All,
some new stuff and some more flexibility was added to the action
UsernameTokenSignature:
- Alberto Coletti provided some code to use the password type digest
for UsernameTokenSignature. Previously only clear-text passwords
were possible and requires the encryption on UsernameToken
to protect the password. If you use the digested password encryption
is not longer necessary. AFAIK Alberto tested this feature
also with .Net.
Alberto: can you provide some information how to use this feature together
with .Net? Configuration, version, etc. ? This would be much appreciated.
- second new feature: I removed the chicken/egg problem for
UsernameTokenSignature. Now you can include the UsernameToken into
the signatureParts parameter and have the UsernameToken signed. This
idea came from some discussions I had with Shawn McKinney and Rohit
Chauhan. To accomplish this you may use the following deployment
parameters:
Client:
<service name="Ping2b">
<requestFlow>
<handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
<parameter name="action" value="UsernameTokenSignature Timestamp"/>
<parameter name="user" value="Chris"/>
<parameter name="passwordCallbackClass"
value="org.apache.ws.axis.oasis.PWCallback1"/>
<parameter name="passwordType" value="PasswordDigest" />
<parameter name="signatureParts"
value="Body;{}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}UsernameToken";
/>
</handler>
</requestFlow>
</service>
Server:
...
<requestFlow>
<handler type="java:org.apache.ws.axis.security.WSDoAllReceiver">
<parameter name="passwordCallbackClass"
value="org.apache.ws.axis.oasis.PWCallback1"/>
<parameter name="action" value="UsernameTokenSignature UsernameToken
Timestamp"/>
</handler>
</requestFlow>
...
This setup (for Axis 1 handlers) signs the SOAP Body and the UsernameToken
and
uses password type digest.
Ruchith, IMHO we are ready to go for 1.5.3 .
Regards,
Werner
> -----Ursprüngliche Nachricht-----
> Von: ext Davanum Srinivas [mailto:[EMAIL PROTECTED]
> Gesendet: Freitag, 17. August 2007 13:24
> An: Ruchith Fernando
> Cc: Dittmann, Werner; wss4j-dev
> Betreff: Re: WSS4J 1.5.3
>
> sounds good for waiting till werner is ready.
>
> On 8/16/07, Ruchith Fernando <[EMAIL PROTECTED]> wrote:
> > sure... please give me the green light to prepare the
> release when you
> > are ready.
> >
> > Thanks,
> > Ruchith
> >
> > On 8/16/07, Dittmann, Werner <[EMAIL PROTECTED]> wrote:
> > > Ruchith,
> > >
> > > can we just have a day or two - I would like to do
> > > some enhacmnments in UsernamToke handling (and the
> > > signature) after having a discussion off-list. Also
> > > Alberto's enhacments currently work with .Net as a
> > > Server, but not with WSS4J as a server. The enhancement
> > > seems to miss the call to the password callback at
> > > the server (receiver) side. I'm just working to
> > > fix that.
> > >
> > > Regards,
> > > Werner
> > >
> > >
> > > > -----Ursprüngliche Nachricht-----
> > > > Von: ext Ruchith Fernando [mailto:[EMAIL PROTECTED]
> > > > Gesendet: Donnerstag, 16. August 2007 13:48
> > > > An: wss4j-dev
> > > > Betreff: WSS4J 1.5.3
> > > >
> > > > Hi All,
> > > >
> > > > Apache Axis2 1.3 was released a few days ago and we are
> planning to
> > > > release Rampart-1.3 soon. We need a new release of
> WSS4J for this
> > > > release since Rampart depends on the latest changes to
> WSS4J. Can we
> > > > please release WSS4J 1.5.3 to support Rampart-1.3. I will host a
> > > > release candidate and send the vote out today.
> > > >
> > > > I have already created the WSS4J 1.5.3 branch here [1].
> > > >
> > > > Thanks,
> > > > Ruchith
> > > >
> > > > [1]
> https://svn.apache.org/repos/asf/webservices/wss4j/branches/1_5_3
> > > >
> > > >
> ---------------------------------------------------------------------
> > > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > > For additional commands, e-mail: [EMAIL PROTECTED]
> > > >
> > > >
> > >
> >
> >
> > --
> > www.ruchith.org
> > www.wso2.org
> >
> >
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
>
>
> --
> Davanum Srinivas :: http://davanum.wordpress.com
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
