Hi,
have you got this problem fixed, and how?
I am having the same problem now - encryption doesn't work, although i
have similar configuration like the rampart sample5.
Marcel Casado schrieb:
Hi,
I'm trying to secure services with Rampart encrypting the body of the
soap message. When the load on the body are pure xml elements with no
attributes works fine but when the load has elements with attributes
when they are decrypted the value is "null". The service was working
fine with out encryption.
I sent this before but I was not able to get much help. I'm stuck with
this and I need to get it working in a production system soon. Help
please, I'm kind of desperate. I told my boss that with axis2 and
Rampart will get secure services quite easily and I been stuck almost
for one month on this.
Example of load :
<AllowedValuesSet isStatic="true">
<NestedMap>
<MapEntry entryValue="Model Output" entryKey="model_output"/>
<MapEntry entryValue="Observation" entryKey="observation"/>
<NestedMap parentKey="observation">
<MapEntry entryValue="Station" entryKey="observation>station"/>
<NestedMap parentKey="observation>station">
<MapEntry entryValue="Lightning"
entryKey="observation>station>lightning"/>
<MapEntry entryValue="Mesowest/WMO"
entryKey="observation>station>wmo"/>
<MapEntry entryValue="Profiler"
entryKey="observation>station>profiler"/>
<MapEntry entryValue="SAMS" entryKey="observation>station>sams"/>
<MapEntry entryValue="Sounding"
entryKey="observation>station>sounding"/>
</NestedMap>
</NestedMap>
<NestedMap parentKey="model_output">
<MapEntry entryValue="MM5" entryKey="model_output>mm5"/>
<NestedMap parentKey="model_output>mm5">
<MapEntry entryValue="Forecast"
entryKey="model_output>mm5>forecast"/>
</NestedMap>
</NestedMap>
</NestedMap>
</AllowedValuesSet>
services.xml :
<!-- This file was auto-generated from WSDL -->
<!-- by the Apache Axis2 version: #axisVersion# #today# -->
<serviceGroup>
<service name="MetvaultMetadataService">
<messageReceivers>
<messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-out";
class="edu.ucar.rap.metvault.metvaultservice.version1_0.metadataservice.MetvaultMetadataServiceMessageReceiverInOut"/>
</messageReceivers>
<parameter name="ServiceClass" locked="false">
edu.ucar.rap.metvault.metvaultservice.version1_0.metadataservice.MetvaultMetadataServiceSkeleton</parameter>
<operation name="getAllowedValuesSet"
mep="http://www.w3.org/2004/08/wsdl/in-out";>
<actionMapping>getAllowedValuesSet</actionMapping>
</operation>
<operation name="getMetadata"
mep="http://www.w3.org/2004/08/wsdl/in-out";>
<actionMapping>getMetadata</actionMapping>
</operation>
<operation name="retrieveMetadata"
mep="http://www.w3.org/2004/08/wsdl/in-out";>
<actionMapping>retrieveMetadata</actionMapping>
</operation>
<operation name="executeService"
mep="http://www.w3.org/2004/08/wsdl/in-out";>
<actionMapping>executeService</actionMapping>
</operation>
<operation name="requestServiceSummary"
mep="http://www.w3.org/2004/08/wsdl/in-out";>
<actionMapping>requestServiceSummary</actionMapping>
</operation>
<operation name="requestServiceResponse"
mep="http://www.w3.org/2004/08/wsdl/in-out";>
<actionMapping>requestServiceResponse</actionMapping>
</operation>
<operation name="requestCrawlerStart"
mep="http://www.w3.org/2004/08/wsdl/in-out";>
<actionMapping>requestCrawlerStart</actionMapping>
</operation>
<operation name="requestCrawlerStop"
mep="http://www.w3.org/2004/08/wsdl/in-out";>
<actionMapping>requestCrawlerStop</actionMapping>
</operation>
<operation name="requestLogin"
mep="http://www.w3.org/2004/08/wsdl/in-out";>
<actionMapping>requestLogin</actionMapping>
</operation>
<module ref="rampart"/>
<parameter name="OutflowSecurity">
<action>
<items>Timestamp Encrypt</items>
<passwordCallbackClass>edu.ucar.rap.metvault.metvaultservice.version1_0.metadataservice.PWCBHandler</passwordCallbackClass>
<encryptionPropFile>service.properties</encryptionPropFile>
<encryptionKeyIdentifier>IssuerSerial</encryptionKeyIdentifier>
<encryptionUser>client</encryptionUser>
</action>
</parameter>
<parameter name="InflowSecurity">
<action>
<items>UsernameToken Timestamp Encrypt</items>
<passwordCallbackClass>edu.ucar.rap.metvault.metvaultservice.version1_0.metadataservice.PWCBHandler</passwordCallbackClass>
<decryptionPropFile>service.properties</decryptionPropFile>
</action>
</parameter>
</service>
</serviceGroup>
client axis2.xml excerpt :
<module ref="rampart"/>
<parameter name="InflowSecurity">
<action>
<items>Timestamp Encrypt</items>
<passwordCallbackClass>edu.ucar.rap.metvault.metvaultservice.version1_0.metadataservice.PWCBHandler</passwordCallbackClass>
<decryptionPropFile>client.properties</decryptionPropFile>
</action>
</parameter>
<parameter name="OutflowSecurity">
<action>
<items>UsernameToken Timestamp Encrypt</items>
<passwordType>PasswordText</passwordType>
<signaturePropFile>client.properties</signaturePropFile>
<signatureKeyIdentifier>DirectReference</signatureKeyIdentifier>
<encryptionUser>service</encryptionUser>
<encryptionPropFile>client.properties</encryptionPropFile>
<encryptionIdentifier>IssuerSerial</encryptionIdentifier>
<encryptionParts>
{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}UsernameToken
</encryptionParts>
<! -- The user and password are set up on the client stub with an
instance of a pwcallbackHandle -->
<!-- <user>marcel</user> -->
<!--
<passwordCallbackClass>edu.ucar.rap.metvault.metvaultservice.version1_0.metadataservice.PWCBHandler</passwordCallbackClass>
-->
</action>
</parameter>
I got another question, how to configure a client for using
UsernameToken and Signature since they both use the <user> parameter
and in my case are different. Do I have to set up two actions ? Could
you send me an example of the setup on the client and on the service ?
Thanks in advance,
-Marcel
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
