Hi Sihem, Find my comments in-line;
On Jan 16, 2008 2:44 PM, Sihem <[EMAIL PROTECTED]> wrote: > Hello Ruwan, > > 1) I use synapse as a proxy with http transport enabled: > <proxy name="CalculatorProxy" trace="enable" transports="http"> > When I use transports="https", the connection with the client does not > work at all. On the client side you must set -Djavax.net.ssl.trustStore=<path to trust.jks> and -Djavax.net.ssl.trustStorePassword=<password> for the actual key stores used. Check samples/axis2Client/build.xml for more information. > I found no way to configure synapse in order to use http between the > client and synapse and https between synapse and the web service. You could do this by pointing to the https endpoint of the server on the endpoint definition. You will also need to import either your external server's certificate or the certificate of the CA who signed it as a trusted certificate entry to the trust.jks (eg/ keytool -import -alias <server_ca> -v -trustcacerts -keystore trust.jks -file <server_ca>.der.cer) > > When I use transports="all", I have this error: > 2008-01-16 10:09:55,380 [127.0.0.1-localhost.localdomain] [main] WARN > VFSTransportListener Error configuring the File/VFS transport for Service : > CalculatorProxy :: Cannot find parameter : transport.vfs.FileURI for > service : CalculatorProxy This is because transport="all" implies that the newly added VFS transport is also used when exposing the service, and it requires an additional service parameter to configure the file location for it to communicate. So this is acceptable. > > 2) When I start synapse, the following log lines are displayed: > 2008-01-16 09:49:30,618 [127.0.0.1-localhost.localdomain] [main] DEBUG > HttpCoreNIOSSLListener Loading Key Store from URL : > file:/home/sihem/programs/synapse-1.1/lib/identity.jks > 2008-01-16 09:49:30,632 [127.0.0.1-localhost.localdomain] [main] DEBUG > HttpCoreNIOSSLListener Loading Trust Key Store from URL : > file:/home/sihem/programs/synapse-1.1/lib/trust.jks > > Can you confirm me that identity.jks contains synapse certificate and > trust.jks contains all the certificates of authority certification trusted > by synapse? Yes, you are correct. > > 3) I copied identity.jks into glassfish/domains/domain1/config/ and I > restarted glassfish. But I have still the same exception Unless you are using 2-way SSL you will not need to configure anything on your GlassFish server side in order to get the https working, I think. What is the ws-sec provider implementation used by the GlassFish server (I don't think Rampart can inter operate with GlassFish) and what is the policy file you used on the GlassFish? > > 4) In policy_3.xml, store.jks is also used: > <ramp:property name="org.apache.ws.security.crypto.merlin.file > ">repository/conf/sample/resources/security/store.jks</ramp:property> > Can you explain me what this file is intended to ? This policy states that ws-sec/rampart should be using the above store.jksfile for its signing and encryption purposes Thanks, Ruwan > You will find in attachment the synapse configuration I use. > Thank you very much for your help! > Sihem > > > *Ruwan Linton <[EMAIL PROTECTED]>* a écrit : > > Hi Sihem, > > Are you using https to talk to GlassFish? and also have you put the trust > store (identity.jks) in to the class path of the GlassFish server? > > If you did so, then can you send the policy that you are using on the > GlassFish server to engage rampart. > > Can you please provide the above information so that we can help you in > resolving this issue. > > Thanks, > Ruwan > > On Jan 15, 2008 11:26 PM, Sihem wrote: > > > Hello, > > I am trying to use WS-Security between synapse and the web service. I > used > > sample 100 and the policy file named policy_3.xml. It does not work > because > > I do not know how to confogure rampart. > > GlassFish returns this error to synapse: > > sun.security.provider.certpath.SunCertPathBuilderException: > > unable to find valid certification path to requested target > > > > I think the error is due to the fact that some elements are not share > with > > glassfish that cannot authenticate the message. I searched wsO2 for how > to > > configure keystore but I found nothing that can help me. > > Can you, please, give me a little explanation on how to set a secure > > conversation between synapse and a web service ? > > Thank you by advance, > > Sihem > > > > > > --------------------------------- > > Ne gardez plus qu'une seule adresse mail ! Copiez vos mails vers Yahoo! > > Mail > > > > > > -- > Ruwan Linton > http://www.wso2.org - "Oxygenating the Web Services Platform" > > > ------------------------------ > Ne gardez plus qu'une seule adresse mail ! Copiez vos > mails<http://fr.rd.yahoo.com/mail/mail_taglines/trueswitch/*http://www.trueswitch.com/yahoo-fr/>vers > Yahoo! Mail > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > -- Ruwan Linton http://www.wso2.org - "Oxygenating the Web Services Platform"
