Hans, thanks for the reply!
I am running v1.3 of Axis2/Rampart.
To answer your questions:
-Currently working towards policy.. Have been setting encryption in the
axis2.xml file temporarily.
-All Sync for the forseeable future
-Endpoint is set via code in the application
-Yes, the number of services will be quickly increasing. (We have 30+
endpoints, each endpoint is similar to the other, and, each endpoint will have
100 or more services in the end)
-The server side of the process is not Axis*, it is all under zOS (mainframe).
-No signatures
-Just encryption
I am not sure that configuration in the policy file will work, is this what you
are recommending? Perhaps I don't understand it well enough, unfortunately I
don't seem to find enough information on it.
Everything I need to know, I have in the application.
Or are you implying to do it in code? If so, do I need a policy.xml at all?
Perhaps these questions are simple, I just have not been able to find any good
reference material that can help... I feel like I have thoroughly searched the
net....
Again, thanks for the reply, I greatly appreciate the assistance!
-P
----- Original Message ----
From: Hans G Knudsen (JIRA) <[EMAIL PROTECTED]>
To: rampart-dev@ws.apache.org
Sent: Monday, December 17, 2007 4:10:43 AM
Subject: [jira] Issue Comment Edited: (RAMPART-25) Abilty to dynamically set
Encryption certificate on client
[
https://issues.apache.org/jira/browse/RAMPART-25?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12552362
]
hgk.lenio edited comment on RAMPART-25 at 12/17/07 2:09 AM:
-----------------------------------------------------------------
HI Pete!
What version of Axis2/Rampart are you running ? What policy are you
using ? Are you running sync or async ?
Does the number of services change often ?
What could work now with Axis2 1.3 (depending on the above) would be to
- keep all the receiver certificates in the signatureCrypto
- modify the value of the RampartConfig -> encryptionUser in your
policy to match your receiver
- and assign this policy to the service/operation before sending.
/hans
was (Author: hgk.lenio):
HI Pete!
What version of Axis/Rampart are you running ? What policy are you
using ? Are you running sync or async ?
Does the number of services change often ?
What could work now (depending on the above) would be to
- keep all the receiver certificates in the signatureCrypto
- modify the value of the RampartConfig -> encryptionUser in your
policy to match your receiver
- and assign this policy to the service/operation before sending.
/hans
> Abilty to dynamically set Encryption certificate on client
> ----------------------------------------------------------
>
> Key: RAMPART-25
> URL: https://issues.apache.org/jira/browse/RAMPART-25
> Project: Rampart
> Issue Type: Improvement
> Components: rampart-core
> Affects Versions: 1.1, 1.2, 1.3
> Reporter: Hans G Knudsen
>
> Hi!
> I was looking for a way to dynamically specify the encryption
certificate in a client, instead of specifying it statically in the
RampartConfig by defining the 'encryptionUser'.
> Looking at RampartUtil.setEncryptionUser it looked like the only way
to do it, was to resemble the 'useReqSigCert' option which makes the
server use the received signature certificate for encryption on a reply..
> This would look something like this...
> X509Certificate cert = fetchFromLdap( recipient );
> Vector results = new Vector();
> WSSecurityEngineResult wsser = new
WSSecurityEngineResult(WSConstants.SIGN, null, cert, null, new byte[0]);
> results.add( wsser );
>
> WSHandlerResult wshr = new WSHandlerResult("STRING",
results);
> Vector resultObj = new Vector();
> resultObj.add( wshr );
>
> clientOptions.setProperty(
WSHandlerConstants.RECV_RESULTS, resultObj );
> Would It be usefull to be able to specify the certificate as a
Rampart parameter/property - something like :
> clientOptions.serProperty(
RampartMessageData.ENCRYPTION_CERTIFICATE, cert );
> and have RampartUtil check 'encryptionUser' for eg 'useParamCert' and
use the transfered certificate for outgoing encryption.
> Should I supply a proposal as a diff ??
> /hans
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
____________________________________________________________________________________
Be a better friend, newshound, and
know-it-all with Yahoo! Mobile. Try it now.
http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
