Brian, see modified WSDD below. The name has to be the alias name to the receiver's (server's) certificate because for encryption you have to use the public key of the receiver. The receiver then uses its private key to decrypt.
This mandats that your client has the server's certificate in its keystore. Regards, Werner > -----Ursprüngliche Nachricht----- > Von: Brian Shields [mailto:[EMAIL PROTECTED] > Gesendet: Donnerstag, 29. September 2005 12:34 > An: Dittmann, Werner > Cc: [email protected] > Betreff: Re: AW: Callback supplied no password for: null > > > Thanks for the reply Werner, > Do you specify this parameter in the axis client config file > or in the > deployment file of the service? Should the value of this > parameter match > the user being checked in the password callback class or the alias of > the key? > My client config file looks like: > ... > <requestFlow> > <handler > type="java:org.apache.ws.axis.security.WSDoAllSender" > > <parameter name="action" value="UsernameToken > Encrypt"/> > <parameter name="user" value="brian"/> > <parameter name="passwordCallbackClass" > value="com.iwise.security.client.PW_Callback"/> > <parameter name="passwordType" value="PasswordText" /> > <parameter name="addUTElement" value="Nonce > Created" /> > <parameter name="encryptionPropFile" > value="crypto.properties" /> --> <parameter name="encryptionUser"="someName" /> > <parameter name="encryptionKeyIdentifier" > value="X509KeyIdentifier" /> > <parameter name="encryptionParts" > value="{Element}{http://docs.oasis-open.org/wss/2004/01/oasis- > 200401-wss-wssecurity-secext-1.0.xsd}UsernameToken" > /> > </handler> > </requestFlow> > ... > my service deploy file looks like: > ... > <requestFlow> > <handler > type="java:org.apache.ws.axis.security.WSDoAllReceiver"> > <parameter name="passwordCallbackClass" > value="com.iwise.security.testService.IWISE_PWCallback"/> > <parameter name="action" value="UsernameToken > Encrypt"/> > <parameter name="decryptionPropFile" > value="crypto.properties" /> > </handler> > </requestFlow> > ... > The username being examined in the callback class is "brian". > > Thanks, > Brian. > > Dittmann, Werner wrote: > > >Brian, > > > >did you use the parameter "encryptUser" that defines > >the "recieving user" of the encrypted message. The sender has > >to use the public key of the receiver to encrypt, thus > >you have to use this parameter. > > > >During Signature the the private key of the "sending user" > >is used to sign the request message (the parameter "user") > > > >Regards, > >Werner > > > > > > > > > >>-----Ursprüngliche Nachricht----- > >>Von: Brian Shields [mailto:[EMAIL PROTECTED] > >>Gesendet: Mittwoch, 28. September 2005 22:58 > >>An: [email protected] > >>Betreff: Callback supplied no password for: null > >> > >> > >>Hi all, > >>I am having trouble encrypting portions of the SOAP message. What I > >>(think) i have got working is sending a username and password > >>digest to > >>a service, envoking the service sucessfully and getting my > >>response. I > >>am using the PasswordCallback class. However, i am now trying > >>to encrypt > >>the username token in the Security tag of the soap header. > >>When this is > >>sent to the server and decrypted (i can only assume > successfully as i > >>get no error), I get returned the error > >>org.apache.ws.security.WSSecurityException: General security error > >>(WSSecurityEngine: Callback supplied no password for: null) > >>Does this mean that the message was not decrypted > >>successfully? It seems > >>to pass the decryption stage and get stuck in the Callback class, > >>obviously there is no password associated with "null". > >> > >>Brian. > >> > >>------------------------------------------------------------ > --------- > >>To unsubscribe, e-mail: [EMAIL PROTECTED] > >>For additional commands, e-mail: [EMAIL PROTECTED] > >> > >> > >> > >> > > > >--------------------------------------------------------------------- > >To unsubscribe, e-mail: [EMAIL PROTECTED] > >For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
