Re: [xfire-user] WS-Security example

Tue, 16 Jan 2007 04:17:51 -0800 

Sure

On 1/16/07, Antonio Lourinho <[EMAIL PROTECTED]> wrote:

Hello,

Please allow me to correct this information:

I managed to configure security for the client do cypher and sign the
request and for the server to cypher the response. This works
correctly.

Is it possible for the server to also sign the response?

Thanks in advance,
Antonio Lourinho



On 1/16/07, Antonio Lourinho <[EMAIL PROTECTED]> wrote:
> Hello,
>
> I did just that. I have two keystores, both containing the personal
> private key and the other participant public key certificate.
>
> I have configured in the server the following:
>
> <service>
>     <name>ClientInformationListSec</name>
>     
<namespace>http://pt.brisa.integration.viaverde/ClientInformationListWS</namespace>
>     
<serviceClass>pt.brisa.clientinformationlist.integration.ws.ClientInformationListWS</serviceClass>
>     <inHandlers>
>         <handler handlerClass="org.codehaus.xfire.util.dom.DOMInHandler" />
>         <bean class="org.codehaus.xfire.security.wss4j.WSS4JInHandler" 
xmlns="">
>             <property name="properties">
>                 <props>
>                     <prop key="action">Encrypt Signature UsernameToken</prop>
>                     <prop
> key="decryptionPropFile">META-INF/xfire/insecurity_enc.properties</prop>
>                     <prop
> key="signaturePropFile">META-INF/xfire/insecurity_sign.properties</prop>
>                     <prop
> key="passwordCallbackClass">org.codehaus.xfire.demo.PasswordHandler</prop>
>                 </props>
>             </property>
>         </bean>
>
>         <handler
> handlerClass="org.codehaus.xfire.demo.ValidateUserTokenHandler" />
>     </inHandlers>
>
>     <outHandlers>
>         <handler handlerClass="org.codehaus.xfire.util.dom.DOMOutHandler" />
>         <bean class="org.codehaus.xfire.security.wss4j.WSS4JOutHandler"
> xmlns="">
>             <property name="properties">
>                 <props>
>                     <prop key="action">Encrypt Signature</prop>
>                     <prop
> 
key="encryptionPropFile">META-INF/xfire/server_outsecurity_enc.properties</prop>
>                     <prop
> 
key="signaturePropFile">META-INF/xfire/server_outsecurity_sign.properties</prop>
>                     <prop
> key="passwordCallbackClass">org.codehaus.xfire.demo.PasswordHandler</prop>
>                 </props>
>             </property>
>         </bean>
>     </outHandlers>
>     <properties>
>         <property key="mtom-enabled">true</property>
>     </properties>
> </service>
>
> and in the the client:
>
>         properties.setProperty(WSHandlerConstants.ACTION,
> WSHandlerConstants.ENCRYPT + " " + WSHandlerConstants.SIGNATURE + " "
> + WSHandlerConstants.USERNAME_TOKEN);
>         // set user used to encrypt message
>         properties.setProperty(WSHandlerConstants.ENCRYPTION_USER,
> "serveralias");
>
>         //sender username for signature
>         properties.setProperty(WSHandlerConstants.USER, "client-344-839");
>
>         // Configuration of public key used to encrypt message goes to
> properties file.
>         properties.setProperty(WSHandlerConstants.ENC_PROP_FILE,
>
> "org/codehaus/xfire/client/outsecurity_enc.properties");
>
>         //properties file for signature
>         properties.setProperty(WSHandlerConstants.SIG_KEY_ID, "IssuerSerial");
>         properties.setProperty(WSHandlerConstants.SIG_PROP_FILE,
>                 "org/codehaus/xfire/client/outsecurity_sign.properties");
>
>         // Specyfy callback class to retrive passwords
>         properties.setProperty(WSHandlerConstants.PW_CALLBACK_CLASS,
> PasswordHandler.class
>                 .getName());
>
>
> An error occurs:
>
> MIT: 345281 [http-8585-Processor23] INFO
> org.codehaus.xfire.handler.DefaultFaultHandler  - Fault occurred!
> org.codehaus.xfire.fault.XFireFault: WSS4JInHandler: security
> processing failed(actions mismatch)
>         at 
org.codehaus.xfire.security.wss4j.WSS4JInHandler.invoke(WSS4JInHandler.java:239)
>         at 
org.codehaus.xfire.handler.HandlerPipeline.invoke(HandlerPipeline.java:131)
>         at 
org.codehaus.xfire.transport.DefaultEndpoint.onReceive(DefaultEndpoint.java:64)
>         at 
org.codehaus.xfire.transport.AbstractChannel.receive(AbstractChannel.java:38)
>         at 
org.codehaus.xfire.transport.http.XFireServletController.invoke(XFireServletController.java:278)
>         at 
org.codehaus.xfire.transport.http.XFireServletController.doService(XFireServletController.java:130)
>         at 
org.codehaus.xfire.transport.http.XFireServlet.doPost(XFireServlet.java:116)
>         at javax.servlet.http.HttpServlet.service(HttpServlet.java:709)
>         at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
>         at 
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
>         at 
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
>         at 
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
>         at 
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
>         at 
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
>         at 
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
>         at 
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
>         at 
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
>         at 
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
>         at 
org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664)
>         at 
org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
>         at 
org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)
>         at 
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
>         at java.lang.Thread.run(Thread.java:595)
>
> The configuration is symetric. Is there an easy way to know what is the 
problem?
>
> Thanks in advance,
> António Lourinho
>
> On 1/15/07, Tomek Sztelak <[EMAIL PROTECTED]> wrote:
> > >
> > > Is there any example of signature+cypher both ways available 
(WS-Security)?
> > >
> >
> > No, but configurations of client and server are symmtric, so you can
> > just use example of signature + encryption and copy configuration on
> > other side.
> >
> > ---------------------------------------------------------------------
> > To unsubscribe from this list please visit:
> >
> >     http://xircles.codehaus.org/manage_email
> >
> >
>

---------------------------------------------------------------------
To unsubscribe from this list please visit:

    http://xircles.codehaus.org/manage_email





--
-----
When one of our products stops working, we'll blame another vendor
within 24 hours.

---------------------------------------------------------------------
To unsubscribe from this list please visit:

   http://xircles.codehaus.org/manage_email

Reply via email to