Dear Wiki user, You have subscribed to a wiki page or wiki category on "Ws Wiki" for change notification.
The following page has been changed by RonReynolds: http://wiki.apache.org/ws/RonReynolds ------------------------------------------------------------------------------ * Axis * WSS4J * Maintaining a balance between work and family + * Wikis + * RonReynolds/Wss4jLinks + * RonReynolds/XmlSigSetup - ---- - [RonReynolds/Wss4jLinks] - [RonReynolds/XmlSigSetup] - Until i figure out how to add new child pages i'll just add my stuff here... - - == How to set up XML-Signature using WSS4J and Axis 1.2.1 == - 1. create a keystore file for the server {{{ - keytool -genkey - -alias server - -dname "CN=My Server" - -keypass serverKeyPW - -keystore server.keystore - -storepass serverStorePW }}} - 2. create a keystore (and public-key/private-key pair) for the client {{{ - keytool -genkey - -alias client1 - -dname "CN=Client 1" - -keypass client1KeyPW - -keystore client1.keystore - -storepass client1StorePW }}} - 3. generate a self-signed certificate for the client (stored within the keystore) {{{ - keytool -selfcert - -alias client1 - -keypass client1KeyPW - -keystore client1.keystore - -storepass client1StorePW }}} - 4. export the self-signed X.509 certificate {{{ - keytool -export - -alias client1 - -keystore client1.keystore - -storepass client1StorePW - -file client.x509 }}} - 5. import the certificate into the server's keystore {{{ - keytool -import - -alias client1 - -file client.x509 - -keystore server.keystore - -storepass serverStorePW }}} - - 6. repeat the above for each client you want the server to accept signed messages from - 7. add the following to the server's server-config.wsdd {{{ - <service name="MyWebservice" provider="java:RPC" style="document" use="literal"> - <!-- WS-Security handlers --> - <requestFlow> - <handler type="java:org.apache.ws.axis.security.WSDoAllReceiver"> - <parameter name="action" value="Signature"/> - <parameter name="actor" value="clientSig"/> - <parameter name="signaturePropFile" value="server-crypto.properties" /> - </handler> - </requestFlow> - ... - }}} - 8. create a server-crypto.properties file with the following contents: {{{ - org.apache.ws.security.crypto.provider = org.apache.ws.security.components.crypto.Merlin - org.apache.ws.security.crypto.merlin.keystore.type = jks - org.apache.ws.security.crypto.merlin.keystore.password = serverStorePW - org.apache.ws.security.crypto.merlin.file = server.keystore - }}} - 9. place the server.keystore and server-crypto.properties files in the WEB-INF/classes directory and the server-config.wsdd file in the WEB-INF directory. - 10. on the client side you'll need a similar client-config.wsdd to tell Axis to generate the signature {{{ - <?xml version="1.0"?> - <deployment xmlns="http://xml.apache.org/axis/wsdd/"; xmlns:java="http://xml.apache.org/axis/wsdd/providers/java";> - <transport name="http" pivot="java:org.apache.axis.transport.http.HTTPSender"/> - <globalConfiguration> - <requestFlow> - <handler type="java:org.apache.ws.axis.security.WSDoAllSender"> - <parameter name="action" value="Signature"/> - <parameter name="actor" value="clientSig"/> - <parameter name="user" value="client1"/> - <parameter name="passwordCallbackClass" value="Client1PWCallback"/> - <parameter name="signaturePropFile" value="client1-crypto.properties" /> - </handler> - </requestFlow> - </globalConfiguration> - </deployment> - }}} and a similar client1-crypto.properties file to tell it what key to sign with {{{ - org.apache.ws.security.crypto.provider = org.apache.ws.security.components.crypto.Merlin - org.apache.ws.security.crypto.merlin.keystore.type = jks - org.apache.ws.security.crypto.merlin.keystore.password = client1StorePW - org.apache.ws.security.crypto.merlin.file = client1.keystore - }}} - 11. you also need to create the password callback classes... (TODO) -
