Re: Encryption configuration problems

Tue, 04 Dec 2007 06:41:16 -0800 

the alternative and perhaps easier direction is to configure declaratively as 
in 

policy.xml contents:

//signature crypto characteristics would be specified as
    <ramp:signatureCrypto>
     <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
      <ramp:property 
name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
      <ramp:property 
name="org.apache.ws.security.crypto.merlin.file">client.jks</ramp:property>
      <ramp:property 
name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property>
     </ramp:crypto>
    </ramp:signatureCrypto>

//encryption characteristics would be specified as
    <ramp:encryptionCypto>
     <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
      <ramp:property 
name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
      <ramp:property 
name="org.apache.ws.security.crypto.merlin.file">client.jks</ramp:property>
      <ramp:property 
name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property>
     </ramp:crypto>
    </ramp:encryptionCypto>

Martin-
  ----- Original Message ----- 
  From: Pete 
  To: [email protected] 
  Sent: Tuesday, December 04, 2007 8:45 AM
  Subject: Re: Encryption configuration problems


  Thanks for the reply Nandana.

  You have the scenario correct... Except, it could also be the same request 
going to multiple endpoints, each request needs to be encrypted differently.

  I am going to a policy configuration because OutflowConfiguration (and 
InflowConfiguration) are deprecated.

  Your policy configuration example is perfect, is there some javadoc on the 
RampartConfig and related classes? Nothing came with the 1.3 zipped release. 
Hope I'm not missing something obvious.

  I appreciate the help!

  -P




  ----- Original Message ----
  From: Nandana Mihindukulasooriya <[EMAIL PROTECTED]>
  To: [email protected]
  Sent: Tuesday, December 4, 2007 12:33:26 AM
  Subject: Re: Encryption configuration problems

  Hi,
      If I got the scenario correct, what you want is to encrypt different 
requests ( to different endpoints ) with different
  certificates, right ?
       Which certificate to use in encryption is defined in the property 
"encryptionUser". This can be set programatically 
  in both basic configuration and policy based configuration. We have to set 
the correct certificate alias as the "encryptionUser"
  property.

  In basic configuration,

  OutflowConfiguration ofc = new OutflowConfiguration(); 
  ofc.setEncryptionUser("XXX");
  options.setProperty(WSSHandlerConstants.OUTFLOW_SECURITY, ofc);

  In policy based configuration,
        
  StAXOMBuilder builder = new StAXOMBuilder(xmlPath); 
        Policy policy = PolicyEngine.getPolicy(builder.getDocumentElement());

        RampartConfig rampartConfig = new RampartConfig();
        rampartConfig.setUser("Alan");
        rampartConfig.setEncryptionUser ("Someone");
        ...      
        rampartConfig.setSigCryptoConfig(sigCryptoConfig);

        rampartConfig.setEncrCryptoConfig(encrCrypto);

        policy.addAssertion(rampartConfig); 










  On Nov 29, 2007 11:56 PM, Pete <[EMAIL PROTECTED]> wrote:

    Hello all,

    Currently I have my client encrypting AXIS2 SOAP messages with the same key 
to all endpoints. (Axis2/Rampart v1.3)


    The problem is that we would like each destination to use a different key.
    The service is the same (same WSDL) at each endpoint and other than the 
IP/port.
    (Same service definition, multiple endpoints each with a unique key)

    Programatically I know where to route it and set the endpoint, however I am 
having difficulties setting up the encryption values on the fly. 

    I see that OutflowSecurity is deprecated.
    I've also tried manually building the XML OutflowSecurityParameter and 
setting it in the options before enabling rampart. That didn't go over well...

           Parameter p = new Parameter("OutflowSecurity", " 
Encryptmykeyclient.propertieshttp://www.w3.org/2001/04/xmlenc#tripledes-cbc";);
           stub._getServiceClient().getAxisConfiguration().addParameter(p);

    I've looked at the examples and searched for a decent tutorial on WS-Policy 
using policy.xml for configuration. What I have found, does not lead me to 
believe that it will give me the right solution. Maybe I'm not finding the 
right answer or asking the right question?! I really haven't found a good 
reference to using policy.xml that I can relate to. (decode)

    Any assistance would be greatly appreciated. Thanks!
    -P





         
____________________________________________________________________________________
 
    Never miss a thing.  Make Yahoo your home page.
    http://www.yahoo.com/r/hs

    ---------------------------------------------------------------------
    To unsubscribe, e-mail: [EMAIL PROTECTED]
    For additional commands, e-mail: [EMAIL PROTECTED]








------------------------------------------------------------------------------
  Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now.

Reply via email to