we had this error a few months ago the problem is Herr Dittman didnt accomodate a getPassword in UsernameToken
Martin Gainty ______________________________________________ Jogi és Bizalmassági kinyilatkoztatás/Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité Ez az üzenet bizalmas. Ha nem ön az akinek szánva volt, akkor kérjük, hogy jelentse azt nekünk vissza. Semmiféle továbbítása vagy másolatának készítése nem megengedett. Ez az üzenet csak ismeret cserét szolgál és semmiféle jogi alkalmazhatósága sincs. Mivel az electronikus üzenetek könnyen megváltoztathatóak, ezért minket semmi felelöség nem terhelhet ezen üzenet tartalma miatt. Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen. Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le destinataire prévu, nous te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert à l'information seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité pour le contenu fourni. Date: Tue, 19 Mar 2013 18:43:19 -0400 Subject: Re: Rampart: UsernameToken and X.509 certificates From: ruchith.ferna...@gmail.com To: java-dev@axis.apache.org Hi Nathan, Can you please try the attached patch with the rampart trunk and see if you still have the same issue. Thanks, Ruchith On Mon, Mar 18, 2013 at 1:12 AM, Nathan Clement <nathan.a.clem...@hotmail.com> wrote: > Hi, > > I'm trying to use a UsernameToken with a hashed password and an X.509 token > for signatures. My policy file is below - it contains both sp:UsernameToken > and sp:X509Token. No encryption should be performed in this scenario and we > are using HTTPS for transport. > > I get the following exception when using this policy file: > > Caused by: org.apache.rampart.RampartException: Encryption user not > specified (The context is created by the initiating party) > at > org.apache.rampart.util.RampartUtil.setEncryptionUser(RampartUtil.java:1308) > at > org.apache.rampart.util.RampartUtil.setEncryptionUser(RampartUtil.java:1296) > at > org.apache.rampart.builder.AsymmetricBindingBuilder.doSignBeforeEncrypt(AsymmetricBindingBuilder.java:538) > at > org.apache.rampart.builder.AsymmetricBindingBuilder.build(AsymmetricBindingBuilder.java:90) > at org.apache.rampart.MessageBuilder.build(MessageBuilder.java:147) > at > org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:65) > > With the help of SVN blame, I found that a change was made in > https://issues.apache.org/jira/browse/RAMPART-106 that forces the > UsernameToken to be encrypted (BindingBuilder:428 in the current trunk). > > I found the following in the WS-Security UsernameToken profile: > > /wsse:UsernameToken/wsse:Password > This optional element provides password information (or equivalent such as a > hash). It is RECOMMENDED that this element only be passed when a secure > transport (e.g. HTTP/S) is being used or if the token itself is being > encrypted. > > > We are using HTTPS for transport, so encryption of the token doesn't seem to > be necessary. Is there something I'm missing, or should the logic from > RAMPART-106 only apply in certain situations? > > Thanks, > > Nathan > > <?xml version="1.0" encoding="UTF-8"?> > <wsp:Policy wsu:Id="UTOverTransport" > > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; > xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";> > <wsp:ExactlyOne> > <wsp:All> > <sp:SignedSupportingTokens > xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";> > <wsp:Policy> > <sp:UsernameToken > sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient";> > <wsp:Policy> > <sp:HashPassword/> > </wsp:Policy> > </sp:UsernameToken> > </wsp:Policy> > </sp:SignedSupportingTokens> > > <sp:AsymmetricBinding > xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";> > <wsp:Policy> > <sp:InitiatorToken> > <wsp:Policy> > <sp:X509Token > sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient";> > <wsp:Policy> > <sp:RequireThumbprintReference/> > <sp:WssX509V3Token10/> > </wsp:Policy> > </sp:X509Token> > </wsp:Policy> > </sp:InitiatorToken> > > <sp:RecipientToken> > <wsp:Policy> > <sp:X509Token > sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never";> > <wsp:Policy> > <sp:RequireThumbprintReference/> > <sp:WssX509V3Token10/> > </wsp:Policy> > </sp:X509Token> > </wsp:Policy> > </sp:RecipientToken> > > <sp:AlgorithmSuite> > <wsp:Policy> > <sp:Basic256Sha256/> > </wsp:Policy> > </sp:AlgorithmSuite> > > <sp:Layout> > <wsp:Policy> > <sp:Strict/> > </wsp:Policy> > </sp:Layout> > > <sp:IncludeTimestamp/> > <sp:OnlySignEntireHeadersAndBody/> > </wsp:Policy> > </sp:AsymmetricBinding> > > <sp:Wss11 > xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";> > <wsp:Policy> > <sp:MustSupportRefKeyIdentifier/> > <sp:MustSupportRefIssuerSerial/> > </wsp:Policy> > </sp:Wss11> > > <sp:SignedParts > xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";> > <sp:Body/> > <sp:Header Name="Messaging" > Namespace="http://docs.oasis-open.org/ebxml-msg/ebms/v3.0/ns/core/200704/"; > /> > <sp:Attachments /> > </sp:SignedParts> > </wsp:All> > </wsp:ExactlyOne> > </wsp:Policy> > > -- http://ruchith.org --------------------------------------------------------------------- To unsubscribe, e-mail: java-dev-unsubscr...@axis.apache.org For additional commands, e-mail: java-dev-h...@axis.apache.org
