If you think your experience could benefit the documentation in the XFire wiki (http://xfire.codehaus.org/WS-Security) - maybe you could edit this documentation and add your knowledge?
Thanks! -Brice -----Original Message----- From: Antonio Lourinho [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 16, 2007 10:09 AM To: [email protected] Subject: Re: [xfire-user] WS-Security example Tomek, Thank you for your help. Without your help i wouldn't have made it, despite of the increasing stupidity of my questions (i was becoming desperate). Anyway, the property missing on the server was: <prop key="user">serveralias</prop> If you want this example to include in the xfire distribution please let me know. Thanks, António Lourinho On 1/16/07, Antonio Lourinho <[EMAIL PROTECTED]> wrote: > Dear x, > > Im sorry for insisting on this issue...but when i include the > configuration for signing the response all goes well (the service > class implementation is called) until the signature is tryed on the > server: > > org.codehaus.xfire.fault.XFireFault: WSDoAllSender: Empty username for > specified action > at > org.codehaus.xfire.security.wss4j.WSS4JOutHandler.invoke(WSS4JOutHandler.java:113) > at > org.codehaus.xfire.handler.HandlerPipeline.invoke(HandlerPipeline.java:131) > at > org.codehaus.xfire.service.binding.PostInvocationHandler.invoke(PostInvocationHandler.java:36) > at > org.codehaus.xfire.handler.HandlerPipeline.invoke(HandlerPipeline.java:131) > at > org.codehaus.xfire.transport.DefaultEndpoint.onReceive(DefaultEndpoint.java:64) > at > org.codehaus.xfire.transport.AbstractChannel.receive(AbstractChannel.java:38) > at > org.codehaus.xfire.transport.http.XFireServletController.invoke(XFireServletController.java:278) > at > org.codehaus.xfire.transport.http.XFireServletController.doService(XFireServletController.java:130) > at > org.codehaus.xfire.transport.http.XFireServlet.doPost(XFireServlet.java:116) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:709) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:802) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173) > at > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213) > at > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178) > at > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126) > at > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105) > at > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107) > at > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148) > at > org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869) > at > org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664) > at > org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527) > at > org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80) > at > org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684) > at java.lang.Thread.run(Thread.java:595) > > Is there something missing in the services.xml? (there isnt any > example of this - server signing). > <outHandlers> > <handler handlerClass="org.codehaus.xfire.util.dom.DOMOutHandler" /> > <bean class="org.codehaus.xfire.security.wss4j.WSS4JOutHandler" > xmlns=""> > <property name="properties"> > <props> > <prop key="action">Encrypt UsernameToken Signature</prop> > <prop > key="encryptionPropFile">META-INF/xfire/server_outsecurity_enc.properties</prop> > <prop > key="passwordCallbackClass">org.codehaus.xfire.demo.PasswordHandler</prop> > > <prop > key="signaturePropFile">META-INF/xfire/server_outsecurity_sign.properties</prop> > > </props> > </property> > </bean> > </outHandlers> > > Thank you very much, > António Lourinho > > On 1/16/07, Tomek Sztelak <[EMAIL PROTECTED]> wrote: > > Sure > > > > On 1/16/07, Antonio Lourinho <[EMAIL PROTECTED]> wrote: > > > Hello, > > > > > > Please allow me to correct this information: > > > > > > I managed to configure security for the client do cypher and sign the > > > request and for the server to cypher the response. This works > > > correctly. > > > > > > Is it possible for the server to also sign the response? > > > > > > Thanks in advance, > > > Antonio Lourinho > > > > > > > > > > > > On 1/16/07, Antonio Lourinho <[EMAIL PROTECTED]> wrote: > > > > Hello, > > > > > > > > I did just that. I have two keystores, both containing the personal > > > > private key and the other participant public key certificate. > > > > > > > > I have configured in the server the following: > > > > > > > > <service> > > > > <name>ClientInformationListSec</name> > > > > > > > > <namespace>http://pt.brisa.integration.viaverde/ClientInformationListWS</namespace> > > > > > > > > <serviceClass>pt.brisa.clientinformationlist.integration.ws.ClientInformationListWS</serviceClass> > > > > <inHandlers> > > > > <handler > > > > handlerClass="org.codehaus.xfire.util.dom.DOMInHandler" /> > > > > <bean class="org.codehaus.xfire.security.wss4j.WSS4JInHandler" > > > > xmlns=""> > > > > <property name="properties"> > > > > <props> > > > > <prop key="action">Encrypt Signature > > > > UsernameToken</prop> > > > > <prop > > > > key="decryptionPropFile">META-INF/xfire/insecurity_enc.properties</prop> > > > > <prop > > > > key="signaturePropFile">META-INF/xfire/insecurity_sign.properties</prop> > > > > <prop > > > > key="passwordCallbackClass">org.codehaus.xfire.demo.PasswordHandler</prop> > > > > </props> > > > > </property> > > > > </bean> > > > > > > > > <handler > > > > handlerClass="org.codehaus.xfire.demo.ValidateUserTokenHandler" /> > > > > </inHandlers> > > > > > > > > <outHandlers> > > > > <handler > > > > handlerClass="org.codehaus.xfire.util.dom.DOMOutHandler" /> > > > > <bean class="org.codehaus.xfire.security.wss4j.WSS4JOutHandler" > > > > xmlns=""> > > > > <property name="properties"> > > > > <props> > > > > <prop key="action">Encrypt Signature</prop> > > > > <prop > > > > key="encryptionPropFile">META-INF/xfire/server_outsecurity_enc.properties</prop> > > > > <prop > > > > key="signaturePropFile">META-INF/xfire/server_outsecurity_sign.properties</prop> > > > > <prop > > > > key="passwordCallbackClass">org.codehaus.xfire.demo.PasswordHandler</prop> > > > > </props> > > > > </property> > > > > </bean> > > > > </outHandlers> > > > > <properties> > > > > <property key="mtom-enabled">true</property> > > > > </properties> > > > > </service> > > > > > > > > and in the the client: > > > > > > > > properties.setProperty(WSHandlerConstants.ACTION, > > > > WSHandlerConstants.ENCRYPT + " " + WSHandlerConstants.SIGNATURE + " " > > > > + WSHandlerConstants.USERNAME_TOKEN); > > > > // set user used to encrypt message > > > > properties.setProperty(WSHandlerConstants.ENCRYPTION_USER, > > > > "serveralias"); > > > > > > > > //sender username for signature > > > > properties.setProperty(WSHandlerConstants.USER, > > > > "client-344-839"); > > > > > > > > // Configuration of public key used to encrypt message goes to > > > > properties file. > > > > properties.setProperty(WSHandlerConstants.ENC_PROP_FILE, > > > > > > > > "org/codehaus/xfire/client/outsecurity_enc.properties"); > > > > > > > > //properties file for signature > > > > properties.setProperty(WSHandlerConstants.SIG_KEY_ID, > > > > "IssuerSerial"); > > > > properties.setProperty(WSHandlerConstants.SIG_PROP_FILE, > > > > > > > > "org/codehaus/xfire/client/outsecurity_sign.properties"); > > > > > > > > // Specyfy callback class to retrive passwords > > > > properties.setProperty(WSHandlerConstants.PW_CALLBACK_CLASS, > > > > PasswordHandler.class > > > > .getName()); > > > > > > > > > > > > An error occurs: > > > > > > > > MIT: 345281 [http-8585-Processor23] INFO > > > > org.codehaus.xfire.handler.DefaultFaultHandler - Fault occurred! > > > > org.codehaus.xfire.fault.XFireFault: WSS4JInHandler: security > > > > processing failed(actions mismatch) > > > > at > > > > org.codehaus.xfire.security.wss4j.WSS4JInHandler.invoke(WSS4JInHandler.java:239) > > > > at > > > > org.codehaus.xfire.handler.HandlerPipeline.invoke(HandlerPipeline.java:131) > > > > at > > > > org.codehaus.xfire.transport.DefaultEndpoint.onReceive(DefaultEndpoint.java:64) > > > > at > > > > org.codehaus.xfire.transport.AbstractChannel.receive(AbstractChannel.java:38) > > > > at > > > > org.codehaus.xfire.transport.http.XFireServletController.invoke(XFireServletController.java:278) > > > > at > > > > org.codehaus.xfire.transport.http.XFireServletController.doService(XFireServletController.java:130) > > > > at > > > > org.codehaus.xfire.transport.http.XFireServlet.doPost(XFireServlet.java:116) > > > > at javax.servlet.http.HttpServlet.service(HttpServlet.java:709) > > > > at javax.servlet.http.HttpServlet.service(HttpServlet.java:802) > > > > at > > > > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252) > > > > at > > > > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173) > > > > at > > > > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213) > > > > at > > > > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178) > > > > at > > > > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126) > > > > at > > > > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105) > > > > at > > > > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107) > > > > at > > > > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148) > > > > at > > > > org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869) > > > > at > > > > org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664) > > > > at > > > > org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527) > > > > at > > > > org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80) > > > > at > > > > org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684) > > > > at java.lang.Thread.run(Thread.java:595) > > > > > > > > The configuration is symetric. Is there an easy way to know what is the > > > > problem? > > > > > > > > Thanks in advance, > > > > António Lourinho > > > > > > > > On 1/15/07, Tomek Sztelak <[EMAIL PROTECTED]> wrote: > > > > > > > > > > > > Is there any example of signature+cypher both ways available > > > > > > (WS-Security)? > > > > > > > > > > > > > > > > No, but configurations of client and server are symmtric, so you can > > > > > just use example of signature + encryption and copy configuration on > > > > > other side. > > > > > > > > > > --------------------------------------------------------------------- > > > > > To unsubscribe from this list please visit: > > > > > > > > > > http://xircles.codehaus.org/manage_email > > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe from this list please visit: > > > > > > http://xircles.codehaus.org/manage_email > > > > > > > > > > > > -- > > ----- > > When one of our products stops working, we'll blame another vendor > > within 24 hours. > > > > --------------------------------------------------------------------- > > To unsubscribe from this list please visit: > > > > http://xircles.codehaus.org/manage_email > > > > > --------------------------------------------------------------------- To unsubscribe from this list please visit: http://xircles.codehaus.org/manage_email --------------------------------------------------------------------- To unsubscribe from this list please visit: http://xircles.codehaus.org/manage_email
