Yes wss4j is still active, you may want to subscribe to the wss4j mailing list and ask the question there.
Chad On 7/9/07, [EMAIL PROTECTED] < [EMAIL PROTECTED]> wrote:
Hi, I didn't see any replies to the question below, so I started digging through the rampart/wss4j code. I found a workaround that will allow me to hard-code the private key into my client and server, and not have to have absolute paths to key files. This involves making a small change to one of the wss4j classes. I got the wss4j source code and tried to build it. Unfortunately it was build with axis version 1, and I'm using axis2. It's trying to import org.apache.axis packages whereas the new version's package names begin with org.apache.axis2. Moreover, some classes from the old version have moved since the new one. For example, wss4j tries to import org.apache.axix.Message, but there is no such class org.apache.axis2.Message, so I can't just change the package names. Anyway, is wss4j still in active development? It doesn't look like it. Has anyone moved the source to be compatible with axis2? cheers, md > -----Original Message----- > From: Davis, Michael > Sent: Friday, July 06, 2007 2:28 PM > To: '[email protected]' > Subject: Rampart configuration question > > > Hi, > > I'm trying to use Rampart to encrypt my message body using a > symetric secret key. > > Sample 9, included with the Rampart distibution, does just > this. The actual key is hard-coded in a callback function > both on the client and the server. My understanding is that > the key is the only piece of data needed to encode the message. > > I was wondering why this part of the client config file: > > <action> > <items>Encrypt</items> > <user>client</user> > > <encryptionKeyIdentifier>EmbeddedKeyName</encryptionKeyIdentifier> > > <EmbeddedKeyCallbackClass>org.apache.rampart.samples.sample09. > PWCBHandler</EmbeddedKeyCallbackClass> > <encryptionPropFile>client.properties</encryptionPropFile> > <EmbeddedKeyName>SessionKey</EmbeddedKeyName> > </action> > > contains the encryptionPropFile property. The said property > file contains this: > > org.apache.ws.security.crypto.provider=org.apache.ws.security. > components.crypto.Merlin > org.apache.ws.security.crypto.merlin.keystore.type=jks > org.apache.ws.security.crypto.merlin.keystore.password=apache > org.apache.ws.security.crypto.merlin.file=client.jks > > Now, I can see why we need to configure the provider class. > But why does Rampart need the keystore? I'm not using > public/private keys or certificates, just one secret key. > > The code works, but I'd like to simplify it as much as > possible. The properties and keystore files shouldn't be > necessary, unless I'm misunderstanding something. > > Many thanks > Michael Davis > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
