Hi, Thanks, Nandana, for your info! I have tried to put couple of examples of policy.xml (also those which come with Rampart) into my project but not succeeded perfectly yet. If someone have a very simple example of policy.xml which only signs (no encryption) the Body, Timestamp and BinarySecurityToken in SOAP message I would be very happy!
This is my current (one of the versions I have tried) policy.xml: ***************************************************************** <wsp:Policy wsu:Id="SecConvPolicy2" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssec urity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";> <wsp:ExactlyOne> <wsp:All> <sp:SymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> <wsp:Policy> <sp:ProtectionToken> <wsp:Policy> <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/In cludeToken/AlwaysToRecipient"/> </wsp:Policy> </sp:ProtectionToken> <sp:AlgorithmSuite> <wsp:Policy> <sp:TripleDesRsa15/> </wsp:Policy> </sp:AlgorithmSuite> <sp:SignedParts> <sp:Body/> </sp:SignedParts> <sp:Layout> <wsp:Policy> <sp:Lax/> </wsp:Policy> </sp:Layout> <sp:IncludeTimestamp/> <sp:TokenProtection>true</sp:TokenProtection> </wsp:Policy> </sp:SymmetricBinding> <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy";> <ramp:user>client</ramp:user> <ramp:encryptionUser>client</ramp:encryptionUser> <ramp:passwordCallbackClass>org.xxx.ccc.pwdhandler.PWCBHandler</ramp:pas swordCallbackClass> <ramp:signatureCrypto> <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin"> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:prop erty> <ramp:property name="org.apache.ws.security.crypto.merlin.file">path/keys/client.jks</r amp:property> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">xxyyzz</ra mp:property> </ramp:crypto> </ramp:signatureCrypto> </ramp:RampartConfig> </wsp:All> </wsp:ExactlyOne> </wsp:Policy> BR, VP -----Original Message----- From: Nandana Mihindukulasooriya [mailto:[EMAIL PROTECTED] Sent: 26 March 2008 10:40 To: [email protected] Subject: Re: Signing the BinarySecurityToken Hi Veli-Pekka, Sorry for the late reply. You will be get this done easily in policy based configuration if it is an option for you. Parameter based is deprecated and it is always recommended to use the policy based configuration. We can set the [Token Protection] property true in the security binding assertion and the token used to sign the message is also signed. You can find more about WS Security policy in the article [1]. thanks, /nandana [1] - http://wso2.org/library/3132#secBindProps On Wed, Mar 26, 2008 at 1:05 PM, Veli-Pekka Rannila <[EMAIL PROTECTED]> wrote: > Hi, > > I still have problems with the item below. Is there any solution for > this by using OutflowSecurity in axis2.xml? Even negative reply is a > good reply :-) > > > > Thanks! > > > > > BR, > > VP > > > > ________________________________ > > From: Veli-Pekka Rannila > Sent: 19 March 2008 09:31 > > To: [email protected] > Subject: FW: Signing the BinarySecurityToken > > > > > > Hi again, > > I tried also to chain the outflow handler (using two action elements), > but with no luck. I received the same error than below. > > > > Has anyone encountered the same problem with the BinarySecurityToken? If > so, how did you manage to solve the situation? > > > > Replies/hints are very welcome! > > > > Thanks again! > > > > BR, > > VP > > > > ________________________________ > > From: Veli-Pekka Rannila > Sent: 18 March 2008 09:04 > To: [email protected] > Subject: Signing the BinarySecurityToken > > > > Hi all, > > I use Axis2 v1.3, Rampart v1.3 and Java 1.5 in my project. > > > > In this project I have to sign Body, Timestamp and BinarySecurityToken > (BST) in my SOAP message. Body and Timestamp seems to work OK but I have > problems with the BST. I have tried to put BinarySecurityElement inside > <signatureParts> element in my Axis2.xml but when I run my client I'll > receive the following error: > > > > "org.apache.axis2.AxisFault: WSHandler: Signature: error during message > processingorg.apache.ws.security.WSSecurityException: General security > error (WSEncryptBody/WSSignEnvelope: Element to encrypt/sign not found: > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utili > ty-1.0.xsd, BinarySecurityToken)" > > > > By reading the error it seems that BST element has not been created yet > when the signing happens. > > > > > > Below is part of my Axis2.xml (OutflowSecurity) when trying to sign only > the BinarySecurityToken: > > > > **************************************************** > > <parameter name="OutflowSecurity"> > > <action> > > <items>Timestamp Signature</items> > > <user>client</user> > > <signaturePropFile>client.properties</signaturePropFile> > > > <passwordCallbackClass>org.cco.service.pwdhandler.PWCBHandler</passwordC > allbackClass> > > > <signatureParts>{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-2 > 00401-wss-wssecurity-utility-1.0.xsd}BinarySecurityToken</signatureParts > > > > <signatureKeyIdentifier>DirectReference</signatureKeyIdentifier> > > </action> > > </parameter> > > **************************************************** > > > > > > Is there a solution for signing the BST by using the OutflowSecurity > definitions in Axis2.xml (like above)? Has "ProtectTokens" -element > something to do with this case (if it does, can you explain how to use > it)? > > > > This is quite urgent for me so any help is very much appreciate > <http://www.ilmainensanakirja.fi/trans?q=P-12.Q-appriciate.Q2-appreciate > > d! > > > > Thanks! > > > > Best Regards, > > VP > > > > -- Nandana Mihindukulasooriya Software Engineer WSO2 inc. http://nandana83.blogspot.com/ http://nandanasm.wordpress.com/
