See some comments inline. Regards, Werner
> -----Ursprüngliche Nachricht----- > Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Gesendet: Dienstag, 19. September 2006 13:49 > An: [email protected] > Betreff: Principle question about the need of username an password > > Hello WSS4J-gurus! > > I've got a principle question about the parameters I have to give for > the "WSDoAllSender": > > I want to allow only signed (and later on: encrypted) requests for a > given webservice. So I created two keystores like described under > http://www.devx.com/Java/Article/28816/1954 - a "server.keystore.jks" > and a "client.keystore.jks". And I imported the "clientkey" (included > in "client.keystore.jks") into the "server.keystore.jks". > > Then I created two "crypto.properties", a "client_deploy.wsdd" and a > "server-config.wsdd". Everything works out fine, but: > > Why do I have to define a "passwordCallbackClass" and a "user" for > this configuration? I think that everything I need for the keystore is > defined in the "crypto.properties"-file - isn't it? No, it isn't. The crypto.properties file just defines the type of keystore to use, the provider, the password for the keystore. To sign requests you need to identify the certificate inside the keystore, done via the "user" (usually the alias name of the certificate in the keystore) and you need the password to unlock the user's private key to sign the request (Signataure always use the private key). This is the basic principle of certificates used to sign a request. > I don't want any specific user or a password-authentication, I just > want the request to come from a trusted client (verified via > signature). > > In the deployment-descriptors I tried to omit the user and > got a "Empty > username for specified action". If I omit the passwordCallbackClass I > get "application provided null or empty password". > > Why does WSS4J force me to set username and a password if I don't want > to have them? Or did I read over something (in all the tons > of howtos I > read)? > > > Thanks a lot in advance for any hint! > > Stephan > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
