Re: Sample for confidentiality on binding.ws

Tue, 30 Jun 2009 06:41:51 -0700 

No, sorry for the confusion Bob. I was trying out the store-secure
sample and found that that didn't work so I fixed that. Am now onto
the binding.ws case. What I've found out so far is that.

- The confidentiality we can apply through policy for binding.ws
drives the Axis2 configuration to apply message level encryption. To
turn this on we have to extend the policy to describe how encryption
will take place, for example,

                <ramp:encryptionCypto>
                    <ramp:crypto
provider="org.apache.ws.security.components.crypto.Merlin">
                        <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
                        <ramp:property
name="org.apache.ws.security.crypto.merlin.file">org/apache/tuscany/sca/binding/ws/axis2/itests/policy/wspolicy/tuscanyKeys.jks</ramp:property>
                        <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.password">TuscanyWsUserPasswd</ramp:property>
                    </ramp:crypto>
                </ramp:encryptionCypto>

- If you want to do transport level encryption (https) then it depends
how you're deploying tuscany.

-- If you're deploying in a webapp then you need to set up the
container appropriately and specify https on the servier uri

-- If you're using tuscany to fire up Jetty or Tuscany then I'm still
looking into that as it looks like we don't support the same security
context configuration as binding.http. When I provide https in the
service binding url it just fires off the default configuration for
the container, e.g. for me with jetty it goes looking for a keystore
at  C:\Documents and Settings\slaws\.keystore and prompts me for
passwords.

So the net of this is that if you want to do message level
confidentiality then it looks like we can set that up. For transport
level security I'm finding what you're finding, i.e. that binding.ws
doesn't take any notice of "tuscany:confidentiality" configuration. So
if you really need to do transport level things and want to control if
from policy then we'll have to do some work to enable it and look at
how to make sure that Axis has the correct configuration.

Sorry this is not turning out to be a simple answer.

Regards

Simon

Reply via email to