(Forgot to cc the dev list). Colm.
-----Original Message----- From: Colm O hEigeartaigh Sent: 23 April 2009 11:21 To: 'Nitin Handa' Subject: RE: How to avoid EncryptedKey in responseFlow Hi Nitin, > I don't understand the need of having EncryptedKey in response and want > to avoid it.. wss4j should just sign and encypt and shouldn't encrypt > key. WSS4J has fairly limited support for encrypting using a symmetric key, as this is in general not a common use-case. Can you detail exactly what you want to do to the SOAP message? Do you mean both symmetric signature and encryption? If so by the former are you referring to using a (H)MAC, and by the latter directly using 3DES or AES? Can you attach a copy of the SOAP request that OWSM generates? I can take a look to see if the WSS4J API's can generate a similar message structure. Can you attach the OWSM client policy? > I also don't understand how is it encrypting key at server side as > it is not having client's public key. It falls back to trying to get the public key from the signaturePropFile configuration. Colm. -----Original Message----- From: Nitin Handa [mailto:[email protected]] Sent: 22 April 2009 05:22 To: [email protected] Subject: How to avoid EncryptedKey in responseFlow Hi, I just starting working on WSS4J.. I am doing this effort to test interop with oracle's OWSM. I want to know how to avoid EmbeddedKey in response (and also don't understand why is it required to encrypt key in response as it should be only required in request flow) I have OWSM's client policy for symmetric key sign and encrypt (wss11) , this request goes to Axis service which has WSS4J policy... request goes fine and response is signed and encrypted by wss4j but response is not understood by OWSM as response has EncryptedKey in soap message which owsm doesn't expect. I don't understand the need of having EncryptedKey in response and want to avoid it.. wss4j should just sign and encypt and shouldn't encrypt key. I also don't understand how is it encrypting key at server side as it is not having client's public key. this is service.wsdd file <requestFlow> <handler type="java:org.apache.ws.axis.security.WSDoAllReceiver"> <parameter name="passwordCallbackClass" value="PWCallback1"/> <parameter name="action" value="Signature Encrypt"/> <parameter name="signaturePropFile" value="crypto.properties" /> <parameter name="decryptionPropFile" value="crypto.properties" /> <parameter name="encryptionKeyIdentifier" value="DirectReference" /> <parameter name="decryptionKeyIdentifier" value="DirectReference" /> <parameter name="signatureKeyIdentifier" value="DirectReference" /> </handler> </requestFlow> <responseFlow> <handler type="java:org.apache.ws.axis.security.WSDoAllSender" > <parameter name="passwordCallbackClass" value="PWCallback1"/> <parameter name="user" value="orakey"/> <parameter name="action" value="Signature Encrypt"/> <parameter name="signaturePropFile" value="crypto.properties" /> <parameter name="signatureKeyIdentifier" value="DirectReference" /> <parameter name="encryptionKeyIdentifier" value="Thumbprint" /> </handler> </responseFlow> I have tried many other options too but didn't work Thanks Nitin --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
