Hi all, I have to consume .Net web services (enabled WSE 3.0), so i have to write a client program that will invoke .Net web services. I am using jdk1.5.0_05 , jakarta-tomcat-5.0.28, Axis 1.3, WSS4J.
Please see the Header and Suggest which type of Action is required like - UsernameToken or Signature or Encrypt. Please suggest. 1. SOAP header is like this : <?xml version="1.0" encoding="utf-8"?> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns:xsd="http://www.w3.org/2001/XMLSchema"; xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"; xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";> <soap:Header> <wsa:Action> http://www.test.com/api/ws/internal/testInfo </wsa:Action> <wsa:MessageID> urn:uuid:ca7e475b-484a-4bb8-974f-eb573438bb43 </wsa:MessageID> <wsa:ReplyTo> <wsa:Address> http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous </wsa:Address> </wsa:ReplyTo> <wsa:To> http://localhost:8080/testapi/testwsapi.asmx </wsa:To> <wsse:Security soap:mustUnderstand="1"> <wsu:Timestamp wsu:Id="Timestamp-c70b72e2-561c-4b18-bc4b-acf8c3896b14"> <wsu:Created>2008-02-28T15:33:56Z</wsu:Created> <wsu:Expires>2008-02-28T15:38:56Z</wsu:Expires> </wsu:Timestamp> <wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="SecurityToken-9e141676-2400-4c6d-ab87-1d5af61729b3"> <wsse:Username>[EMAIL PROTECTED]</wsse:Username> <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText";> SomePassword </wsse:Password> <wsse:Nonce>5SImW1gykzSPdeiWzcCdaQ==</wsse:Nonce> <wsu:Created>2008-02-28T15:33:56Z</wsu:Created> </wsse:UsernameToken> </wsse:Security> </soap:Header> <soap:Body> <SAN_Info xmlns="http://www.test.com/api/testing/ws/internal";> <SAN_Request VendorId="TestVendor" VendorPassword="SomePassword" xmlns="http://www.test.com/api/testing/testinforequest";> <Brand>SANBUS</Brand> <TourCode>GE</TourCode> <Code>80135</Code> </SAN_Request> </SAN_Info> </soap:Body> </soap:Envelope> What is the meaning of wsu:Id="SecurityToken-9e141676-2400-4c6d-ab87-1d5af61729b3" in below tag <wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="SecurityToken-9e141676-2400-4c6d-ab87-1d5af61729b3"> => wsu:Id="SecurityToken......" is there any specific property is required. ........ My client-config.wsdd <?xml version="1.0" encoding="UTF-8"?> <deployment xmlns="http://xml.apache.org/axis/wsdd/"; xmlns:java="http://xml.apache.org/axis/wsdd/providers/java";> <transport name="http" pivot="java:org.apache.axis.transport.http.HTTPSender"/> <globalConfiguration> <requestFlow> <handler type="java:org.apache.ws.axis.security.WSDoAllSender" > <parameter name="action" value="Timestamp UsernameToken"/> <parameter name="user" value="[EMAIL PROTECTED]"/> <parameter name="passwordCallbackClass" value="com.api.testing.ws.internal.PWCallback"/> <parameter name="passwordType" value="PasswordText"/> <parameter name="password" value="ppx13Z11"/> <parameter name="mustUnderstand" value="true" /> <parameter name="addUTElements" value="Nonce Created"/> </handler> </requestFlow> </globalConfiguration> </deployment> Please guide me. Please advise me for above issue. Regards Santosh Joshua Kuritzky wrote: > > Hi. I've slowly been making headway getting a WSE 3.0 .NET client > talking to a wss4j service. I can turn on security and I can > authenticate with a UsernameToken, but now I'm having a lot of difficult > getting signing with certificates to work. > > Using a combination of openssl and keytool I've created and signed my > certificates and I know by looking at a TCP trace the client is using > the server's certificate to sign its requests, but... whenever I do this > the server gives a response saying that the security header is missing. > > I'm doing my best to make sense of the documentation and here's what I > have so far: > > I have a crypto.properties file named "server_crypto.properties" with > the following contents: > > org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin > org.apache.ws.security.crypto.merlin.keystore.type=jks > org.apache.ws.security.crypto.merlin.keystore.password=storepass > org.apache.ws.security.crypto.merlin.file=U:/sslstuff2/keystore > > and my server-config.wsdd has the following lines: > > <parameter name="passwordCallbackClass" value="test.PWCallback"/> > <parameter name="action" value="Signature Timestamp"/> > <parameter name="signaturePropFile" value="server_crypto.properties"/> > > I have a few questions: > > 1. The obvious one: How do I make this work? > 2. Is there any way to have axis and/or wss4j log what it's doing so I > can get a better idea of what's going wrong besides the SOAP response? > 3. Where should the crypto.properties file go? > > Thanks for your help, > -Joshua > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > -- View this message in context: http://www.nabble.com/Using-certificates-when-communicated-from-a-.NET-client-to-a-wss4j-service-tp7133516p18315363.html Sent from the WSS4J mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
