.org/manage_email
