Ron, first of all - I would assume that this example does not work because in the second part you miss the user/callback etc parts required to perform Signature.
Acoording to the other questions - same namespace/local name, yes this could be a problem. I'll have a look but AFAIK this could cause some trouble :-) if you have two or more security headers that contain username tokens. Regards, Werner > -----Ursprüngliche Nachricht----- > Von: Ron Reynolds [mailto:[EMAIL PROTECTED] > Gesendet: Donnerstag, 20. Oktober 2005 20:53 > An: [email protected] > Betreff: handlers - are 2 the same as 1? header actors? how > to distinguish 1 part from another? > > > is there any real difference between this: > > <handler type="java:org.apache.ws.axis.security.WSDoAllSender"> > <parameter name="action" > value="UsernameToken Signature"/> > <parameter name="actor" value="clientId"/> > <parameter name="user" value="test-client"/> > <parameter name="passwordCallbackClass" > value="com.amgen.seattle.appdev.freezer.webservice.client.call > back.TestPWCallback"/> > <parameter name="signaturePropFile" > value="crypto.properties" /> > <parameter name="signatureParts" > > value="{Element}{http://docs.oasis-open.org/wss/2004/01/oasis- > 200401-wss-wssecurity-secext-1.0.xsd}UsernameToken;{Content}{h ttp://schemas.xmlsoap.org/soap/envelope/}Body"/> > </handler> > > and this? > > <!-- add the header that carries the client's id --> > <handler type="java:org.apache.ws.axis.security.WSDoAllSender"> > <parameter name="action" > value="UsernameToken"/> > <parameter name="actor" value="clientId"/> > <parameter name="user" value="test-client"/> > <parameter name="passwordCallbackClass" > value="com.amgen.seattle.appdev.freezer.webservice.client.call > back.TestPWCallback"/> > </handler> > > <!-- add the header that carries the signature --> > <handler type="java:org.apache.ws.axis.security.WSDoAllSender"> > <parameter name="action" value="Signature"/> > <parameter name="actor" value="clientSig"/> > <parameter name="signaturePropFile" > value="crypto.properties" /> > <parameter name="signatureParts" > > value="{Element}{http://docs.oasis-open.org/wss/2004/01/oasis- > 200401-wss-wssecurity-secext-1.0.xsd}UsernameToken;{Content}{h ttp://schemas.xmlsoap.org/soap/envelope/}Body"/> > </handler> > > (other than the fact that the second one uses a different > SOAPHeader actor for its sig? > > which brings up another question - i know that if i have 2 > UsernameToken headers in the same SOAP message i seperate > them using different actors - is there any reason to (or not > to) do the same with, say, a UsernameToken and a > Signature? > > oh, and one other question - the signatureParts string > references a UsernameToken, but in my message there are 2 - one > for the user and one for the client - will the signature be > for both combined? how would you distinguish one element > from another if they had identical (namespace + name) in a > *Parts string? > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
