Thanks Alick. I will try it out.
Regards, cabear On Mon, Aug 31, 2009 at 2:54 PM, Alick Buckley <[email protected]>wrote: > Hi, > > Axis 1.4 offers WS-Security capability by using the Apache WSS4J, > XML-Security and WS-Addressing projects. > > WS-Security and WS-Addressing capability is available by configuring the > Axis client configuration file for the particular service that needs to have > these features enabled. > > The global configuration parameter 'enableNamespacePrefixOptimization' > needs to be false, so the XML is not altered after the signing process. > > Client Configuration Example > > <?xml version="1.0" encoding="utf-8"?> > > <deployment name="defaultClientConfig" xmlns=" > http://xml.apache.org/axis/wsdd/"; xmlns:java=" > http://xml.apache.org/axis/wsdd/providers/java";> > > <globalConfiguration> > <parameter name="disablePrettyXML" value="true"/> > <parameter name="addressing.sendReplyTo" value="true"/> > <parameter name="enableNamespacePrefixOptimization" value="false"/> > </globalConfiguration> > > <service name="MyServicePort"> > <requestFlow> > <handler type="java:com.acme.MyHandler"> > <parameter name="acme.keyword" value="value"/> > </handler> > </requestFlow> > </service> > > <service name="XYZPort"> > <requestFlow> > > <handler > type="java:org.apache.axis.message.addressing.handler.AddressingHandler"> > <!-- Reference elements are added in the same order --> > <parameter name="referencePropertyNames" > value="{Element}{ > http://schemas.xmlsoap.org/ws/2004/03/addressing}Action<http://schemas.xmlsoap.org/ws/2004/03/addressing%7DAction> > ; > {Element}{ > http://schemas.xmlsoap.org/ws/2004/03/addressing}MessageID<http://schemas.xmlsoap.org/ws/2004/03/addressing%7DMessageID> > ; > {Element}{ > http://schemas.xmlsoap.org/ws/2004/03/addressing}ReplyTo<http://schemas.xmlsoap.org/ws/2004/03/addressing%7DReplyTo> > ; > {Element}{ > http://schemas.xmlsoap.org/ws/2004/03/addressing}To<http://schemas.xmlsoap.org/ws/2004/03/addressing%7DTo> > ; > {Element}{ > http://schemas.xmlsoap.org/ws/2004/03/addressing}From<http://schemas.xmlsoap.org/ws/2004/03/addressing%7DFrom> > "/> > </handler> > > <handler type="java:org.apache.ws.axis.security.WSDoAllSender"> > <!-- action order is important, do Timestamp then Signature if > signing Timestamp --> > <parameter name="action" value="Timestamp Signature"/> > <parameter name="user" value="XYZLabel"/> > <parameter name="passwordCallbackClass" > value="com.acme.security.PasswordCallback"/> > <parameter name="signatureKeyIdentifier" value="DirectReference"/> > <parameter name="signaturePropFile" value="pki/security.properties"/> > <parameter name="timeToLive" value="300"/> > <parameter name="precisionInMilliseconds" value="false" /> > <!-- Reference elements are added in the same order --> > <parameter name="signatureParts" > value="{Element}{ > http://schemas.xmlsoap.org/ws/2004/03/addressing}Action<http://schemas.xmlsoap.org/ws/2004/03/addressing%7DAction> > ; > {Element}{ > http://schemas.xmlsoap.org/ws/2004/03/addressing}MessageID<http://schemas.xmlsoap.org/ws/2004/03/addressing%7DMessageID> > ; > {Element}{ > http://schemas.xmlsoap.org/ws/2004/03/addressing}ReplyTo<http://schemas.xmlsoap.org/ws/2004/03/addressing%7DReplyTo> > ; > {Element}{ > http://schemas.xmlsoap.org/ws/2004/03/addressing}To<http://schemas.xmlsoap.org/ws/2004/03/addressing%7DTo> > ; > {Element}{ > http://schemas.xmlsoap.org/ws/2004/03/addressing}From<http://schemas.xmlsoap.org/ws/2004/03/addressing%7DFrom> > ; > {Element}{ > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp<http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd%7DTimestamp> > ; > {Element}{ > http://schemas.xmlsoap.org/soap/envelope/}Body<http://schemas.xmlsoap.org/soap/envelope/%7DBody> > "/> > </handler> > </requestFlow> > </service> > > <transport name="http" > pivot="java:org.apache.axis.transport.http.HTTPSender"/> > <transport name="java" > pivot="java:org.apache.axis.transport.java.JavaSender"/> > <transport name="local" > pivot="java:org.apache.axis.transport.local.LocalSender"/> > > </deployment> > > The latest WS-Addressing namespace is currently ' > http://schemas.xmlsoap.org/ws/2004/08/addressing' but some web service > servers such as .Net expect the namespace to be ' > http://schemas.xmlsoap.org/ws/2004/03/addressing'. > > To change the 2004/08 to the 2004/03 namespace requires the following code: > > stub._setProperty ( > org.apache.axis.message.addressing.Constants.ENV_ADDRESSING_NAMESPACE_URI, > > org.apache.axis.message.addressing.Constants.NS_URI_ADDRESSING_2004_03 ) ; > > > The parameter user can have several roles depending on the type of action. > If one of the actions is Signature then the user value is the keystore > alias/label in the specified keystore file. The password to the private key > is supplied by a custom call back class specified in the passwordCallback > parameter. The user value is passed to an instance of the callback class as > the identifier. > > The parameter signaturePropFile specifies the properties file used during > the signing process. This file specifies what keystore file to used and the > password to the keystore. > > > # > # Webservice Security > # > > org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin > org.apache.ws.security.crypto.merlin.keystore.type=pkcs12 > org.apache.ws.security.crypto.merlin.file=pki/keystore.pfx > org.apache.ws.security.crypto.merlin.keystore.password=keypassword > # > > The following example is a template for a password callback class. > > > package com.acme.security ; > > import java.io.* ; > > import javax.security.auth.callback.Callback ; > import javax.security.auth.callback.CallbackHandler ; > import javax.security.auth.callback.UnsupportedCallbackException ; > > import org.apache.ws.security.WSPasswordCallback ; > > public class PasswordCallback implements CallbackHandler > { > public PasswordCallback () > { > } > > public void handle ( Callback[] callbackArray ) throws IOException, > UnsupportedCallbackException > { > System.out.println ( "PasswordCallback handle" ) ; > > for ( int i = 0; i < callbackArray.length; i++ ) > { > if ( callbackArray[i] instanceof WSPasswordCallback ) > { > WSPasswordCallback callback = > (WSPasswordCallback)callbackArray[i] ; > > int usage = callback.getUsage () ; > > String identifier = callback.getIdentifer () ; > > if ( usage == WSPasswordCallback.UNKNOWN ) > { > System.out.println ( "UNKNOWN " + identifier ) ; > > continue ; > } > > if ( usage == WSPasswordCallback.DECRYPT ) > { > System.out.println ( "DECRYPT " + identifier ) ; > > continue ; > } > > if ( usage == WSPasswordCallback.SIGNATURE ) > { > System.out.println ( "SIGNATURE " + identifier ) ; > > if ( identifier.equals ( "XYZLabel" ) ) > { > /* > keystore private key password > */ > > callback.setPassword ( "keypassword" ) ; > > return ; > } > > return ; > } > > if ( usage == WSPasswordCallback.KEY_NAME ) > { > System.out.println ( "KEY_NAME " + identifier ) ; > > continue ; > } > > if ( usage == WSPasswordCallback.USERNAME_TOKEN ) > { > System.out.println ( "USERNAME_TOKEN " + identifier ) > ; > > if ( identifier.equals ( "myuser" ) ) > { > callback.setPassword ( "mypassword" ) ; > > return ; > } > > return ; > } > > if ( usage == WSPasswordCallback.USERNAME_TOKEN_UNKNOWN ) > { > System.out.println ( "USERNAME_TOKEN_UNKNOWN " + > identifier ) ; > > continue ; > } > > if ( usage == WSPasswordCallback.SECURITY_CONTEXT_TOKEN ) > { > System.out.println ( "SECURITY_CONTEXT_TOKEN " + > identifier ) ; > > continue ; > } > } > } > > throw new java.io.IOException ( "PasswordCallback: unrecognized > password callback instance or callback usage" ) ; > } > } > > > ============================================================================================= > > > -----Original Message----- > *From:* Wishing Carebear [mailto:[email protected]] > *Sent:* Saturday, 29 August 2009 7:35 AM > *To:* [email protected] > *Subject:* Re: Help with axis1.4.1 (not axis2) and wss4j > > Hello: > Can someone provide some pointers. > > Thanks, > cabear > > On Fri, Aug 28, 2009 at 10:13 AM, Wishing Carebear < > [email protected]> wrote: > >> Hello: >> I'm trying to write a client to a WSE 3.0 published webservice. The policy >> file looks like below: >> >> Does wss4j and axis supports addressing. >> >> Thanks, >> cabear >> >> ------------------------ >> >> <policies xmlns="http://schemas.microsoft.com/wse/2005/06/policy"; >> <http://schemas.microsoft.com/wse/2005/06/policy>> >> <extensions> >> <extension name="usernameForCertificateSecurity" >> type="Microsoft.Web.Services3.Design.UsernameForCertificateAssertion, >> Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, >> PublicKeyToken=31bf3856ad364e35" /> >> <extension name="x509" >> type="Microsoft.Web.Services3.Design.X509TokenProvider, >> Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, >> PublicKeyToken=31bf3856ad364e35" /> >> <extension name="requireActionHeader" >> type="Microsoft.Web.Services3.Design.RequireActionHeaderAssertion, >> Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, >> PublicKeyToken=31bf3856ad364e35" /> >> </extensions> >> <policy name="ServerPolicy"> >> <usernameForCertificateSecurity establishSecurityContext="true" >> renewExpiredSecurityContext="true" requireSignatureConfirmation="false" >> messageProtectionOrder="SignBeforeEncrypt" requireDerivedKeys="true" >> ttlInSeconds="300"> >> <serviceToken> >> <x509 storeLocation="LocalMachine" >> storeName="My" findValue="CN=TMPDMDevelopment" >> findType="FindBySubjectDistinguishedName" /> >> </serviceToken> >> <protection> >> <request signatureOptions="IncludeAddressing, >> IncludeTimestamp, IncludeSoapBody" encryptBody="true" /> >> <response signatureOptions="IncludeAddressing, >> IncludeTimestamp, IncludeSoapBody" encryptBody="true" /> >> <fault signatureOptions="IncludeAddressing, >> IncludeTimestamp, IncludeSoapBody" encryptBody="false" /> >> </protection> >> </usernameForCertificateSecurity> >> <requireActionHeader /> >> </policy> >> <policy name="AuthenticationServicePolicy"> >> <usernameForCertificateSecurity establishSecurityContext="true" >> renewExpiredSecurityContext="true" requireSignatureConfirmation="false" >> messageProtectionOrder="SignBeforeEncrypt" requireDerivedKeys="true" >> ttlInSeconds="300"> >> <serviceToken> >> <x509 storeLocation="LocalMachine" >> storeName="AddressBook" findValue="CN=TMPDMDevelopment" >> findType="FindBySubjectDistinguishedName" /> >> </serviceToken> >> <protection> >> <request signatureOptions="IncludeAddressing, >> IncludeTimestamp, IncludeSoapBody" encryptBody="true" /> >> <response signatureOptions="IncludeAddressing, >> IncludeTimestamp, IncludeSoapBody" encryptBody="true" /> >> <fault signatureOptions="IncludeAddressing, >> IncludeTimestamp, IncludeSoapBody" encryptBody="false" /> >> </protection> >> </usernameForCertificateSecurity> >> <requireActionHeader /> >> </policy> >> <!--<policy name="ClientPolicy"> >> <usernameForCertificateSecurity establishSecurityContext="true" >> renewExpiredSecurityContext="true" requireSignatureConfirmation="false" >> messageProtectionOrder="SignBeforeEncrypt" requireDerivedKeys="true" >> ttlInSeconds="300"> >> <serviceToken> >> <x509 storeLocation="LocalMachine" >> storeName="AddressBook" findValue="CN=TMPDMDevelopment" >> findType="FindBySubjectDistinguishedName" /> >> </serviceToken> >> <protection> >> <request signatureOptions="IncludeAddressing, >> IncludeTimestamp, IncludeSoapBody" encryptBody="true" /> >> <response signatureOptions="IncludeAddressing, >> IncludeTimestamp, IncludeSoapBody" encryptBody="true" /> >> <fault signatureOptions="IncludeAddressing, >> IncludeTimestamp, IncludeSoapBody" encryptBody="false" /> >> </protection> >> </usernameForCertificateSecurity> >> <requireActionHeader /> >> </policy>--> >> </policies> >> >> >> ------------------------ >> >> > >
