Thanks! cheers, md
> -----Original Message----- > From: Ruchith Fernando [mailto:[EMAIL PROTECTED] > Sent: Tuesday, July 10, 2007 5:25 AM > To: [email protected] > Subject: Re: Is wss4j still an active project? (was: Rampart > configuration question) > > > Hi, > > On 7/9/07, [EMAIL PROTECTED] > <[EMAIL PROTECTED]> wrote: > > Hi, > > > > I didn't see any replies to the question below, so I > started digging through the rampart/wss4j code. I found a > workaround that will allow me to hard-code the private key > into my client and server, and not have to have absolute > paths to key files. This involves making a small change to > one of the wss4j classes. > > > > I got the wss4j source code and tried to build it. > Unfortunately it was build with axis version 1, and I'm using > axis2. It's trying to import org.apache.axis packages whereas > the new version's package names begin with org.apache.axis2. > Moreover, some classes from the old version have moved since > the new one. For example, wss4j tries to import > org.apache.axix.Message, but there is no such class > org.apache.axis2.Message, so I can't just change the package names. > > > > WSS4J project contains Axis 1.x handlers and we have the Axis jars in > the lib dir [1]. You can include these in the classpath to fix > compilation issues. > > WS-Sec* support for Axis2 is available in Apache Rampart[2] and > Rampart depends on WSS4J. > > And yes WSS4J is still active! > > Thanks, > Ruchith > > [1] https://svn.apache.org/repos/asf/webservices/wss4j/trunk/lib > [2] https://svn.apache.org/repos/asf/webservices/rampart/trunk/java > > Anyway, is wss4j still in active development? It doesn't > look like it. Has anyone moved the source to be compatible with axis2? > > > > cheers, > > md > > > > > > > -----Original Message----- > > > From: Davis, Michael > > > Sent: Friday, July 06, 2007 2:28 PM > > > To: '[email protected]' > > > Subject: Rampart configuration question > > > > > > > > > Hi, > > > > > > I'm trying to use Rampart to encrypt my message body using a > > > symetric secret key. > > > > > > Sample 9, included with the Rampart distibution, does just > > > this. The actual key is hard-coded in a callback function > > > both on the client and the server. My understanding is that > > > the key is the only piece of data needed to encode the message. > > > > > > I was wondering why this part of the client config file: > > > > > > <action> > > > <items>Encrypt</items> > > > <user>client</user> > > > > > > <encryptionKeyIdentifier>EmbeddedKeyName</encryptionKeyIdentifier> > > > > > > <EmbeddedKeyCallbackClass>org.apache.rampart.samples.sample09. > > > PWCBHandler</EmbeddedKeyCallbackClass> > > > > <encryptionPropFile>client.properties</encryptionPropFile> > > > <EmbeddedKeyName>SessionKey</EmbeddedKeyName> > > > </action> > > > > > > contains the encryptionPropFile property. The said property > > > file contains this: > > > > > > org.apache.ws.security.crypto.provider=org.apache.ws.security. > > > components.crypto.Merlin > > > org.apache.ws.security.crypto.merlin.keystore.type=jks > > > org.apache.ws.security.crypto.merlin.keystore.password=apache > > > org.apache.ws.security.crypto.merlin.file=client.jks > > > > > > Now, I can see why we need to configure the provider class. > > > But why does Rampart need the keystore? I'm not using > > > public/private keys or certificates, just one secret key. > > > > > > The code works, but I'd like to simplify it as much as > > > possible. The properties and keystore files shouldn't be > > > necessary, unless I'm misunderstanding something. > > > > > > Many thanks > > > Michael Davis > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > -- > www.ruchith.org > www.wso2.org > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
