Re: [Axis2] Configure Rampart dynamically

Mon, 21 Aug 2006 00:31:56 -0700

I understood about configuring multiple actions - the part that was confusing me was how to use different keys or certificates for the different actions. I'm guessing you handle that by using the setUser() method to identify the key used for signing, and the setEncryptionUser() method to identify the certificate used for encryption. That still leaves a lot of unknowns for the cases I was trying to handle, though. What if you want to use multiple keys for different signatures, for instance? I also found the callback approach to obtaining the passwords a little cumbersome for my purposes.
In my case I needed to work with older Microsoft server code, including pre-submission WS-Addressing, so going direct was really easier than trying to fit this into Axis2. The WSS4J JavaDocs are also somewhat easier for me to understand than the current Rampart documentation. Once you've got some better documentation in place I'm sure Rampart is going to be great for Axis2 users. 

 - Dennis

Ruchith Fernando wrote:

On 8/21/06, Dennis Sosnoski <[EMAIL PROTECTED]> wrote:

Hi Ruchith,

I'd looked at these samples before writing my email. It's not very clear
from the presentation slides exactly what some of the samples are doing,
so I hadn't realized this one matched what I was looking for.


I will try to add some details to explain what each sample does.
Sample 11 shows how to combine different actions and to configure it
dynamically using the InflowConfiguration and OutflowConfiguration
instances.

Example: Following configures rampart to add a Timestamp and sign and
encrypt the outgoing message:

   OutflowConfiguration ofc = new OutflowConfiguration();
   ofc.setActionItems("Timestamp Signature Encrypt");

Thanks,
Ruchith



In any case, I'd already decided to switch to just using WSS4J directly.
For what I'm doing the Axis2 benefits would have been minimal, and using
WSS4J directly gives me full control over the security details. I was
surprised that I immediately ran into a bug in WSS4J, but I fixed it and
now everything looks good.

  - Dennis

Ruchith Fernando wrote:
> Hi Dennis,
>
> Please have a look at Sample 11 in the samples provided with this [1]
> presentation. That has answers to both questions.
>
> Thanks,
> Ruchith
>
> [1]
> http://www.wso2.net/presentations/wss4j/java/2006/08/04/apache-rampart
>
> On 8/17/06, Dennis Sosnoski <[EMAIL PROTECTED]> wrote:
>> Hi Ruchith,
>>
>> I've been trying to do some similar things with Rampart, and running
>> into a few unknowns. First off, how do I set the configuration to do

>> multiple steps in the outflow and inflow? In my case, I need to 
sign the

>> outgoing message with my local private key, then encrypt with the
>> server's public key (from the certificate in my keystore).
>>
>> Secondly, how do I control the type of SecurityTokenReference used in
>> the message? By default I get an X509Data with X509IssuerSerial; I'd
>> prefer to use a KeyIdentifier instead. I tried:
>>
>>

>> 
ofc.setSignatureKeyIdentifier(WSSHandlerConstants.X509_KEY_IDENTIFIER);

>>
>> But this didn't appear to have any effect.
>>
>>   - Dennis
>>
>> Dennis M. Sosnoski
>> SOA, Web Services, and XML
>> Training and Consulting
>> http://www.sosnoski.com - http://www.sosnoski.co.nz
>> Seattle, WA +1-425-296-6194 - Wellington, NZ +64-4-298-6117
>>
>>
>>
>> Ruchith Fernando wrote:

>> > Please add the axis2-security-SNAPSHOT.jar [1] into your 
classpath to

>> > access the OutflowConfiguration/InflowConfiguration classes.
>> >
>> > Latest rampart-SNAPSHOT.mar is available here : [2].
>> >
>> > Thanks,
>> > Ruchith
>> >
>> > [1]
>> >

>> 
http://people.apache.org/repository/axis2/jars/axis2-security-SNAPSHOT.jar 


>>
>> >
>> > [2]
>> http://people.apache.org/repository/axis2/mars/rampart-SNAPSHOT.mar
>> >
>> > On 8/10/06, Brecht Yperman <[EMAIL PROTECTED]> wrote:
>> >> Ok,
>> >>
>> >> Apparently I'm shit at using Axis2, no progress last two days...
>> >>
>> >> Where can I find the latest rampart.mar-build?
>> >> Can I rename the .mar-file to .jar and add it to my build path (to
>> use
>> >> the OutflowConfiguration class)?
>> >>
>> >> Thanks,
>> >> Brecht
>> >>
>> >> -----Original Message-----
>> >> From: Ruchith Fernando [mailto:[EMAIL PROTECTED]
>> >> Sent: donderdag 10 augustus 2006 10:02
>> >> To: [email protected]
>> >> Subject: Re: [Axis2] Configure Rampart dynamically
>> >>
>> >> Hi Brecht,
>> >>
>> >> Yes it is possible. Please see here:
>> >> http://marc.theaimsgroup.com/?l=axis-user&m=115517624610919&w=2
>> >>
>> >> Thanks,
>> >> Ruchith
>> >>
>> >> On 8/10/06, Brecht Yperman <[EMAIL PROTECTED]> wrote:
>> >> >
>> >> >
>> >> >
>> >> >
>> >> > Hi,
>> >> >
>> >> >
>> >> >
>> >> > how do I configure Rampart dynamically?
>> >> >
>> >> >
>> >> >
>> >> > I tried something like this, but it does not work...
>> >> >
>> >> >
>> >> >
>> >> > private void configureSecurity(ServiceClient client) throws
>> AxisFault
>> >> {
>> >> >
>> >> >             if (true /*security == on*/) {
>> >> >
>> >> >                   Parameter parm = new Parameter();
>> >> >
>> >> >                   parm.setName("OutflowSecurity");
>> >> >
>> >> >
>> >> >
>> >> >                   OMFactory fact =
>> OMAbstractFactory.getOMFactory();
>> >> >
>> >> >
>> >> >
>> >> >                   OMNamespace emptyNS =
>> fact.createOMNamespace(null,
>> >> "");
>> >> >
>> >> >                   OMElement actionEl =
>> fact.createOMElement("action",
>> >> > emptyNS);
>> >> >
>> >> >
>> >> >

>> >> >                   OMElement itemsEl = 
fact.createOMElement("items",

>> >> > emptyNS);
>> >> >
>> >> >                   itemsEl.setText("UsernameToken");
>> >> >
>> >> >                   actionEl.addChild(itemsEl);
>> >> >
>> >> >
>> >> >

>> >> >                   OMElement userEl = 
fact.createOMElement("user",

>> >> emptyNS);
>> >> >
>> >> >                   userEl.setText("bob");
>> >> >
>> >> >                   actionEl.addChild(userEl);
>> >> >
>> >> >
>> >> >
>> >> >                   OMElement pwCbEl =
>> >> > fact.createOMElement("passwordCallbackClass", emptyNS);
>> >> >
>> >> >                   pwCbEl.setText("CallbackHandler");
>> >> >
>> >> >                   actionEl.addChild(pwCbEl);
>> >> >
>> >> >
>> >> >
>> >> >                   parm.setParameterElement(actionEl);
>> >> >
>> >> >
>> >> >
>> >> >                   client.engageModule(new QName("rampart-1.0"));
>> >> >
>> >> >             }
>> >> >
>> >> >       }
>> >> >
>> >> >
>> >> >
>> >> > Thanks,
>> >> >
>> >> > Brecht
>> >> >
>> >> >
>> >> >
>> >> > Invenso - The "Integration Software" specialists.
>> >> >  _____________________________________________
>> >> >
>> >> > Brecht Yperman
>> >> >  Development team
>> >> >
>> >> >  Direct: +32 (0)3 780 30 05
>> >> >  Email: [EMAIL PROTECTED]
>> >> >
>> >> > INVENSO bvba
>> >> >  Industriepark-West 75
>> >> >  9100 Sint-Niklaas
>> >> >  Belgium - Europe
>> >> >
>> >> >  Phone: +32 (0)3 780 30 02
>> >> >  Fax: +32 (0)3 780 30 03
>> >> >  Email: [EMAIL PROTECTED]
>> >> >  Website: www.invenso.com
>> >> >
>> >> > "E-mail disclaimer: This e-mail, and any attachments thereto, is
>> >> intended
>> >> > only for use by the addressee(s) named herein and may contain
>> legally
>> >> > privileged and/or confidential information. If you are not the
>> >> intended

>> >> > recipient, please note that any review, dissemination, 
disclosure,
>> >> > alteration, printing, copying or transmission of this e-mail 
and/or

>> >> any file

>> >> > transmitted with it, is strictly prohibited and may be 
unlawful. If

>> >> you have
>> >> > received this e-mail by mistake, please immediately notify the
>> sender
>> >> and
>> >> > permanently delete the original as well as any copy of any
>> e-mail and
>> >> any
>> >> > printout thereof."
>> >> >
>> >> >
>> >>
>> >>
>> >> --
>> >> www.ruchith.org
>> >>

>> >> 
---------------------------------------------------------------------

>> >> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> >> For additional commands, e-mail: [EMAIL PROTECTED]
>> >>
>> >>

>> >> 
---------------------------------------------------------------------

>> >> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> >> For additional commands, e-mail: [EMAIL PROTECTED]
>> >>
>> >>
>> >
>> >
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> For additional commands, e-mail: [EMAIL PROTECTED]
>>
>>
>
>






---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]























					Reply via email to