I tried using a policy.xml that did not contain a signed parts. Looking at the Rampart code lead me to believe that Rampart cannot perform encryption-only using a policy file for configuration.
I opened a bug in jira - issue RAMPART-31 - and included a modification to AssymetricBindingBuilder.java that addresses the issue. -ric On 4/23/07 1:53 PM, "Dennis Sosnoski" <[EMAIL PROTECTED]> wrote: > FWIW I had similar problems trying to do encryption-only with Rampart. I > stripped out all <sp:SignedParts> from the policy.xml, along with > <sp:IncludeTimestamp/> and <sp:OnlySignEntireHeadersAndBody/>, and the > <ramp:signatureCrypto>, but Rampart apparently still tries to do signing > (and throws an exception in the process). Here's the exception I get: > > [java] java.lang.NullPointerException > [java] at > org.apache.rampart.util.RampartUtil.addWsuIdToElement(RampartUtil.java:463) > [java] at > org.apache.rampart.builder.AsymmetricBindingBuilder.doSignBeforeEncrypt(Asymme > tricBindingBuilder.java:277) > [java] at > org.apache.rampart.builder.AsymmetricBindingBuilder.build(AsymmetricBindingBui > lder.java:85) > [java] at > org.apache.rampart.MessageBuilder.build(MessageBuilder.java:129) > [java] at > org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:59) > [java] at org.apache.axis2.engine.Phase.invoke(Phase.java:382) > ... > > I'm attaching the actual policy file, based on the Rampart sample for > signing+encryption+timestamps. This is using Rampart 1.1 with Axis2 1.1.1. > > - Dennis > > Dennis M. Sosnoski > SOA and Web Services in Java > Training and Consulting > http://www.sosnoski.com - http://www.sosnoski.co.nz > Seattle, WA +1-425-939-0576 - Wellington, NZ +64-4-298-6117 > > > Ruchith Fernando wrote: >> Please try specifying only the <EncryptedParts> assertion *without* >> the <SignatureParts> assertion. >> >> Thanks, >> Ruchith >> >> On 3/29/07, Ric Emery <[EMAIL PROTECTED]> wrote: >>> >>> Could someone point me at an example policy.xml that configures WSS >>> Encryption only (no signature). Preferably a policy file that works with >>> Rampart. I have tried to build one myself, but I am not having much >>> luck. >>> >>> Thanks in advance, >>> ric >>> >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: [EMAIL PROTECTED] >>> For additional commands, e-mail: [EMAIL PROTECTED] >>> >>> >> >> > > <?xml version="1.0" encoding="UTF-8"?> > <!-- > ! > ! Copyright 2006 The Apache Software Foundation. > ! > ! Licensed under the Apache License, Version 2.0 (the "License"); > ! you may not use this file except in compliance with the License. > ! You may obtain a copy of the License at > ! > ! http://www.apache.org/licenses/LICENSE-2.0 > ! > ! Unless required by applicable law or agreed to in writing, software > ! distributed under the License is distributed on an "AS IS" BASIS, > ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. > ! See the License for the specific language governing permissions and > ! limitations under the License. > !--> > <wsp:Policy wsu:Id="Encr" > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity- > utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";> > <wsp:ExactlyOne> > <wsp:All> > <sp:AsymmetricBinding > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> > <wsp:Policy> > <sp:InitiatorToken> > <wsp:Policy> > <sp:X509Token > sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeT > oken/AlwaysToRecipient"> > <wsp:Policy> > <sp:WssX509V3Token10/> > </wsp:Policy> > </sp:X509Token> > </wsp:Policy> > </sp:InitiatorToken> > <sp:RecipientToken> > <wsp:Policy> > <sp:X509Token > sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeT > oken/Never"> > <wsp:Policy> > <sp:WssX509V3Token10/> > </wsp:Policy> > </sp:X509Token> > </wsp:Policy> > </sp:RecipientToken> > <sp:AlgorithmSuite> > <wsp:Policy> > <sp:TripleDesRsa15/> > </wsp:Policy> > </sp:AlgorithmSuite> > <sp:Layout> > <wsp:Policy> > <sp:Strict/> > </wsp:Policy> > </sp:Layout> > </wsp:Policy> > </sp:AsymmetricBinding> > <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> > <wsp:Policy> > <sp:MustSupportRefKeyIdentifier/> > <sp:MustSupportRefIssuerSerial/> > </wsp:Policy> > </sp:Wss10> > <sp:EncryptedParts > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> > <sp:Body/> > </sp:EncryptedParts> > > <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy";> > <ramp:user>client</ramp:user> > <ramp:encryptionUser>service</ramp:encryptionUser> > <ramp:passwordCallbackClass>com.sosnoski.seismic.adb.PWCBHandler</ramp:passwor > dCallbackClass> > > <ramp:encryptionCypto> > <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin"> > <ramp:property > name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property> > <ramp:property > name="org.apache.ws.security.crypto.merlin.file">client.jks</ramp:property> > <ramp:property > name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:pro > perty> > </ramp:crypto> > </ramp:encryptionCypto> > </ramp:RampartConfig> > > </wsp:All> > </wsp:ExactlyOne> > </wsp:Policy> --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
