Hi everybody...newbie question are comeing :p
Target: I must sign and encrypt SOAP message.
I've created the client and the server keystore importing the both trusted identies...
keytool -genkey -alias SecureClient -keyalg RSA -keystore client_keystore -dname "cn=wss4j" -keypass changeit -storepass changeit
keytool -genkey -alias SecureServer -keyalg RSA -keystore server_keystore -dname "cn=SecureServer" -keypass changeit -storepass changeit
keytool -selfcert -alias SecureClient -keystore client_keystore -keypass changeit -storepass changeit
keytool -selfcert -alias SecureServer -keystore server_keystore -keypass changeit -storepass changeit
keytool -export -alias SecureClient -file client_cert -keystore client_keystore -storepass changeit
keytool -export -alias SecureServer -file
server_cert -keystore server_keystore -storepass changeit
keytool -import -alias SecureClient -file client_cert -keystore server_keystore -storepass changeit
keytool -import -alias SecureServer -file server_cert -keystore client_keystore -storepass changeit
Now the both keystores contain the 2 entries
I've created the stub for the client by wsdl2java command and there is the client
package prova2.client;
import java.rmi.RemoteException;
import javax.xml.rpc.ServiceException;
import org.apache.axis.EngineConfiguration;
import org.apache.axis.configuration.FileProvider;
import org.apache.axis.configuration.FileProvider;
public class ClientSaluto {
/**
* @param args
*/
public static void main(String[] args) {
SalutoService locator = new SalutoServiceLocator();
* @param args
*/
public static void main(String[] args) {
SalutoService locator = new SalutoServiceLocator();
Saluto service;
try {
service = locator.getSaluto2();
String reply;
String reply;
reply = service.saluto("Nicola");
System.out.println("IL WEB SERVICE HA RISPOSTO: " + reply);
} catch (RemoteException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (ServiceException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
System.out.println("IL WEB SERVICE HA RISPOSTO: " + reply);
} catch (RemoteException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (ServiceException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
}
}
There is the file by which I've deployed the service:
<deployment xmlns="http://xml.apache.org/axis/wsdd/" xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
<service name="Saluto2" provider="java:RPC" style="rpc" use="literal">
<requestFlow>
<handler type="java:org.apache.ws.axis.security.WSDoAllReceiver">
<parameter name="passwordCallbackClass" value="org.apache.ws.axis.oasis.PWCallback"/>
<parameter name="action" value="Signature Encrypt"/>
<parameter name="signaturePropFile" value="crypto.properties" />
</handler>
</requestFlow>
<parameter name="className" value="prova.Saluto" />
<parameter name="allowedMethods" value="saluto" />
<parameter name="scope" value="Request" />
</service>
</deployment>
<service name="Saluto2" provider="java:RPC" style="rpc" use="literal">
<requestFlow>
<handler type="java:org.apache.ws.axis.security.WSDoAllReceiver">
<parameter name="passwordCallbackClass" value="org.apache.ws.axis.oasis.PWCallback"/>
<parameter name="action" value="Signature Encrypt"/>
<parameter name="signaturePropFile" value="crypto.properties" />
</handler>
</requestFlow>
<parameter name="className" value="prova.Saluto" />
<parameter name="allowedMethods" value="saluto" />
<parameter name="scope" value="Request" />
</service>
</deployment>
but I think that this is the wsdd to encrypt and sign only Username Token.
How is the correct wsdd?
then I'll copy the server_keystore into <TomcatHome>/webapps/axis/WEB-INF/classes
but then how the cripto.properties files (for the client and the server) have to be built in relation with my scenario?
Thanks for the reply...
Luca
Yahoo! Mail: gratis 1GB per i messaggi, antispam, antivirus, POP3
