Hi Ruchith,
I have raised a JIRA for the problem:
https://issues.apache.org/jira/browse/RAMPART-18
Thanks,
Sriram Vaidyanathan
Software Engineer - Java
Copart Auto Auctions, Inc.
4665 Business Center Drive
Fairfield, CA 94534
www.copart.com <http://www.copart.com/>
(707) 639-5428
-----Original Message-----
From: Ruchith Fernando [mailto:[EMAIL PROTECTED]
Sent: Friday, January 26, 2007 8:51 PM
To: [email protected]
Subject: Re: Configuration in Rampart 1.1
Hi,
We need to do this.
JIRA please :-)
Thanks,
Ruchith
On 1/27/07, Sriram Vaidyanathan <[EMAIL PROTECTED]> wrote:
> Thanks Ruchith.
> Another question I had is, If I had defined custom fault to be thrown from
> an operation and those faults are currently not getting secured. Is there a
> way to secure the outgoing faults from the service with the same security
> policy used for securing outgoing messages.?
>
> Thanks,
> Sriram Vaidyanathan
> Software Engineer - Java
> Copart Auto Auctions, Inc.
> 4665 Business Center Drive
> Fairfield, CA 94534
> www.copart.com <http://www.copart.com/>
> (707) 639-5428
>
> -----Original Message-----
> From: Ruchith Fernando [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, January 24, 2007 6:34 PM
> To: [email protected]
> Subject: Re: Configuration in Rampart 1.1
>
> Hi Sriram,
>
> This should be possible by specifying message level policies in the
> services.xml.
>
> Simply remove the EncryptedParts and SignedParts assertions from the
> service level policy and include those assertions at the message
> level. For example:
>
> <service>
> <operation name="echo">
> <message label="in">
> <wsp:Policy wsu:Id="InputMessagePolicy"
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
> xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
> <sp:SignedParts
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
> <sp:Body/>
> </sp:SignedParts>
> <sp:EncryptedParts
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
> <sp:Body/>
> </sp:EncryptedParts>
> </wsp:Policy>
> </message>
> </operation>
>
> <wsp:Policy wsu:Id="ServicePolicy"
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
> xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
> .........
> .........
> .........
> .........
> </wsp:Policy>
>
> </service>
>
> Please make sure that you don't have a
> <sp:OnlySignEntireHeadersAndBody/> assertion in the binding policy as
> well.
>
>
> Thanks,
> Ruchith
>
> On 1/25/07, Sriram Vaidyanathan <[EMAIL PROTECTED]> wrote:
> > Hello Ruchith /Dimuthu,
> >
> > Thanks for your responses!!
> >
> > I was just using the Policy sample03, which does both the Signature and the
> > Encryption, and it works very well. My question is there a way for me to
> > specify to the service to only expect "Inflow" messages to be secured and
> > not secure "Outflow" messages like it was possible in the Rampart 1.0
> > configuration.
> >
> > Thanks,
> > Sriram Vaidyanathan
> > Software Engineer - Java
> > Copart Auto Auctions, Inc.
> > 4665 Business Center Drive
> > Fairfield, CA 94534
> > www.copart.com <http://www.copart.com/>
> > (707) 639-5248
> >
> > -----Original Message-----
> > From: Ruchith Fernando [mailto:[EMAIL PROTECTED]
> > Sent: Friday, January 19, 2007 2:56 AM
> > To: [email protected]
> > Subject: Re: Configuration in Rampart 1.1
> >
> > Hi Sriram,
> >
> > Note that you must use Rampart policy[1] in configuring rampart along
> > with the standard WS-SecurityPolicy.
> >
> > The WS-SecPolicy stuff are not really straight forward. Therefore I
> > believe we will be maintaining the rampart-1.0 configuration for a few
> > more versions :-). However the rampart-1.0 configuration causes a few
> > issues when we try to interop with other implementations. For example
> > if the endpoint policy requires a signed Timestamp with "strict"
> > header layout, the rampart-1.0 configuration fails to satisfy those
> > requirements. Therefore the best option
> >
> > Thanks,
> > Ruchith
> >
> > [1]
> > http://ws.apache.org/axis2/modules/rampart/1_1/sec-conf/rampart-config.xsd
> >
> > On 1/18/07, Dimuthu Leelaratne <[EMAIL PROTECTED]> wrote:
> > > Hi Sriram,
> > >
> > > As I understand your single client can tallk to multiple services but
> > > with different security requirements. For configurations now we
> > > encourage using Policy file according to WS Security Policy
> > > specification
> > > (http://specs.xmlsoap.org/ws/2005/07/securitypolicy/ws-securitypolicy.pdf).
> > >
> > > Since your services require different security settings, we may have
> > > to create different Policy.xml files. After that according to the
> > > service the client is going to invoke you can load the relevant
> > > Policy file as follows.
> > >
> > > StAXOMBuilder builder = new StAXOMBuilder(pathToPolicyfile);
> > > Policy clientPolicy =
> > > PolicyEngine.getPolicy(builder.getDocumentElement());
> > > //setting the object
> > > Options options = new Options();
> > > options.setProperty(RampartMessageData.KEY_RAMPART_POLICY,
> > > clientPolicy);
> > >
> > >
> > > Schemas are available at,
> > > http://ws.apache.org/axis2/modules/rampart/1_1/security-module.html
> > >
> > > Cheers,
> > > Dimuthu
> > >
> > >
> > >
> > > On 1/18/07, Sriram Vaidyanathan <[EMAIL PROTECTED]> wrote:
> > > > Hi,
> > > > I am currently trying to upgrade to Rampart 1.1 from Rampart 1.0
> > > > and using Rampart 1.0 we could talk to multiple services from a single
> > > > client by programmatically configuring the parameters using the
> > > > OutflowConfiguration class.
> > > >
> > > > From previous posts in the forum it looks like these are deprecated
> > > > with the 1.1 releases. Is there an alternative way we can dynamically
> > > > configure the parameters in 1.1? Any help on this would be appreciated.
> > > >
> > > > Thanks and Regards
> > > > Sriram Vaidyanathan
> > > >
> > > >
> > > >
> > > >
> > > > ---------------------------------------------------------------------
> > > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > > For additional commands, e-mail: [EMAIL PROTECTED]
> > > >
> > > >
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > For additional commands, e-mail: [EMAIL PROTECTED]
> > >
> > >
> >
> >
> > --
> > www.ruchith.org
> > www.wso2.org
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
>
>
> --
> www.ruchith.org
> www.wso2.org
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
--
www.ruchith.org
www.wso2.org
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
