On Fri, Aug 5, 2011 at 11:25 PM, Jorge Infante Osorio <[email protected]> wrote:
> Hi folks.
> I´m using Crypto Caching as a way to improve the security performance.
>
> I have a service deployed inside AS 4.1.0 with SecConSgnEncrUsername
> security policy. Also I use the IS 3.2.0 for STS request.
>
> In the policy attach you can see a lot of RampartConfig, this is the normal
> behavior? I load my service and sts policies from xml files.
Hi Jorge,
This is not the expected behavior. Ideally you should have a one
crypto config for bootstrap policy and one for endpoint policy. Could
you please let us know the steps of reproducing this ? Also are you
experiencing this in client side or server side ? If it is in server
side, please let us know how you hosted your "loadPolicyService"
implementations into server.
Thanks
AmilaJ
>
> I figure out that this due to my load policy method:
>
> private Policy loadPolicyservice(String xmlPath) throws Exception {
>
> StAXOMBuilder builder = null;
> Policy policy = null;
> RampartConfig rc = null;
> CryptoConfig sigCryptoConfig = null;
> String path = null;
> String keystore = null;
> Properties merlinProp = null;
> CryptoConfig encrCryptoConfig = null;
>
> builder = new StAXOMBuilder(xmlPath);
> policy =
> PolicyEngine.getPolicy(builder.getDocumentElement());
>
> rc = new RampartConfig();
> rc.setUser("jorgeio");
> rc.setUserCertAlias("wso2carbon");
> rc.setEncryptionUser("wso2carbon");
>
> rc.setPwCbClass(PWCBHandlerESB.class.getName());
>
> path = System.getProperty("user.dir");
> keystore = "c:\\keys\\wso2carbon.jks";
>
> merlinProp = new Properties();
>
> merlinProp.put("org.apache.ws.security.crypto.merlin.keystore.type", "JKS");
> merlinProp.put("org.apache.ws.security.crypto.merlin.file",
> keystore);
>
> merlinProp.put("org.apache.ws.security.crypto.merlin.keystore.password",
> "wso2carbon");
>
> sigCryptoConfig = new CryptoConfig();
>
> sigCryptoConfig.setProvider("org.apache.ws.security.components.crypto.Merlin
> ");
> sigCryptoConfig.setProp(merlinProp);
>
> encrCryptoConfig = new CryptoConfig();
>
> encrCryptoConfig.setProvider("org.apache.ws.security.components.crypto.Merli
> n");
> encrCryptoConfig.setProp(merlinProp);
>
> rc.setSigCryptoConfig(sigCryptoConfig);
> rc.setEncrCryptoConfig(encrCryptoConfig);
>
> policy.addAssertion(rc);
>
> return policy;
> }
>
> How can avoid this RampartConfig replication?
>
>
> I have another doubt :
> Why if I use "org.apache.ws.security.components.crypto.Merlin" as the crypto
> provider in my load policy methods, in the attach policy appear
> "org.wso2.carbon.security.util.ServerCrypto".
>
> in this case what is the correct value to cryptoKey?
>
> Saludos,
> Ing. Jorge Infante Osorio.
> J´Dpto Soluciones SOA.
> CDAE.
> Fac. 5.
> UCI.
>
>
> _______________________________________________
> Carbon-dev mailing list
> [email protected]
> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>
>
_______________________________________________
Carbon-dev mailing list
[email protected]
http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
