Ruchith, I've solved this issue by going through the same way you have suggested. Thanks a lot.
Best Regards, Shyam Shukla -----Original Message----- From: Ruchith Fernando [mailto:[EMAIL PROTECTED] Sent: Monday, July 31, 2006 4:15 PM To: Shyam Shukla Cc: [email protected] Subject: Re: WSHandler: Signature: unknown key identification Hi, for tips on generating Nonce and Created please refer to : https://svn.apache.org/repos/asf/webservices/wss4j/trunk/src/org/apache/ws/s ecurity/message/token/UsernameToken.java Thanks, Ruchith On 7/31/06, Ruchith Fernando <[EMAIL PROTECTED]> wrote: > Hi, > > sorry about the delay in my response: > > Please have a look at > https://svn.apache.org/repos/asf/webservices/axis2/trunk/java/modules/rahas/ src/org/apache/rahas/TrustUtil.java > > to see how rahas creates the elements. > > Thanks, > Ruchith > > On 7/25/06, Shyam Shukla <[EMAIL PROTECTED]> wrote: > > Hi Ruchith, > > > > Due to my project requirement I can not move to later versions 2005/02 or > > 2005/12. > > > > So I've decided to get my hands dirty with AXIOM as you guys have already > > done .... :). > > > > To construct this request manually, I am not getting how to generate values > > of <wsse:Nonce> and <wsu:Created> tags inside <wsse:UsernameToken> tag. > > I went through AXIOM APIs to find any method to accomplish this but it was > > my vain attempt. > > > > Could you please guide me to solve this issue? > > > > Best Regards, > > Shyam Shukla > > > > -----Original Message----- > > From: Ruchith Fernando [mailto:[EMAIL PROTECTED] > > Sent: Monday, July 24, 2006 4:26 PM > > To: Shyam Shukla > > Cc: [email protected] > > Subject: Re: WSHandler: Signature: unknown key identification > > > > Hi, > > > > I see one major issue here in using the Rahas WS-Trust impl. > > Rahas supports only the two latest versions of WS-Trust. Therefore we > > have support for 2005/02 version and 2005/12 (WS-SX) version. > > > > Therefore if you want to stick to 2004/04 version of WS-Trust you will > > have to manually build the WS-Trust specific tokens. > > > > Is it possible for you to use a later version? If not you will have to > > get your hands dirty with AXIOM :-) and construct the request > > manually. > > > > Thanks, > > Ruchith > > > > On 7/24/06, Shyam Shukla <[EMAIL PROTECTED]> wrote: > > > Ruchith thanks once again for your kind suggestion. > > > The exact format of SOAP body that I have to create is as below: > > > > > > <soap:Body> > > > <wst:RequestSecurityToken > > > xmlns:wst="http://schemas.xmlsoap.org/ws/2004/04/trust";> > > > > > > > > <wst:TokenType>urn:oasis:names:tc:SAML:1.0:assertion#Assertion</wst:TokenTyp > > > e> > > > > > > > > <wst:RequestType>http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue< > > > /wst:RequestType> > > > <wst:Base> > > > <wsse:UsernameToken > > > > > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit > > > y-utility-1.0.xsd" > > > wsu:Id="SecurityToken-f2b83dc5-33e4-4f32-9195-8eb1b87179bb"> > > > <wsse:Username>SC789LKG3CHS</wsse:Username> > > > <wsse:Password > > > > > Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token > > > -profile-1.0#PasswordDigest"> > > > CQLsBWC3oxXyxGNWdIhAYWoXKZE= > > > </wsse:Password> > > > <wsse:Nonce>hPoIb95U7g5SBBeBuOONpQ==</wsse:Nonce> > > > <wsu:Created>2005-09-05T14:31:59Z</wsu:Created> > > > </wsse:UsernameToken> > > > </wst:Base> > > > <wsp:AppliesTo > > > xmlns:wsp="http://schemas.xmlsoap.org/ws/2002/12/policy";> > > > <wsa:EndpointReference> > > > <wsa:Address>urn:mosw.test.com:target1</wsa:Address> > > > </wsa:EndpointReference> > > > </wsp:AppliesTo> > > > <wst:LifeTime> > > > <wsu:Expires>2005-09-05T18:32:00Z</wsu:Expires> > > > </wst:LifeTime> > > > </wst:RequestSecurityToken> > > > </soap:Body> > > > > > > I went through the "TrustUtil.java" file and it looks promising to > > implement > > > this format except "<wst:Base>" tag because I don't see any method to > > > implement this tag which could contain UsernameToken tag as its child > > > element. > > > > > > Could you please tell me what other classes will be required from "Apache > > > Rahas" source code to implement this? > > > > > > > > > Best Regards, > > > Shyam Shukla > > > > > > -----Original Message----- > > > From: Ruchith Fernando [mailto:[EMAIL PROTECTED] > > > Sent: Monday, July 24, 2006 1:37 PM > > > To: Shyam Shukla > > > Cc: [email protected] > > > Subject: Re: WSHandler: Signature: unknown key identification > > > > > > Oh ... my bad ... I thought you are using Axis1.x stuff ... that's > > > why I pointed you to the DOM AppliesTo element :-) > > > > > > If you are using AXIOM the piece of code that provides you this is in > > > org.apache.rahas.TrustUtil#createAppliesToElement(OMElement parent, > > > String address) [1] > > > > > > WS-Trust support for Axis2 is being developed as Apache Rahas within > > > the Axis2 code base. If you are looking for a client components to > > > talk to a SecrityTokenService then there are a set of utility methods > > > available in Rahas [1]. > > > > > > HTH > > > > > > Thanks, > > > Ruchith > > > > > > [1] > > > > > https://svn.apache.org/repos/asf/webservices/axis2/trunk/java/modules/rahas/ > > > src/org/apache/rahas/TrustUtil.java > > > > > > On 7/24/06, Shyam Shukla <[EMAIL PROTECTED]> wrote: > > > > Thanks a lot Ruchith for guiding me to solve my problems. > > > > Now my only concern is left how to associate AppliesTo class with my > > > client > > > > program to create SOAP request body format mentioned in this email. > > > > My client program is as below: > > > > > > > > << Start of Client Code >> > > > > > > > > public class ClientWebSecurityToken { > > > > > > > > /** > > > > * @param args > > > > */ > > > > public static void main(String[] args) { > > > > try { > > > > > > > > OMElement payload = getEchoElement(); > > > > ConfigurationContext configContext = > > > > > > > > > ConfigurationContextFactory.createConfigurationContextFromFileSystem("E:\\Sh > > > > yam\\WSSecurityTestCase\\client_repo", "E:\\Shyam\\WSSecurityTestCase > > > > \\client_repo\\conf\\axis2.xml"); > > > > ServiceClient serviceClient = new > > ServiceClient(configContext, > > > > null); > > > > //serviceClient.engageModule(new > > > QName("rampart")); > > > > Options options = new Options(); > > > > options.setTo(new EndpointReference("http://127.0.0.1:1234"; > > + > > > > "/axis2/services/WSSecurityTestCaseService")); > > > > options.setTransportInProtocol(Constants.TRANSPORT_HTTP); > > > > options.setProperty(Constants.Configuration.ENABLE_MTOM, > > > > Constants.VALUE_TRUE); > > > > options.setAction("urn:echo"); > > > > serviceClient.setOptions(options); > > > > > > > > //Blocking invocation > > > > OMElement result = serviceClient.sendReceive(payload); > > > > > > > > StringWriter writer = new StringWriter(); > > > > result.serialize(XMLOutputFactory.newInstance() > > > > .createXMLStreamWriter(writer)); > > > > writer.flush(); > > > > > > > > System.out.println("Response: " + writer.toString()); > > > > > > > > System.out.println("UKGateWayTestService Invocation > > successful > > > > :-)"); > > > > } catch (AxisFault axisFault) { > > > > axisFault.printStackTrace(); > > > > } catch (XMLStreamException e) { > > > > e.printStackTrace(); > > > > } > > > > } > > > > > > > > private static OMElement getEchoElement() { > > > > OMFactory fac = OMAbstractFactory.getOMFactory(); > > > > OMNamespace omNs = fac.createOMNamespace( > > > > "http://example1.org/example1";, "example1"); > > > > OMElement method = fac.createOMElement("echo", omNs); > > > > OMElement value = fac.createOMElement("Text", omNs); > > > > value.addChild(fac.createOMText(value, "Axis2 Echo String ")); > > > > method.addChild(value); > > > > > > > > return method; > > > > } > > > > > > > > } > > > > > > > > << End of Client Code >> > > > > > > > > This client program is using AXIOM APIs while AppliesTo class is using > > DOM > > > > APIs which I believe can not be interoperated. > > > > So please help me out how can I solve this issue? > > > > > > > > > > > > Best Regards, > > > > Shyam Shukla > > > > -----Original Message----- > > > > From: Ruchith Fernando [mailto:[EMAIL PROTECTED] > > > > Sent: Friday, July 21, 2006 1:34 PM > > > > To: Shyam Shukla > > > > Cc: [email protected] > > > > Subject: Re: WSHandler: Signature: unknown key identification > > > > > > > > Hi, > > > > > > > > Please see my comments in line: > > > > > > > > On 7/20/06, Shyam Shukla <[EMAIL PROTECTED]> wrote: > > > > > Hi Ruchith, > > > > > > > > > > Now I have solved the problem mentioned in this email by making few > > > > changes > > > > > as below: > > > > > > > > > > 1- My client program was using a different a Password CallBack class > > due > > > > to > > > > > wrong entry in the classpath environment variable so I modified it to > > > the > > > > > correct path. > > > > > > > > > > 2- I was using two different keystore files i.e. one for client and > > > other > > > > > for server and both were having keys which were signed by the same CA > > > > which > > > > > I believe is okay but it was throwing "Signature Processing" error at > > > > > receiving end i.e. at server side. So I used the same keystore file at > > > > both > > > > > end and it worked. > > > > > > > > > > Can you please explain me point2 why can not I use two different > > > keystores > > > > > which are having keys which were signed by same CA? > > > > > > > > You can certainly use different keystores which contains each other's > > > > (service and client) signed certs. I have done this and it works with > > > > the keystores created with the steps shown here: > > > > http://www.wso2.net/tutorials/wss4j/2006/06/15/setting-up-keystores > > > > > > > > > > > > > > > > > > Now my next target is to implement WS-Policy in soap request/response > > > for > > > > > that I went through online documentation of "Neethi" but could find a > > > > > complete working example or document to implement it. > > > > > > > > > > Ruchith, In my current project I have to create following format in > > the > > > > > SOAP's Request Body > > > > > > > > > > <wsp:AppliesTo > > xmlns:wsp="http://schemas.xmlsoap.org/ws/2002/12/policy";> > > > > > <wsa:EndpointReference> > > > > > <wsa:Address>urn:mosw.test.com:target1</wsa:Address> > > > > > </wsa:EndpointReference> > > > > > </wsp:AppliesTo> > > > > > > > > > > Please guide me how to create above format. > > > > > Thanks a lot for being so helpful. > > > > > > > > Does this solve your problem: > > > > > > > > > https://svn.apache.org/repos/asf/webservices/wss4j/trunk/src/org/apache/ws/s > > > > andbox/security/policy/message/token/AppliesTo.java > > > > > > > > Thanks, > > > > Ruchith > > > > > > > > -- > > > > www.ruchith.org > > > > > > > > > > > > DISCLAIMER > > > > ========== > > > > This e-mail may contain privileged and confidential information which is > > > the property of Persistent Systems Pvt. Ltd. It is intended only for the > > use > > > of the individual or entity to which it is addressed. If you are not the > > > intended recipient, you are not authorized to read, retain, copy, print, > > > distribute or use this message. If you have received this communication in > > > error, please notify the sender and delete all copies of this message. > > > Persistent Systems Pvt. Ltd. does not accept any liability for virus > > > infected mails. > > > > > > > > > > > > > -- > > > www.ruchith.org > > > > > > > > > DISCLAIMER > > > ========== > > > This e-mail may contain privileged and confidential information which is > > the property of Persistent Systems Pvt. Ltd. It is intended only for the use > > of the individual or entity to which it is addressed. If you are not the > > intended recipient, you are not authorized to read, retain, copy, print, > > distribute or use this message. If you have received this communication in > > error, please notify the sender and delete all copies of this message. > > Persistent Systems Pvt. Ltd. does not accept any liability for virus > > infected mails. > > > > > > > > > -- > > www.ruchith.org > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > DISCLAIMER > > ========== > > This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails. > > > > > -- > www.ruchith.org > -- www.ruchith.org --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] DISCLAIMER ========== This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
