What is the exception that you get? Samisa...
RonnieMJ wrote:
I'm pretty new to WS, and especially the security piece, but I'm using rampart 1.4 using policy files to try to function as a client to an existing (external to my company) web service. I know that I need to send both a usernameToken and sign the header with a certificate. I've been able to do EITHER, but so far haven't been able to do both. I've tried it about 20 different ways, but my most recent attempt is: <wsp:Policy wsu:Id="SigAndUName" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"> <wsp:All> <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> <wsp:Policy> <sp:InitiatorToken> <wsp:Policy> <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"> <wsp:Policy> <sp:WssX509V3Token10/> </wsp:Policy> </sp:X509Token> </wsp:Policy> </sp:InitiatorToken> <sp:RecipientToken> <wsp:Policy> <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never"> <wsp:Policy> <sp:WssX509V3Token10/> </wsp:Policy> </sp:X509Token> </wsp:Policy> </sp:RecipientToken> <sp:AlgorithmSuite> <wsp:Policy> <sp:Basic128Rsa15/> </wsp:Policy> </sp:AlgorithmSuite> <sp:Layout> <wsp:Policy> <sp:Lax/> </wsp:Policy> </sp:Layout> <sp:OnlySignEntireHeadersAndBody/> <sp:SupportingTokens> <wsp:Policy> <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient" /> </wsp:Policy> </sp:SupportingTokens> </wsp:Policy> </sp:AsymmetricBinding> <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> <wsp:Policy> <sp:MustSupportRefKeyIdentifier /> <sp:MustSupportRefIssuerSerial /> </wsp:Policy> </sp:Wss10> <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> <sp:Body/> </sp:SignedParts> <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy"> <ramp:user>user</ramp:user> <ramp:encryptionUser>user</ramp:encryptionUser> <ramp:passwordCallbackClass>com.xo.vzn_asr.business.util.PWCBHandler</ramp:passwordCallbackClass> <ramp:signatureCrypto> <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin"> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">jks</ramp:property> <ramp:property name="org.apache.ws.security.crypto.merlin.file">client.jks</ramp:property> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.alias">user</ramp:property> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">keypassword</ramp:property> </ramp:crypto> </ramp:signatureCrypto> </ramp:RampartConfig> </wsp:All> </wsp:Policy> I expect the final header output to be something like: <SOAP-ENV:Header > <wsse:Security > <wsse:UsernameToken > <wsse:Username >XXX</wsse:Username> </wsse:UsernameToken> <wsse:BinarySecurityToken >binaryTokenHere</wsse:BinarySecurityToken> <ds:Signature > <ds:SignedInfo > <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> <ds:Reference > <ds:Transforms > <ds:Transform /> </ds:Transforms> <ds:DigestMethod /> <ds:DigestValue </ds:DigestValue> </ds:Reference> <ds:Reference > <ds:Transforms > <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <ds:DigestValue </ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue </ds:SignatureValue> <ds:KeyInfo > <wsse:SecurityTokenReference > <wsse:Reference /> </wsse:SecurityTokenReference> </ds:KeyInfo> </ds:Signature> </wsse:Security> </SOAP-ENV:Header> I'm fairly sure I've just got the policy file slightly off. Any suggestions? Thanks for any reply.
-- Samisa Abeysinghe http://people.apache.org/~samisa/ --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]