[jira] [Commented] (RAMPART-346) Rampart should encrypt soap request body by default, and it seems that doesn't do that

[Amila Jayasekara (Commented) (JIRA)]

    [ 
https://issues.apache.org/jira/browse/RAMPART-346?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13171878#comment-13171878
 ] 

Amila Jayasekara commented on RAMPART-346:
------------------------------------------

Hi Enrico,

Please use WS-SecurityPolicy based  configurations when securing messages.
You can find samples within samples/policy directory.

Thanks
AmilaJ

                
> Rampart should encrypt soap request body by default, and it seems that 
> doesn't do that
> --------------------------------------------------------------------------------------
>
>                 Key: RAMPART-346
>                 URL: https://issues.apache.org/jira/browse/RAMPART-346
>             Project: Rampart
>          Issue Type: Question
>          Components: rampart-policy
>    Affects Versions: 1.5.1
>         Environment: ubuntu 10.04, Tomcat 6.0, Axis2
>            Reporter: Enrico Viappiani
>
> All where fine except for the body that isn't encrypted, also no error 
> messages, so i can't figure out where the issue is!
> Rampart shouldn't encrypt the body of the Soap message by default with the 
> Encrypt tag? Am i wrong? Thanks
> from axis2.xml:
> # <module ref="rampart"></module>  
> #       
> # <parameter name="OutflowSecurity">  
> #         <action>  
> #             <items>UsernameToken Encrypt Timestamp Signature</items>  
> #             <user>service</user>  
> #             
> <passwordCallbackClass>it.unipr.aotlab.PWCBHandler</passwordCallbackClass>  
> #             <encryptionUser>client</encryptionUser>  
> #             <encryptionPropFile>service.properties</encryptionPropFile>  
> #             <signaturePropFile>service.properties</signaturePropFile>  
> #             <signatureKeyIdentifier>IssuerSerial</signatureKeyIdentifier>  
> #         </action>  
> #     </parameter>  
> #       
> #     <parameter name="InflowSecurity">  
> #       <action>  
> #         <items>UsernameToken Encrypt Timestamp Signature</items>  
> #         
> <passwordCallbackClass>it.unipr.aotlab.PWCBHandler</passwordCallbackClass>  
> #         <decryptionPropFile>service.properties</decryptionPropFile>  
> #         <signaturePropFile>service.properties</signaturePropFile>  
> #         <signatureKeyIdentifier>IssuerSerial</signatureKeyIdentifier>  
> #       </action>  
> #     </parameter>
> from service.properties:
> org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
> org.apache.ws.security.crypto.merlin.keystore.type=jks
> org.apache.ws.security.crypto.merlin.keystore.password=servicestorekey
> org.apache.ws.security.crypto.merlin.file=service.jks
> this is the Soap request catched by SOAPMonitor:
> # <?xml version='1.0' encoding='utf-8'?><soapenv:Envelope 
> xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope"; 
> xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";><soapenv:Header 
> xmlns:wsa="http://www.w3.org/2005/08/addressing";><wsse:Security 
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
>  soapenv:mustUnderstand="true"><ds:Signature 
> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; Id="Signature-64">  
> # <ds:SignedInfo>  
> # <ds:CanonicalizationMethod 
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; />  
> # <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"; 
> />  
> # <ds:Reference URI="#id-65">  
> # <ds:Transforms>  
> # <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; />  
> # </ds:Transforms>  
> # <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; />  
> # <ds:DigestValue>CDFLN83TOs5+SlNOrZNpIQn2Pq0=</ds:DigestValue>  
> # </ds:Reference>  
> # </ds:SignedInfo>  
> # <ds:SignatureValue>  
> # 
> W+KlXPZhJrurB8I2gxrI9f98ivLYTh/0B1A8p5lCe+Bhv2uLN8ZOQJObysOgVHyDxKrYqa3MscB8  
> # 
> d1IcVUnXgnquG7ensMi6dtc+8njqk1IRmhB3WYuPW85kopYfSK/0F4ryWPZmgmNQrucTbMsY4I9b  
> # UJ7OKWkSQXINYm4KuUg=  
> # </ds:SignatureValue>  
> # <ds:KeyInfo Id="KeyId-5356F8146A2D7E4B97132404649292164">  
> # <wsse:SecurityTokenReference 
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
>  wsu:Id="STRId-5356F8146A2D7E4B97132404649292165"><ds:X509Data>  
> # <ds:X509IssuerSerial>  
> # <ds:X509IssuerName>CN=Enrico Viappiani,OU=casa,O=casa,L=reggio 
> emilia,ST=RE,C=IT</ds:X509IssuerName>  
> # <ds:X509SerialNumber>1323271624</ds:X509SerialNumber>  
> # </ds:X509IssuerSerial>  
> # </ds:X509Data></wsse:SecurityTokenReference>  
> # </ds:KeyInfo>  
> # </ds:Signature><wsu:Timestamp 
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
>  
> wsu:Id="Timestamp-63"><wsu:Created>2011-12-16T14:41:32.920Z</wsu:Created><wsu:Expires>2011-12-16T14:46:32.920Z</wsu:Expires></wsu:Timestamp><xenc:EncryptedKey
>  Id="EncKeyId-5356F8146A2D7E4B97132404649291962"><xenc:EncryptionMethod 
> Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"; /><ds:KeyInfo 
> xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>  
> # <wsse:SecurityTokenReference><ds:X509Data>  
> # <ds:X509IssuerSerial>  
> # <ds:X509IssuerName>CN=Enrico Viappiani,OU=casa,O=casa,L=reggio 
> emilia,ST=RE,C=IT</ds:X509IssuerName>  
> # <ds:X509SerialNumber>1323271546</ds:X509SerialNumber>  
> # </ds:X509IssuerSerial>  
> # </ds:X509Data></wsse:SecurityTokenReference>  
> # 
> </ds:KeyInfo><xenc:CipherData><xenc:CipherValue>ZI5mjekZBXYfQeHBu1xKj4DTUwFV2cWpD8P8g9f8v3qJRGSjYhTuWcOMX11D3TRv9kcBgy7ung2DO6/sw244VSrCiI02pLZHyY9T2vuC+PBffnitFL+jgeNtA74DKw9vC4KEVCVbkXrKUqpWZ1ATNxumR1FN2ViJlviYHOwLVD8=</xenc:CipherValue></xenc:CipherData><xenc:ReferenceList><xenc:DataReference
>  URI="#EncDataId-62" 
> /></xenc:ReferenceList></xenc:EncryptedKey><wsse:UsernameToken 
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
>  
> wsu:Id="UsernameToken-61"><wsse:Username>client</wsse:Username><wsse:Password 
> Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest";>ndQ8vXUsELCdgTcADoSuI+N4eKU=</wsse:Password><wsse:Nonce
>  
> EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary";>fXRZlMmfiujFfHDZjNJUGA==</wsse:Nonce><wsu:Created>2011-12-16T14:41:32.918Z</wsu:Created></wsse:UsernameToken></wsse:Security><wsa:To>http://localhost:8080/HospitalWS/services/HospitalService</wsa:To><wsa:MessageID>urn:uuid:8CE6524CD8C698CF7E1324046493019</wsa:MessageID><wsa:Action>urn:RequestList</wsa:Action></soapenv:Header><soapenv:Body
>  
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
>  wsu:Id="id-65"><ns1:RequestList 
> xmlns:ns1="http://aotlab.unipr.it";><ns1:user><User>  
> #   <CF>vppnrc84l16h223l</CF>  
> #   <password>viappio</password>  
> # </User></ns1:user></ns1:RequestList></soapenv:Body></soapenv:Envelope> 

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira



---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscr...@axis.apache.org
For additional commands, e-mail: java-dev-h...@axis.apache.org