Hi,
I see one major issue here in using the Rahas WS-Trust impl.
Rahas supports only the two latest versions of WS-Trust. Therefore we
have support for 2005/02 version and 2005/12 (WS-SX) version.
Therefore if you want to stick to 2004/04 version of WS-Trust you will
have to manually build the WS-Trust specific tokens.
Is it possible for you to use a later version? If not you will have to
get your hands dirty with AXIOM :-) and construct the request
manually.
Thanks,
Ruchith
On 7/24/06, Shyam Shukla <[EMAIL PROTECTED]> wrote:
Ruchith thanks once again for your kind suggestion.
The exact format of SOAP body that I have to create is as below:
<soap:Body>
<wst:RequestSecurityToken
xmlns:wst="http://schemas.xmlsoap.org/ws/2004/04/trust";>
<wst:TokenType>urn:oasis:names:tc:SAML:1.0:assertion#Assertion</wst:TokenTyp
e>
<wst:RequestType>http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue<
/wst:RequestType>
<wst:Base>
<wsse:UsernameToken
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit
y-utility-1.0.xsd"
wsu:Id="SecurityToken-f2b83dc5-33e4-4f32-9195-8eb1b87179bb">
<wsse:Username>SC789LKG3CHS</wsse:Username>
<wsse:Password
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token
-profile-1.0#PasswordDigest">
CQLsBWC3oxXyxGNWdIhAYWoXKZE=
</wsse:Password>
<wsse:Nonce>hPoIb95U7g5SBBeBuOONpQ==</wsse:Nonce>
<wsu:Created>2005-09-05T14:31:59Z</wsu:Created>
</wsse:UsernameToken>
</wst:Base>
<wsp:AppliesTo
xmlns:wsp="http://schemas.xmlsoap.org/ws/2002/12/policy";>
<wsa:EndpointReference>
<wsa:Address>urn:mosw.test.com:target1</wsa:Address>
</wsa:EndpointReference>
</wsp:AppliesTo>
<wst:LifeTime>
<wsu:Expires>2005-09-05T18:32:00Z</wsu:Expires>
</wst:LifeTime>
</wst:RequestSecurityToken>
</soap:Body>
I went through the "TrustUtil.java" file and it looks promising to implement
this format except "<wst:Base>" tag because I don't see any method to
implement this tag which could contain UsernameToken tag as its child
element.
Could you please tell me what other classes will be required from "Apache
Rahas" source code to implement this?
Best Regards,
Shyam Shukla
-----Original Message-----
From: Ruchith Fernando [mailto:[EMAIL PROTECTED]
Sent: Monday, July 24, 2006 1:37 PM
To: Shyam Shukla
Cc: [email protected]
Subject: Re: WSHandler: Signature: unknown key identification
Oh ... my bad ... I thought you are using Axis1.x stuff ... that's
why I pointed you to the DOM AppliesTo element :-)
If you are using AXIOM the piece of code that provides you this is in
org.apache.rahas.TrustUtil#createAppliesToElement(OMElement parent,
String address) [1]
WS-Trust support for Axis2 is being developed as Apache Rahas within
the Axis2 code base. If you are looking for a client components to
talk to a SecrityTokenService then there are a set of utility methods
available in Rahas [1].
HTH
Thanks,
Ruchith
[1]
https://svn.apache.org/repos/asf/webservices/axis2/trunk/java/modules/rahas/
src/org/apache/rahas/TrustUtil.java
On 7/24/06, Shyam Shukla <[EMAIL PROTECTED]> wrote:
> Thanks a lot Ruchith for guiding me to solve my problems.
> Now my only concern is left how to associate AppliesTo class with my
client
> program to create SOAP request body format mentioned in this email.
> My client program is as below:
>
> << Start of Client Code >>
>
> public class ClientWebSecurityToken {
>
> /**
> * @param args
> */
> public static void main(String[] args) {
> try {
>
> OMElement payload = getEchoElement();
> ConfigurationContext configContext =
>
ConfigurationContextFactory.createConfigurationContextFromFileSystem("E:\\Sh
> yam\\WSSecurityTestCase\\client_repo", "E:\\Shyam\\WSSecurityTestCase
> \\client_repo\\conf\\axis2.xml");
> ServiceClient serviceClient = new ServiceClient(configContext,
> null);
> //serviceClient.engageModule(new
QName("rampart"));
> Options options = new Options();
> options.setTo(new EndpointReference("http://127.0.0.1:1234"; +
> "/axis2/services/WSSecurityTestCaseService"));
> options.setTransportInProtocol(Constants.TRANSPORT_HTTP);
> options.setProperty(Constants.Configuration.ENABLE_MTOM,
> Constants.VALUE_TRUE);
> options.setAction("urn:echo");
> serviceClient.setOptions(options);
>
> //Blocking invocation
> OMElement result = serviceClient.sendReceive(payload);
>
> StringWriter writer = new StringWriter();
> result.serialize(XMLOutputFactory.newInstance()
> .createXMLStreamWriter(writer));
> writer.flush();
>
> System.out.println("Response: " + writer.toString());
>
> System.out.println("UKGateWayTestService Invocation successful
> :-)");
> } catch (AxisFault axisFault) {
> axisFault.printStackTrace();
> } catch (XMLStreamException e) {
> e.printStackTrace();
> }
> }
>
> private static OMElement getEchoElement() {
> OMFactory fac = OMAbstractFactory.getOMFactory();
> OMNamespace omNs = fac.createOMNamespace(
> "http://example1.org/example1";, "example1");
> OMElement method = fac.createOMElement("echo", omNs);
> OMElement value = fac.createOMElement("Text", omNs);
> value.addChild(fac.createOMText(value, "Axis2 Echo String "));
> method.addChild(value);
>
> return method;
> }
>
> }
>
> << End of Client Code >>
>
> This client program is using AXIOM APIs while AppliesTo class is using DOM
> APIs which I believe can not be interoperated.
> So please help me out how can I solve this issue?
>
>
> Best Regards,
> Shyam Shukla
> -----Original Message-----
> From: Ruchith Fernando [mailto:[EMAIL PROTECTED]
> Sent: Friday, July 21, 2006 1:34 PM
> To: Shyam Shukla
> Cc: [email protected]
> Subject: Re: WSHandler: Signature: unknown key identification
>
> Hi,
>
> Please see my comments in line:
>
> On 7/20/06, Shyam Shukla <[EMAIL PROTECTED]> wrote:
> > Hi Ruchith,
> >
> > Now I have solved the problem mentioned in this email by making few
> changes
> > as below:
> >
> > 1- My client program was using a different a Password CallBack class due
> to
> > wrong entry in the classpath environment variable so I modified it to
the
> > correct path.
> >
> > 2- I was using two different keystore files i.e. one for client and
other
> > for server and both were having keys which were signed by the same CA
> which
> > I believe is okay but it was throwing "Signature Processing" error at
> > receiving end i.e. at server side. So I used the same keystore file at
> both
> > end and it worked.
> >
> > Can you please explain me point2 why can not I use two different
keystores
> > which are having keys which were signed by same CA?
>
> You can certainly use different keystores which contains each other's
> (service and client) signed certs. I have done this and it works with
> the keystores created with the steps shown here:
> http://www.wso2.net/tutorials/wss4j/2006/06/15/setting-up-keystores
>
>
> >
> > Now my next target is to implement WS-Policy in soap request/response
for
> > that I went through online documentation of "Neethi" but could find a
> > complete working example or document to implement it.
> >
> > Ruchith, In my current project I have to create following format in the
> > SOAP's Request Body
> >
> > <wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2002/12/policy";>
> > <wsa:EndpointReference>
> > <wsa:Address>urn:mosw.test.com:target1</wsa:Address>
> > </wsa:EndpointReference>
> > </wsp:AppliesTo>
> >
> > Please guide me how to create above format.
> > Thanks a lot for being so helpful.
>
> Does this solve your problem:
>
https://svn.apache.org/repos/asf/webservices/wss4j/trunk/src/org/apache/ws/s
> andbox/security/policy/message/token/AppliesTo.java
>
> Thanks,
> Ruchith
>
> --
> www.ruchith.org
>
>
> DISCLAIMER
> ==========
> This e-mail may contain privileged and confidential information which is
the property of Persistent Systems Pvt. Ltd. It is intended only for the use
of the individual or entity to which it is addressed. If you are not the
intended recipient, you are not authorized to read, retain, copy, print,
distribute or use this message. If you have received this communication in
error, please notify the sender and delete all copies of this message.
Persistent Systems Pvt. Ltd. does not accept any liability for virus
infected mails.
>
--
www.ruchith.org
DISCLAIMER
==========
This e-mail may contain privileged and confidential information which is the
property of Persistent Systems Pvt. Ltd. It is intended only for the use of the
individual or entity to which it is addressed. If you are not the intended
recipient, you are not authorized to read, retain, copy, print, distribute or
use this message. If you have received this communication in error, please
notify the sender and delete all copies of this message. Persistent Systems
Pvt. Ltd. does not accept any liability for virus infected mails.
--
www.ruchith.org
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
