Dear all,
Hi Jose / all,
just one word away.
I am NOT able generate 'SecurityToken-9e141676-2400-4c6d-ab87-1d5af61729b3'
inside the wsse:UsernameToken tag.
In place of this i am able to generate only ' wsu:Id="UsernameToken-2691004"
'
<wsse:UsernameToken
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
wsu:Id="SecurityToken-9e141676-2400-4c6d-ab87-1d5af61729b3">
What is this 'SecurityToken-9e141676-2400-4c6d-ab87-1d5af61729b3' ?
How can I generate it in Java (using Axis 1.3 and wss4j) ?
Required Security Header by other end( .Net WSE 3.0) ----
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xmlns:xsd="http://www.w3.org/2001/XMLSchema";
xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing";
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";>
<soap:Header>
<wsa:Action>
http://www.test.com/api/ws/internal/testInfo
</wsa:Action>
<wsa:MessageID>
urn:uuid:ca7e475b-484a-4bb8-974f-eb573438bb43
</wsa:MessageID>
<wsa:ReplyTo>
<wsa:Address>
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
</wsa:Address>
</wsa:ReplyTo>
<wsa:To>
http://localhost:8080/testapi/testwsapi.asmx
</wsa:To>
<wsse:Security soap:mustUnderstand="1">
<wsu:Timestamp
wsu:Id="Timestamp-c70b72e2-561c-4b18-bc4b-acf8c3896b14">
<wsu:Created>2008-02-28T15:33:56Z</wsu:Created>
<wsu:Expires>2008-02-28T15:38:56Z</wsu:Expires>
</wsu:Timestamp>
<wsse:UsernameToken
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
wsu:Id="SecurityToken-9e141676-2400-4c6d-ab87-1d5af61729b3">
<wsse:Username>[EMAIL PROTECTED]</wsse:Username>
<wsse:Password
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText";>
SomePassword
</wsse:Password>
<wsse:Nonce>5SImW1gykzSPdeiWzcCdaQ==</wsse:Nonce>
<wsu:Created>2008-02-28T15:33:56Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
</soap:Header>
<soap:Body>
<SAN_Info
xmlns="http://www.test.com/api/testing/ws/internal";>
<SAN_Request VendorId="TestVendor"
VendorPassword="SomePassword"
xmlns="http://www.test.com/api/testing/testinforequest";>
<Brand>SANBUS</Brand>
<TourCode>GE</TourCode>
<Code>80135</Code>
</SAN_Request>
</SAN_Info>
</soap:Body>
</soap:Envelope>
Generated Security header By my side (Java- Axis 1.3 and wss4j
)-----------------
<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";
xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing";
xmlns:xsd="http://www.w3.org/2001/XMLSchema";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";>
<soapenv:Header>
<wsse:Security
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
soapenv:mustUnderstand="1">
<wsse:UsernameToken
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
wsu:Id="UsernameToken-2691004">
<wsse:Username>
[EMAIL PROTECTED]
</wsse:Username>
<wsse:Password
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText";>
SomePassword
</wsse:Password>
<wsse:Nonce>bGmGuPDxQw2kkR5R0zC/hA==</wsse:Nonce>
<wsu:Created>2008-07-10T16:46:47.046Z</wsu:Created>
</wsse:UsernameToken>
<wsu:Timestamp
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
wsu:Id="Timestamp-25899876">
<wsu:Created>2008-07-10T16:46:47.015Z</wsu:Created>
<wsu:Expires>2008-07-10T16:51:47.015Z</wsu:Expires>
</wsu:Timestamp>
</wsse:Security>
<wsa:MessageID soapenv:mustUnderstand="0">
uuid:c83b29b0-4e9f-11dd-8e1f-d019b0e90563
</wsa:MessageID>
<wsa:To soapenv:mustUnderstand="0">
http://localhost:8080/testapi/testwsapi.asmx
</wsa:To>
<wsa:Action soapenv:mustUnderstand="0">
http://www.test.com/api/testing/testinforequest
</wsa:Action>
<wsa:From soapenv:mustUnderstand="0">
<wsa:Address>
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
</wsa:Address>
</wsa:From>
<wsa:ReplyTo soapenv:mustUnderstand="0">
<wsa:Address>
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
</wsa:Address>
</wsa:ReplyTo>
</soapenv:Header>
<soapenv:Body>
<SAN_Info
xmlns="http://www.test.com/api/testing/ws/internal";>
<SAN_Request VendorId="TestVendor"
VendorPassword="SomePassword"
xmlns="http://www.test.com/api/testing/testinforequest";>
<Brand>SANBUS</Brand>
<TourCode>GE</TourCode>
<Code>80135</Code>
</SAN_Request>
</SAN_Info>
</soapenv:Body>
</soapenv:Envelope>
My client-config.wsdd ---------
<?xml version="1.0" encoding="UTF-8"?>
<deployment xmlns="http://xml.apache.org/axis/wsdd/";
xmlns:java="http://xml.apache.org/axis/wsdd/providers/java";>
<transport name="http"
pivot="java:org.apache.axis.transport.http.HTTPSender"/>
<globalConfiguration>
<requestFlow>
<handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
<parameter name="action" value="Timestamp UsernameToken"/>
<parameter name="user" value="[EMAIL PROTECTED]"/>
<parameter name="passwordCallbackClass"
value="com.api.testing.ws.internal.PWCallback"/>
<parameter name="passwordType" value="PasswordText"/>
<parameter name="password" value="ppx13Z11"/>
<parameter name="mustUnderstand" value="true" />
<parameter name="addUTElements" value="Nonce Created"/>
</handler>
</requestFlow>
</globalConfiguration>
</deployment>
By seeing the security header, we can say that it is
username-token-profile-1.0.
How to solve this.
Please help me.
Regards
Santosh
Shawn McKinney wrote:
>
> Hello,
>
> I have question:
>
> How do (can) we change the default crypto provider
> used by WSS4J for a particular Java runtime instance?
>
>
> We are using WSS4J 1.5 and would like to enable WSS4J
> to use the default crypto provider provided by Sun or
> IBM in a Java runtime. The idea here is we want to
> make it as easy as possible for our developers to test
> transactions using WS-Security running in Axis.
>
> We run Axis/WSS4J in JBoss, Tomcat and Websphere
> containers and would like to be able to test using the
> standard providers found in either JVM implementation
> without having to configure the BouncyCastle provider.
>
> Please note the aim here isn't to phase out or replace
> our use of BouncyCastle provider in production as we
> are quite happy with its capabilities. Rather we want
> to remove a step (steamline setup) for developers that
> want to test using our security configuration.
>
> Our default client-side configuration is to enable
> Username token, ecrypted:
>
> <parameter name="action" value="UsernameToken Encrypt
> Timestamp"/>
>
> Thanks in advance for your reply.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>
--
View this message in context:
http://www.nabble.com/Question-on-WSS4J-1.5-Crypto-Provider-Configuration-tp18238105p18544876.html
Sent from the WSS4J mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
