All I did install it in the extensions
directory and update the java.security file appropriately. I didn’t try
anything else after that. I simply started using jdk1.4 for this project for
the time being ;)
If you’d like me to test otherwise,
please let me know.
Laurence
From: Granqvist, Hans
[mailto:[EMAIL PROTECTED]
Sent: November 17, 2005 3:49 PM
To: Laurence Brockman; Dittmann,
Werner; [EMAIL PROTECTED]; [email protected]
Subject: RE: WSS4J and Kerberos
signatures
Laurence, okay, perhaps it makes no
difference. Do you get the same error if you load the provider as unbundled
(via explicit API call) as installed extension (using java.security)?
Werner, the reason I asked is that I have been bitten a few
times by JCE providers that didn't initialize properly on the classpath. I
believe Sun's recommendation is to put providers inside lib/ext, and I thought
maybe Sun had optimized the loading in 1.5 and thereby broken some implicit
loading dependencies.
From: Laurence
Brockman [mailto:[EMAIL PROTECTED]]
Sent: Thu 11/17/2005 8:14 AM
To: Dittmann, Werner; Granqvist,
Hans; [EMAIL PROTECTED]; [email protected]
Subject: RE: WSS4J and Kerberos
signatures
I put it in the lib/ext director previously when I
received the error so it doesn't seem to make a difference if it is in the
CLASSPATH or in the lib/ext directory.
Thanks,
Laurence
-----Original Message-----
From: Dittmann, Werner [mailto:[EMAIL PROTECTED]]
Sent: November 17, 2005 4:50 AM
To: Granqvist, Hans; Laurence Brockman; [EMAIL PROTECTED];
[email protected]
Subject: AW: WSS4J and Kerberos signatures
Hans,
haven't checked this. Do you think this makes a
difference? The BC jar is a signed jar, and we
never had problems using it via CLASSPATH ...
Regards,
Werner
> -----Ursprüngliche Nachricht-----
> Von: Granqvist, Hans [mailto:[EMAIL PROTECTED]]
> Gesendet: Mittwoch, 16. November 2005 18:08
> An: Dittmann, Werner; Laurence Brockman; [EMAIL PROTECTED];
> [email protected]
> Betreff: RE: WSS4J and Kerberos signatures
>
> Do you get the same errors if the jar is in lib/ext as if
> it is on the classpath?
>
> -Hans
>
> > -----Original Message-----
> > From: Dittmann, Werner [mailto:[EMAIL PROTECTED]]
> > Sent: Tuesday, November 15, 2005 11:02 PM
> > To: Laurence Brockman; [EMAIL PROTECTED]; [email protected]
> > Subject: AW: WSS4J and Kerberos signatures
> >
> > Laurence,
> >
> > I've the same problem here with jdk1.5, runing on a XP box,
> > no problems with jdk1.4 . I'm starting to investigate the
> > problem, but it seems to be burried somewhere in the crypto
> > code ... I'm not really sure what is wrong.
> >
> > Regards,
> > Werner
> >
> > > -----Ursprüngliche Nachricht-----
> > > Von: Laurence Brockman [mailto:[EMAIL PROTECTED]]
> > > Gesendet: Dienstag, 15. November 2005 22:18
> > > An: [EMAIL PROTECTED]; [email protected]
> > > Betreff: RE: WSS4J and Kerberos signatures
> > >
> > > Ok, I've done all that and it is processing more tests
> then before,
> > > however, it is still failing with the following (Again, I am
using
> > > jdk1.5 and have added the provider to java.security as well as
> > > downloading the unlimited strength crypto stuff from sun).
> > >
> > > Any ideas would be awesome!
> > >
> > > org.apache.ws.security.WSSecurityException: Cannot
> encrypt/decrypt
> > > data; nested exception is:
> > >
> > org.apache.xml.security.encryption.XMLEncryptionException:
> pad block
> > > corrupted Original Exception was
> > javax.crypto.BadPaddingException: pad
> > > block corrupted
> > > at
> > > org.apache.ws.security.processor.EncryptedKeyProcessor.decrypt
> > > DataRef(En
> > > cryptedKeyProcessor.java:388)
> > > at
> > > org.apache.ws.security.processor.EncryptedKeyProcessor.handleE
> > > ncryptedKe
> > > y(EncryptedKeyProcessor.java:313)
> > > at
> > > org.apache.ws.security.processor.EncryptedKeyProcessor.handleE
> > > ncryptedKe
> > > y(EncryptedKeyProcessor.java:81)
> > > at
> > > org.apache.ws.security.processor.EncryptedKeyProcessor.handleT
> > > oken(Encry
> > > ptedKeyProcessor.java:75)
> > > at
> > > org.apache.ws.security.WSSecurityEngine.processSecurityHeader(
> > > WSSecurity
> > > Engine.java:252)
> > > at
> > > org.apache.ws.security.WSSecurityEngine.processSecurityHeader(
> > > WSSecurity
> > > Engine.java:179)
> > > at
> > > org.apache.ws.security.WSSecurityEngine.processSecurityHeader(
> > > WSSecurity
> > > Engine.java:132)
> > > at wssec.TestWSSecurity2.verify(TestWSSecurity2.java:234)
> > > at
> > > wssec.TestWSSecurity2.testEncryptionDecryptionRSA15(TestWSSecu
> > > rity2.java
> > > :162)
> > > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
Method)
> > > at
> > > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccess
> > > orImpl.jav
> > > a:39)
> > > at
> > > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMeth
> > > odAccessor
> > > Impl.java:25)
> > > at java.lang.reflect.Method.invoke(Method.java:585)
> > > at junit.framework.TestCase.runTest(TestCase.java:154)
> > > at junit.framework.TestCase.runBare(TestCase.java:127)
> > > at
junit.framework.TestResult$1.protect(TestResult.java:106)
> > > at
junit.framework.TestResult.runProtected(TestResult.java:124)
> > > at junit.framework.TestResult.run(TestResult.java:109)
> > > at junit.framework.TestCase.run(TestCase.java:118)
> > > at junit.framework.TestSuite.runTest(TestSuite.java:208)
> > > at junit.framework.TestSuite.run(TestSuite.java:203)
> > > at junit.framework.TestSuite.runTest(TestSuite.java:208)
> > > at junit.framework.TestSuite.run(TestSuite.java:203)
> > > at
> > > org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTest
> > > s(RemoteTe
> > > stRunner.java:478)
> > > at
> > > org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(Rem
> > > oteTestRun
> > > ner.java:344)
> > > at
> > > org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(Re
> > > moteTestRu
> > > nner.java:196)
> > > Caused by:
> > org.apache.xml.security.encryption.XMLEncryptionException:
> > > pad block corrupted
> > > Original Exception was javax.crypto.BadPaddingException:
> pad block
> > > corrupted
> > > at
> > > org.apache.xml.security.encryption.XMLCipher.decryptToByteArra
> > > y(Unknown
> > > Source)
> > > at
> > >
> org.apache.xml.security.encryption.XMLCipher.decryptElement(Unknown
> > > Source)
> > > at
> > > org.apache.xml.security.encryption.XMLCipher.decryptElementCon
> > > tent(Unkno
> > > wn Source)
> > > at
org.apache.xml.security.encryption.XMLCipher.doFinal(Unknown
> > > Source)
> > > at
> > > org.apache.ws.security.processor.EncryptedKeyProcessor.decrypt
> > > DataRef(En
> > > cryptedKeyProcessor.java:386)
> > > ... 25 more
> > >
> > >
> > > -----Original Message-----
> > > From: Davanum Srinivas [mailto:[EMAIL PROTECTED]]
> > > Sent: November 15, 2005 1:47 PM
> > > To: Laurence Brockman; [email protected]
> > > Subject: Re: WSS4J and Kerberos signatures
> > >
> > > http://www.bouncycastle.org/documentation.html
> > > http://www.bouncycastle.org/specifications.html#install
> > >
> > > scroll down a bit on the second link and look for java.security
> > >
> > > -- dims
> > >
> > > PS: Please post directly to the list. So that others may
> answer as
> > > well
> > > :)
> > >
> > > On 11/15/05, Laurence Brockman <[EMAIL PROTECTED]>
wrote:
> > > > Thanks for such a quick reply! I think the problem is that
> > > I am using
> > > > jdk1.5... Does the bouncycastle.org site have information
about
> > > > installing the bouncycastle provider or is there any other
> > > sites I can
> > > > get documentation about this?
> > > >
> > > > Thanks again!
> > > > Laurence
> > > >
> > > > -----Original Message-----
> > > > From: Davanum Srinivas [mailto:[EMAIL PROTECTED]]
> > > > Sent: November 15, 2005 1:40 PM
> > > > To: Laurence Brockman; [email protected]
> > > > Subject: Re: WSS4J and Kerberos signatures
> > > >
> > > > All the code needed is in the svn itself. you should
> not need any
> > > > additional jars. just get the stuff from SVN. make sure
> > you have the
> > > > strong crypto stuff installed in your JDK (check the
> > > download site for
> > > > the jdk and it is available as a separate download) and
> > > then run "ant
> > > > test". Are u using JDK1.4? (better to use that
version,
> there is
> > > > additional steps for jdk1.5 - namely installing the
boucnycastle
> > > > provider)
> > > >
> > > > NOTE: don't use the maven build :)
> > > >
> > > > thanks,
> > > > dims
> > > >
> > > > On 11/15/05, Laurence Brockman
> <[EMAIL PROTECTED]>
wrote:
> > > > > Sounds good.
> > > > >
> > > > > Quick question... I've checked out the latest source
> > from SVN and
> > > I'm
> > > > > trying to run the Ant JUnit tests and they keep
failing.
> > > When I run
> > > > the
> > > > > JUnit tests through eclipse directly they are throwing
a
> > > connection
> > > > > denied exception. I have installed Axis 1.2.1 here but
> > I have not
> > > > > deployed any test web services so even if I start that
up
> > > they still
> > > > > fail with service not found exceptions. Is there a
> way to easily
> > > > either
> > > > > test this stuff without deploying the test web
services
> > > or to bypass
> > > > > these tests? I've also installed maven and tried to
> compile that
> > > way,
> > > > > but it is failing as well.
> > > > >
> > > > > I also noticed in the project.xml file that you have
> > excluded the
> > > > > wssec/PackageTests.java and the
> > interop/PackageTests.java. Is that
> > > > > because of the above mentioned errors?
> > > > >
> > > > > After looking through the source code, I believe what
I
> > would want
> > > to
> > > > do
> > > > > would be to create Kerberos token processor and action
> > classes and
> > > add
> > > > a
> > > > > case into both getAction and getProcessor to point to
> these new
> > > > classes.
> > > > >
> > > > > Sorry for the barrage of questions.
> > > > >
> > > > > Thanks,
> > > > > Laurence
> > > > >
> > > > > -----Original Message-----
> > > > > From: Davanum Srinivas [mailto:[EMAIL PROTECTED]]
> > > > > Sent: November 14, 2005 3:02 PM
> > > > > To: Laurence Brockman
> > > > > Cc: [email protected]
> > > > > Subject: Re: WSS4J and Kerberos signatures
> > > > >
> > > > > Please see what is being done for SAML and use that as
> > a template
> > > for
> > > > > Kerberos.
> > > > >
> > > > > thanks,
> > > > > dims
> > > > >
> > > > > On 11/14/05, Laurence Brockman
> > <[EMAIL PROTECTED]>
wrote:
> > > > > > Correct me if I'm wrong here, but this is what
I'm thinking:
> > > > > >
> > > > > > After grabbing the source from SVN and looking at
the
> > > documentation,
> > > > I
> > > > > > believe the right place for me to start would be
to
> > extend the
> > > > > > org.apache.ws.axis.security class to handle the
Kerberos
> > > > requirements
> > > > > > specified in the OASIS document.
> > > > > >
> > > > > > Forgive me for so many questions, but I'm new to
> > > Axis/WSS4J and I
> > > > want
> > > > > > to make sure that I'm heading down the right
path.
> > > > > >
> > > > > > Specifically, what we are looking to implement is
just the
> > > > > > authentication portion of Kerberos and not the
> > > encryption portion
> > > > (We
> > > > > > want to authenticate incoming SOAP requests
against a
> > KDC). Down
> > > the
> > > > > > road we will likely look at the encryption
portion, but
> > > that won't
> > > > > > likely be for a few months at least.
> > > > > >
> > > > > > Thanks again!!
> > > > > > Laurence
> > > > > >
> > > > > > -----Original Message-----
> > > > > > From: Davanum Srinivas [mailto:[EMAIL PROTECTED]]
> > > > > > Sent: November 11, 2005 8:18 PM
> > > > > > To: Laurence Brockman
> > > > > > Cc: [email protected]
> > > > > > Subject: Re: WSS4J and Kerberos signatures
> > > > > >
> > > > > > Laurence,
> > > > > >
> > > > > > I believe you start with taking a look at the
Kerberos Token
> > > Profile
> > > > > > at the OASIS WSS TC web site:
> > > > > >
> > > > > >
> http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=wss
> > > > > >
> > > > > > There's lots of refactoring in the latest SVN,
which
> > > makes it easy
> > > > to
> > > > > > plugin a new token profile. So please get the
latest
> > > SVN code and
> > > > > > start asking more questions :)
> > > > > >
> > > > > > thanks,
> > > > > > dims
> > > > > >
> > > > > > On 11/10/05, Laurence Brockman
> > > <[EMAIL PROTECTED]>
wrote:
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > Hello,
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > Sorry if this is a FAQ but I have been
looking for
> > answers to
> > > this
> > > > > > high and
> > > > > > > low and have not seen this on the list.
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > We are going to try and use Kerberos to
> > authenticate users on
> > > our
> > > > > SOAP
> > > > > > > server. What we envision is having the
client send
> > > down the SOAP
> > > > > > request
> > > > > > > with a service ticket from a KDC. The server
(Axis
> > using WSS4J
> > > on
> > > > > > Tomcat)
> > > > > > > would then authenticate this user against
said KDC. After
> > > briefly
> > > > > > looking at
> > > > > > > the documentation within the WSS4J code I
think
> > what we would
> > > want
> > > > > to
> > > > > > do is
> > > > > > > extend the WSDoAllHandler class (From the
> > > > > > > org.apache.axis.security.handler package).
Is this
> > the right
> > > > > > > direction to be going in? Has anybody looked
at
> > > this? I'm
> > > > > > relatively
> > > > > > > new to Axis/WSS4J and some guidance would be
awesome!
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > Thanks,
> > > > > > >
> > > > > > > Laurence
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > Laurence Brockman
> > > > > > > Server Specialist, Shaw Operations
Centre Shaw
> > > > > > > Communications Inc.
> > > > > > > Phone : (403) 303-4805
> > > > > > > E-mail : [EMAIL PROTECTED]
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > ACCOUNTABLE
BALANCE CUSTOMER FOCUSED INTEGRITY
> > > LOYALTY
> > > > > > > POSITIVE, CAN DO ATTITUDE
TEAM PLAYER
> > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > > > --
> > > > > > Davanum Srinivas : http://wso2.com/blogs/
> > > > > >
> > > > > >
> > > >
> > >
> >
> ---------------------------------------------------------------------
> > > > > > To unsubscribe, e-mail:
[EMAIL PROTECTED]
> > > > > > For additional commands, e-mail:
> [EMAIL PROTECTED]
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > > > --
> > > > > Davanum Srinivas : http://wso2.com/blogs/
> > > > >
> > > >
> > > >
> > > > --
> > > > Davanum Srinivas : http://wso2.com/blogs/
> > > >
> > >
> > >
> > > --
> > > Davanum Srinivas : http://wso2.com/blogs/
> > >
> > >
> >
> ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > For additional commands, e-mail: [EMAIL PROTECTED]
> > >
> > >
> >
> >
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
> >
>
|
