OK : ) : ) : ) Won't belive it but I've done also the 2 way encriptyion and signature!!!! : ) in this way:
client wsdd
<deployment xmlns="http://xml.apache.org/axis/wsdd/" xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
<transport name="http" pivot="java:org.apache.axis.transport.http.HTTPSender"/>
<globalConfiguration >
<requestFlow>
<handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
<parameter name="action" value="UsernameToken"/>
<parameter name="user" value="wss4j"/>
<parameter name="passwordType"
value="PasswordText"/>
<parameter name="passwordCallbackClass" value="prova2.client.PWCallback"/>
</handler>
<handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
<parameter name="action" value="Signature Encrypt"/>
<!-- PRIVATE KEY ALIAS -->
<parameter name="user" value="wss4j"/>
<!--PUBLIC KEY ALIAS -->
<parameter name="encryptionUser" value="secureserver"/>
<parameter name="passwordCallbackClass" value="prova2.client.PWCallback"/>
<parameter name="signaturePropFile" value="client_crypto.properties" />
<parameter name="encryptionPropFile" value="client_crypto.properties" />
</handler>
</requestFlow >
<responseFlow>
<handler type="java:org.apache.ws.axis.security.WSDoAllReceiver">
<parameter name="action" value="Signature Encrypt"/>
<parameter name="passwordCallbackClass" value="prova2.client.PWCallback"/>
<parameter name="signaturePropFile" value="client_crypto.properties" />
</handler>
</responseFlow>
</globalConfiguration >
</deployment>
server wsdd
<deployment xmlns="http://xml.apache.org/axis/wsdd/" xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
<service name="Saluto2" provider="java:RPC" style="rpc" use="literal">
<requestFlow>
<handler type="java:org.apache.ws.axis.security.WSDoAllReceiver">
<parameter name="action" value="UsernameToken Signature Encrypt"/>
<parameter name="passwordCallbackClass" value="PWCallback"/>
<parameter name="signaturePropFile" value="server_crypto.properties" />
</handler>
</requestFlow>
<responseFlow>
<handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
<parameter name="action" value="Signature Encrypt"/>
<!-- PRIVATE KEY ALIAS -->
<parameter name="user" value="secureserver"/>
<!--PUBLIC KEY ALIAS -->
<parameter name="encryptionUser" value="wss4j"/>
<parameter name="passwordCallbackClass" value="PWCallback"/>
<parameter name="signaturePropFile" value="server_crypto.properties" />
<parameter name="encryptionPropFile" value="server_crypto.properties" />
</handler>
</responseFlow>
<parameter name="className" value="prova.Saluto" />
<parameter name="allowedMethods" value="saluto" />
<parameter name="scope" value="Request" />
</service>
</deployment>
<service name="Saluto2" provider="java:RPC" style="rpc" use="literal">
<requestFlow>
<handler type="java:org.apache.ws.axis.security.WSDoAllReceiver">
<parameter name="action" value="UsernameToken Signature Encrypt"/>
<parameter name="passwordCallbackClass" value="PWCallback"/>
<parameter name="signaturePropFile" value="server_crypto.properties" />
</handler>
</requestFlow>
<responseFlow>
<handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
<parameter name="action" value="Signature Encrypt"/>
<!-- PRIVATE KEY ALIAS -->
<parameter name="user" value="secureserver"/>
<!--PUBLIC KEY ALIAS -->
<parameter name="encryptionUser" value="wss4j"/>
<parameter name="passwordCallbackClass" value="PWCallback"/>
<parameter name="signaturePropFile" value="server_crypto.properties" />
<parameter name="encryptionPropFile" value="server_crypto.properties" />
</handler>
</responseFlow>
<parameter name="className" value="prova.Saluto" />
<parameter name="allowedMethods" value="saluto" />
<parameter name="scope" value="Request" />
</service>
</deployment>
Some rapid theoretical questions:
- But the class PWCallback contains the alias and the password alias, so if I install a client in a remote pc the users can see the pass to access to my
keystore...It's a problem!
- Isn't There a user-guide or a tuttorial that full-explain how to use wss4j?
Bye!!!
Andrea
Ruchith Fernando <[EMAIL PROTECTED]> ha scritto:
On 9/12/06, Luca Risello <[EMAIL PROTECTED]>wrote:
>
> Hi Fernando I've fixed the bug!!!! : )
> Yeahhhhhhhhhhhhhhhhhhhhh!!!!!!!!!!!!!!! Thanks to You,
> Josè, Anastasia and to all the peolple helps me!!!
>
>
> Now I must do the same thing for the response...I must confing the wsdd
> files with a symmetric config!?
>
>
> ...
>
>
> ...
>
If you want to send a secured message to the server then you have to
configure the clien't requestFlow (with WSDoAllSender) and the
service's requestFlow (with WSDoAllReceiver).
And if you want to secure the response from the service to the client
then you have to configure the service's responseFlow with
WSDoAllSender and the client's responseFlow with WSDoAllReceiver.
A sample client config is here:
https://svn.apache.org/repos/asf/webservices/wss4j/trunk/interop/org/apache/ws/axis/oasis/Client_deploy.wsdd
And the service config is here:
https://svn.apache.org/repos/asf/webservices/wss4j/trunk/interop/org/apache/ws/axis/oasis/ping/deploy.wsdd
Thanks,
Ruchith
____________________________________________________
Yahoo! Messenger with Voice: chiama da PC a telefono a tariffe esclusive
