Hi, The helloworld-ws-service-secure and helloworld-ws-reference-secure also now include a case for 'integrity'. For the confidentiality we haven't yet included anything in the sample as we have trouble with including BouncyCastle due to IP related issues.
Thanks. - Venkat On 10/28/07, Ashwini Kumar J <[EMAIL PROTECTED]> wrote: > > Hi *Venkata Krishnan,* > > Your work is appreciable. I tried the helloworld-ws-service-secure sample > and was facing some problems which I could resolve with the help of this > mail, Thank you. > Now I want to try out other policy features like wsConfidentialityPolicy & > integrity, as you are a head of us in this area, i would be very grateful > if > you could share the link for the samples you have developed. > > > Thanks & Regards, > Ashwini Kumar > > > > On 10/23/07, Venkata Krishnan <[EMAIL PROTECTED]> wrote: > > > > Hi, > > > > I have added some minor updates to the the helloworld-ws-service-secure > > and > > helloworld-ws-reference-secure samples to given an idea of how simple > > authentication around userid and passwords could be performed. > > > > I have also added one more component that uses a policyset with > > ws-security-policy assertions for implementing message integrity - again > > courtesy - Rampart samples :) > > > > Hope all this helps a bit. > > > > Thanks > > > > - Venkat > > > > On 10/16/07, Dietrich, Björn <[EMAIL PROTECTED]> wrote: > > > > > > Hi Vankat, > > > > > > First thank you very much. > > > > > > I will check the rampart documentation. > > > > > > Thanks > > > Björn > > > > > > > > > -----Ursprüngliche Nachricht----- > > > Von: Venkata Krishnan [mailto:[EMAIL PROTECTED] > > > Gesendet: Dienstag, 16. Oktober 2007 09:44 > > > An: [email protected] > > > Betreff: Re: Helloworld Webservice and Security Policies > > > > > > Hi, > > > > > > I am not a security specialist and I picked up this ws security > handling > > > from the rampart tutorials and samples I went through. So from what I > > > understand... > > > > > > - In the client side handler you could set the passwords for various > > > client identities. > > > - On the server side this is the handler that you use to retrieve the > > > passwords from the handler on one side and then prob. from some user > > > registry and do a comparison. If the passwords match you return > > otherwise > > > you throw an exception from the handler. > > > > > > Here is a snippet that I picked up for this from the rampart samples > for > > a > > > typical server side handler. Not that this method has to be precisely > > this > > > way, it is more to give you an idea of what typcially goes on in the > > server > > > side handler. > > > > > > public class PWCBHandler implements CallbackHandler { > > > > > > public void handle(Callback[] callbacks) throws IOException, > > > UnsupportedCallbackException { > > > for (int i = 0; i < callbacks.length; i++) { > > > > > > //When the server side need to authenticate the user > > > WSPasswordCallback pwcb = > (WSPasswordCallback)callbacks[i]; > > > if (pwcb.getUsage() == > > > WSPasswordCallback.USERNAME_TOKEN_UNKNOWN) > > > { > > > if(pwcb.getIdentifer().equals("alice") && > > > pwcb.getPassword().equals("bobPW")) > > > { > > > return; > > > } else { > > > throw new > UnsupportedCallbackException(callbacks[i], > > > "check failed"); > > > } > > > } > > > > > > //When the client requests for the password to be added in > > to > > > the > > > //UT element > > > pwcb.setPassword("bobPW"); > > > } > > > } > > > } > > > > > > Hope this helps. Let me know if you still have trouble getting things > > in > > > place and I'd be happy to help you further. > > > > > > Thanks > > > > > > - Venkat > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > On 10/15/07, Dietrich, Björn <[EMAIL PROTECTED]> wrote: > > > > > > > > Hi, > > > > > > > > > > > > I tried to understand the helloworld-ws-reference-secure and > > > > helloworld-ws-service-secure example, provided with the SCA Version > > 1.0. > > > > > > > > In the defintions.xml there are Policies defined for security. I > think > > > > the Username is provided directly in this Policy-file. > > > > For both client and service a callback-classes to determe the > password > > > > are defined. > > > > > > > > <passwordCallbackClass>helloworld.ClientPWCBHandler > > > </passwordCallbackClass>" > > > > + > > > > > > > > <passwordCallbackClass>helloworld.ServerPWCBHandler > > > > </passwordCallbackClass> > > > > > > > > The implementations of server callback and client callback are > > > > identical.So I suppose that the tuscany runtime calls this callbacks > > > > to > > > > > > > > get the password form client and server-side and compares them. > > > > > > > > public void handle(Callback[] callbacks) throws IOException, > > > > > > > > UnsupportedCallbackException { > > > > > > > > for (int i = 0; i < callbacks.length; i++) { > > > > > > > > System.out.println("*** Calling Client UserId/Password Handler .... > > > > "); > > > > > > > > WSPasswordCallback pwcb = (WSPasswordCallback)callbacks[i]; > > > > > > > > //System.out.println( pwcb.getPassword()); > > > > > > > > pwcb.setPassword("TuscanyWsUserPasswd"); > > > > > > > > //System.out.println( pwcb.getPassword()); > > > > > > > > } > > > > > > > > } > > > > > > > > Now I changed the password one client-side to > > > > > > > > pwcb.setPassword("123"); > > > > > > > > > > > > > > > > I expected that the call of the WS would fail, but to my supprise I > > > > could still call the Service. > > > > > > > > I want to implement a gui on client side where the user has to enter > > > > user and password. On server side I want to check these > user/password > > > > against some configuration-file. > > > > > > > > I suppose that one can implement the username also as callback, but > I > > > > did not find any documentation on that. > > > > > > > > I want to services in tunscany-java which use security and are > > > > conversation-based. Is there a documentation how to implement these > > > > policies with tuscany. > > > > > > > > From my understanding the <tuscany:wsConfigParam> section is > specific > > > > to Tuscany. What subnotes are allowed inside this section ? > > > > > > > > > > > > > > > > thanks for your help > > > > > > > > > > > > > > > > Björn Dietrich > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > CENIT AG Systemhaus, Industriestrasse 52-54, 70565 Stuttgart, Tel.: > > > > +49 > > > > 711 7825-30, Fax: +49 711 7825-4000, Internet: www.cenit.de > > > > Geschaeftsstellen: Berlin, Duesseldorf, Frankfurt, Hamburg, > Hannover, > > > > Muenchen, Saarbruecken > > > > Vorstandsmitglieder: Kurt Bengel, Christian Pusch > > > > Aufsichtsratsmitglieder: Falk Engelmann (Vorsitzender des > > > > Aufsichtsrats), Hubert Leypoldt, Dr. Dirk Lippold > > > > Bankverbindungen: Deutsche Bank (BLZ 600 700 70) Kto. 1661 040, > > > > Commerzbank (BLZ 600 400 71) Kto. 532 015 500, BW-Bank (BLZ 600 501 > > 01) > > > Kto. > > > > 2 403 313 > > > > Registergericht: Amtsgericht Stuttgart > > > > Handelsregister: HRB Nr. 19117 > > > > Umsatzsteuer: ID-Nr. DE 147 862 777 > > > > > > > > > > > > > CENIT AG Systemhaus, Industriestrasse 52-54, 70565 Stuttgart, Tel.: > +49 > > > 711 7825-30, Fax: +49 711 7825-4000, Internet: www.cenit.de > > > Geschaeftsstellen: Berlin, Duesseldorf, Frankfurt, Hamburg, Hannover, > > > Muenchen, Saarbruecken > > > Vorstandsmitglieder: Kurt Bengel, Christian Pusch > > > Aufsichtsratsmitglieder: Falk Engelmann (Vorsitzender des > > Aufsichtsrats), > > > Hubert Leypoldt, Dr. Dirk Lippold > > > Bankverbindungen: Deutsche Bank (BLZ 600 700 70) Kto. 1661 040, > > > Commerzbank (BLZ 600 400 71) Kto. 532 015 500, BW-Bank (BLZ 600 501 > 01) > > Kto. > > > 2 403 313 > > > Registergericht: Amtsgericht Stuttgart > > > Handelsregister: HRB Nr. 19117 > > > Umsatzsteuer: ID-Nr. DE 147 862 777 > > > > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > >
