Werner,
That has not been successful, the client deploy file is now:
<handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
<parameter name="action" value="UsernameToken Encrypt"/>
<parameter name="user" value="brian"/>
<parameter name="passwordCallbackClass"
value="com.iwise.security.client.PW_Callback"/>
<parameter name="passwordType" value="PasswordText" />
<parameter name="addUTElement" value="Nonce Created" />
<parameter name="encryptionPropFile"
value="crypto.properties" />
<parameter name="encryptionUser" value="brianshields" />
<parameter name="encryptionKeyIdentifier"
value="X509KeyIdentifier" />>
<parameter name="encryptionParts"
value="{Element}{http://docs.oasis-open.org.....
</handler>
My crypto.properties file, which both client and server use by the way is:
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=JKS
org.apache.ws.security.crypto.merlin.keystore.password=brian
org.apache.ws.security.crypto.merlin.keystore.alias=brianshields
org.apache.ws.security.crypto.merlin.alias.password=brian
org.apache.ws.security.crypto.merlin.file=iwise.ks
Should the user now being verified in the password file be brian or
brianshields? This question is probably ahead of itself as when I am
iterating through the callbacks, of which there is one, the
getIdentifier() method of the WSPasswordCallback object returns null! Is
it down to the incorrect decryption or is there some other problem
underlying this? Also, is there a way that i can check to see if the
encryption has taken place successfully before the
WSPassworkCallback.getIdentifier() is called in the handler?
Regards,
Brian.
Dittmann, Werner wrote:
Brian,
see modified WSDD below. The name has to be the
alias name to the receiver's (server's) certificate
because for encryption you have to use the public
key of the receiver. The receiver then uses
its private key to decrypt.
This mandats that your client has the server's certificate
in its keystore.
Regards,
Werner
-----Ursprüngliche Nachricht-----
Von: Brian Shields [mailto:[EMAIL PROTECTED]
Gesendet: Donnerstag, 29. September 2005 12:34
An: Dittmann, Werner
Cc: [email protected]
Betreff: Re: AW: Callback supplied no password for: null
Thanks for the reply Werner,
Do you specify this parameter in the axis client config file
or in the
deployment file of the service? Should the value of this
parameter match
the user being checked in the password callback class or the alias of
the key?
My client config file looks like:
...
<requestFlow>
<handler
type="java:org.apache.ws.axis.security.WSDoAllSender" >
<parameter name="action" value="UsernameToken
Encrypt"/>
<parameter name="user" value="brian"/>
<parameter name="passwordCallbackClass"
value="com.iwise.security.client.PW_Callback"/>
<parameter name="passwordType" value="PasswordText" />
<parameter name="addUTElement" value="Nonce
Created" />
<parameter name="encryptionPropFile"
value="crypto.properties" />
--> <parameter name="encryptionUser"="someName" />
<parameter name="encryptionKeyIdentifier"
value="X509KeyIdentifier" />
<parameter name="encryptionParts"
value="{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-
200401-wss-wssecurity-secext-1.0.xsd}UsernameToken"
/>
</handler>
</requestFlow>
...
my service deploy file looks like:
...
<requestFlow>
<handler
type="java:org.apache.ws.axis.security.WSDoAllReceiver">
<parameter name="passwordCallbackClass"
value="com.iwise.security.testService.IWISE_PWCallback"/>
<parameter name="action" value="UsernameToken
Encrypt"/>
<parameter name="decryptionPropFile"
value="crypto.properties" />
</handler>
</requestFlow>
...
The username being examined in the callback class is "brian".
Thanks,
Brian.
Dittmann, Werner wrote:
Brian,
did you use the parameter "encryptUser" that defines
the "recieving user" of the encrypted message. The sender has
to use the public key of the receiver to encrypt, thus
you have to use this parameter.
During Signature the the private key of the "sending user"
is used to sign the request message (the parameter "user")
Regards,
Werner
-----Ursprüngliche Nachricht-----
Von: Brian Shields [mailto:[EMAIL PROTECTED]
Gesendet: Mittwoch, 28. September 2005 22:58
An: [email protected]
Betreff: Callback supplied no password for: null
Hi all,
I am having trouble encrypting portions of the SOAP message. What I
(think) i have got working is sending a username and password
digest to
a service, envoking the service sucessfully and getting my
response. I
am using the PasswordCallback class. However, i am now trying
to encrypt
the username token in the Security tag of the soap header.
When this is
sent to the server and decrypted (i can only assume
successfully as i
get no error), I get returned the error
org.apache.ws.security.WSSecurityException: General security error
(WSSecurityEngine: Callback supplied no password for: null)
Does this mean that the message was not decrypted
successfully? It seems
to pass the decryption stage and get stuck in the Callback class,
obviously there is no password associated with "null".
Brian.
------------------------------------------------------------
---------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
