Dear all,
Hi Jose / all,
just one word away.
I am NOT able generate 'SecurityToken-9e141676-2400-4c6d-ab87-1d5af61729b3'
inside the wsse:UsernameToken tag.
In place of this i am able to generate only ' wsu:Id="UsernameToken-2691004"
'
<wsse:UsernameToken
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
wsu:Id="SecurityToken-9e141676-2400-4c6d-ab87-1d5af61729b3">
What is this 'SecurityToken-9e141676-2400-4c6d-ab87-1d5af61729b3' ?
How can I generate it in Java (using Axis 1.3 and wss4j) ?
Required Security Header by other end( .Net WSE 3.0) ----
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xmlns:xsd="http://www.w3.org/2001/XMLSchema";
xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing";
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";>
<soap:Header>
<wsa:Action>
http://www.test.com/api/ws/internal/testInfo
</wsa:Action>
<wsa:MessageID>
urn:uuid:ca7e475b-484a-4bb8-974f-eb573438bb43
</wsa:MessageID>
<wsa:ReplyTo>
<wsa:Address>
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
</wsa:Address>
</wsa:ReplyTo>
<wsa:To>
http://localhost:8080/testapi/testwsapi.asmx
</wsa:To>
<wsse:Security soap:mustUnderstand="1">
<wsu:Timestamp
wsu:Id="Timestamp-c70b72e2-561c-4b18-bc4b-acf8c3896b14">
<wsu:Created>2008-02-28T15:33:56Z</wsu:Created>
<wsu:Expires>2008-02-28T15:38:56Z</wsu:Expires>
</wsu:Timestamp>
<wsse:UsernameToken
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
wsu:Id="SecurityToken-9e141676-2400-4c6d-ab87-1d5af61729b3">
<wsse:Username>[EMAIL PROTECTED]</wsse:Username>
<wsse:Password
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText";>
SomePassword
</wsse:Password>
<wsse:Nonce>5SImW1gykzSPdeiWzcCdaQ==</wsse:Nonce>
<wsu:Created>2008-02-28T15:33:56Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
</soap:Header>
<soap:Body>
<SAN_Info
xmlns="http://www.test.com/api/testing/ws/internal";>
<SAN_Request VendorId="TestVendor"
VendorPassword="SomePassword"
xmlns="http://www.test.com/api/testing/testinforequest";>
<Brand>SANBUS</Brand>
<TourCode>GE</TourCode>
<Code>80135</Code>
</SAN_Request>
</SAN_Info>
</soap:Body>
</soap:Envelope>
Generated Security header By my side (Java- Axis 1.3 and wss4j
)-----------------
<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";
xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing";
xmlns:xsd="http://www.w3.org/2001/XMLSchema";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";>
<soapenv:Header>
<wsse:Security
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
soapenv:mustUnderstand="1">
<wsse:UsernameToken
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
wsu:Id="UsernameToken-2691004">
<wsse:Username>
[EMAIL PROTECTED]
</wsse:Username>
<wsse:Password
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText";>
SomePassword
</wsse:Password>
<wsse:Nonce>bGmGuPDxQw2kkR5R0zC/hA==</wsse:Nonce>
<wsu:Created>2008-07-10T16:46:47.046Z</wsu:Created>
</wsse:UsernameToken>
<wsu:Timestamp
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
wsu:Id="Timestamp-25899876">
<wsu:Created>2008-07-10T16:46:47.015Z</wsu:Created>
<wsu:Expires>2008-07-10T16:51:47.015Z</wsu:Expires>
</wsu:Timestamp>
</wsse:Security>
<wsa:MessageID soapenv:mustUnderstand="0">
uuid:c83b29b0-4e9f-11dd-8e1f-d019b0e90563
</wsa:MessageID>
<wsa:To soapenv:mustUnderstand="0">
http://localhost:8080/testapi/testwsapi.asmx
</wsa:To>
<wsa:Action soapenv:mustUnderstand="0">
http://www.test.com/api/testing/testinforequest
</wsa:Action>
<wsa:From soapenv:mustUnderstand="0">
<wsa:Address>
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
</wsa:Address>
</wsa:From>
<wsa:ReplyTo soapenv:mustUnderstand="0">
<wsa:Address>
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
</wsa:Address>
</wsa:ReplyTo>
</soapenv:Header>
<soapenv:Body>
<SAN_Info
xmlns="http://www.test.com/api/testing/ws/internal";>
<SAN_Request VendorId="TestVendor"
VendorPassword="SomePassword"
xmlns="http://www.test.com/api/testing/testinforequest";>
<Brand>SANBUS</Brand>
<TourCode>GE</TourCode>
<Code>80135</Code>
</SAN_Request>
</SAN_Info>
</soapenv:Body>
</soapenv:Envelope>
My client-config.wsdd ---------
<?xml version="1.0" encoding="UTF-8"?>
<deployment xmlns="http://xml.apache.org/axis/wsdd/";
xmlns:java="http://xml.apache.org/axis/wsdd/providers/java";>
<transport name="http"
pivot="java:org.apache.axis.transport.http.HTTPSender"/>
<globalConfiguration>
<requestFlow>
<handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
<parameter name="action" value="Timestamp UsernameToken"/>
<parameter name="user" value="[EMAIL PROTECTED]"/>
<parameter name="passwordCallbackClass"
value="com.api.testing.ws.internal.PWCallback"/>
<parameter name="passwordType" value="PasswordText"/>
<parameter name="password" value="ppx13Z11"/>
<parameter name="mustUnderstand" value="true" />
<parameter name="addUTElements" value="Nonce Created"/>
</handler>
</requestFlow>
</globalConfiguration>
</deployment>
By seeing the security header, we can say that it is
username-token-profile-1.0.
How to solve this.
Please help me.
Regards
Santosh
Shawn McKinney wrote:
Hello,
I have question:
How do (can) we change the default crypto provider
used by WSS4J for a particular Java runtime instance?
We are using WSS4J 1.5 and would like to enable WSS4J
to use the default crypto provider provided by Sun or
IBM in a Java runtime. The idea here is we want to
make it as easy as possible for our developers to test
transactions using WS-Security running in Axis.
We run Axis/WSS4J in JBoss, Tomcat and Websphere
containers and would like to be able to test using the
standard providers found in either JVM implementation
without having to configure the BouncyCastle provider.
Please note the aim here isn't to phase out or replace
our use of BouncyCastle provider in production as we
are quite happy with its capabilities. Rather we want
to remove a step (steamline setup) for developers that
want to test using our security configuration.
Our default client-side configuration is to enable
Username token, ecrypted:
<parameter name="action" value="UsernameToken Encrypt
Timestamp"/>
Thanks in advance for your reply.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
