Exactly! What I'm wondering though is what are the components that make up the QName?
The QName would be calculated using two values, the first being a Namespace and the other being a local name (Or local part according to the XML specification). Would the namespace for the Kerberos instance be "http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1"; and the local name be "BinarySecurityToken"? I read that the namespace above would map to the prefix "wsse" and would make the Qname be "wsse: BinarySecurityToken". In the draft on page 10 of 19, they have the following line in the example: <wsse:Security xmlns:wsse="..."> Would the contents of this namespace ("...") be the Kerberos namespace (This "http://docs.oasis-open.org/...)? Once I've done the receiver then I will move on to the sender portion, but for now the critical part of the project I am working on is the receiver portion. After I've completed the work, would you guys be interested in the code I implement? Thanks! -----Original Message----- From: Werner Dittmann [mailto:[EMAIL PROTECTED] Sent: November 17, 2005 11:28 PM To: Laurence Brockman Cc: [EMAIL PROTECTED]; [email protected] Subject: Re: WSS4J and Kerberos signatures Laurence, on the receiver side the code is trigge "automatically" if a Kerberos QName is detected and the processor gets loaded. On the sender side please ahave a look at WSHandler.java, doSenderAction(). For the sender you shall define an action (similar to the processor at the receiver). Its the same technique on both sides (something like a plugin). Regards, Werner Laurence Brockman wrote: > Ok, I feel kind of sheepish about asking this question, but looking at > the WSDoAllReceiver code I've begun adding in the hooks for the Kerberos > code (Adding what I think are the appropriate checks for a new case in > various classes) I'm not sure what to do to trigger it to actually > execute the new class that I am making. > > The QName has to match in when looking at the security headers to get it > to execute the appropriate processor (Kerberos in this case). The QName > is created based on the NS and LN attribute for other cases and I'm > unsure of what to use for the Kerberos cases below to get it to > instantiate the appropriate QName object. > > If anyone could provide some guidance I would definitely appreciate it. > I believe the name space should be that defined in the draft > ("http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1";) > but I'm not sure of this. > > Here's what I have done so far: > > In WSConstants.java (This is what I'm not sure of): > > /* > * The definitions for Kerberos -- This is what I am unsure of how > to set. > */ > public static final String KERBEROS_NS = ""; > public static final String KERBEROS_LN = ""; > > And > > /* > * Added by Laurence Nov 16, 2005 for Kerberos authentication > */ > public static final int KERBEROS = 0x400; > > > In WSSConfig: > > Added a case to the getProcessor method to return > "org.apache.ws.security.processor.KerberosProcessor" when it matches > WSSecurityEngine.KERBEROS_TOKEN > > > /** > * <code>KERBEROS</code> as defined by KERBEROS Specification > */ > public static final QName KERBEROS_TOKEN = new > QName(WSConstants.KERBEROS_NS, WSConstants.KERBEROS_LN); > > In WSSecurityEngine: > Added in the new QName to be created: > public static final QName KERBEROS_TOKEN = new > QName(WSConstants.KERBEROS_NS, WSConstants.KERBEROS_LN); > > To WSHandlerConstants: > I added the below constant > > /** > * Perform a Kerberos identification. > */ > public static final String KERBEROS = "Kerberos"; > > Within decodeAction: > } else if (single[i].equals(WSHandlerConstants.KERBEROS)) { > doAction |= WSConstants.KERBEROS; > actions.add(new Integer(WSConstants.KERBEROS)); > } > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
