7 messages in net.java.dev.jwsdp.usersRE: Encrypting and Signing SOAP Messa...| From | Sent On | Attachments |
|---|---|---|
| mmes...@austin.rr.com | Jan 20, 2005 7:45 am | |
| Vishal Mahajan | Jan 21, 2005 5:32 am | |
| Mark Mesich | Jan 23, 2005 7:32 pm | |
| Vishal Mahajan | Jan 27, 2005 4:54 am | |
| Mark Mesich | Jan 27, 2005 6:46 pm | |
| Anil Kumar Tappetla | Jan 27, 2005 9:21 pm | |
| mmes...@austin.rr.com | Jan 28, 2005 6:59 am |
| Subject: | RE: Encrypting and Signing SOAP Messages With UsernameToken | |
|---|---|---|
| From: | Mark Mesich (mmes...@austin.rr.com) | |
| Date: | Jan 27, 2005 6:46:44 pm | |
| List: | net.java.dev.jwsdp.users | |
Hey Vishal,
Actually, the code below does more than encrypt and sign the token alone. It actually uses the UsernameToken to encrypt and sign the SOAP message itself. I do not need any X509 certificates at all! I have not seen anything in JWSDP that provides the same functionality. If I understand you correctly, the sample you provided simply encrypts and signs a the token rather than using the token to encrypt and sign the entire message. Is this correct, or am I missing something?
(If it would be helpful, I can provide the resulting SOAP message from the code below.)
Thanks,
Mark.
-----Original Message----- From: Vishal Mahajan [mailto:Vish...@Sun.COM] Sent: Thursday, January 27, 2005 6:55 AM To: use...@jwsdp.dev.java.net Subject: Re: Encrypting and Signing SOAP Messages With UsernameToken
Hi Mark,
The code below indicates that your requirement is to be able to sign and encrypt the username token being sent along with the soap request. You can do this very easily using xws-security by associating the following security configuration file with the requester:
<xwss:SecurityConfiguration xmlns:xwss= <http://java.sun.com/xml/ns/xwss/config> "http://java.sun.com/xml/ns/xwss/config">
<xwss:UsernameToken name="m_userid" password="m_password" id="token"/>
<xwss:Sign> <Target type="uri">#token</Target> </xwss:Sign>
<xwss:Encrypt> <X509Token certificateAlias="receiver_cert_alias"/> <Target type="uri">#token</Target> </xwss:Encrypt>
</xwss:SecurityConfiguration>
For more details on the usage of security configuration files, please consult the JWSDP tutorial.
Vishal
Mark Mesich wrote:
Hey Vishal,
Thanks for getting back to me. In .Net you can use a UsernameToken to sign and encrypt messages as well. The following code demonstrates what I would like to do in Java. (I have changed the names of the service and methods for readability.)
// Get a reference to the service. Service service = new Service();
// Create a username token and add it to the service. UsernameToken token = new UsernameToken( m_userID, m_password, PasswordOption.SendHashed ); service.RequestSoapContext.Security.Tokens.Add(token); service.RequestSoapContext.Security.Timestamp.TtlInSeconds = 60;
// Encrypt and sign the message with the UsernameToken. service.RequestSoapContext.Security.Elements.Add( new EncryptedData(token) ); service.RequestSoapContext.Security.Elements.Add( new MessageSignature(token) );
// Make the method call. bool result = service.MethodName( <parameters> );
Thanks, Mark.
-----Original Message----- From: Vishal Mahajan [mailto:Vish...@Sun.COM] Sent: Friday, January 21, 2005 7:33 AM To: use...@jwsdp.dev.java.net Subject: Re: Encrypting and Signing SOAP Messages With UsernameToken
mmes...@austin.rr.com wrote:
Hey Guys,
I currently have a set of .Net/WSE2.0 based web services that require a
UsernameToken to be passed in with each request. I have been communicating with these services from both .Net and Java clients. For the Java clients I have been using JWSDP 1.4 and embedding the UsernameToken information into the SOAP message programmatically with code similar to the following:
secCfg.addFilterForOutgoingMessages( new
ExportUsernameTokenFilter(SystemInfo.getUserName(), SystemInfo.getUserPassword(), true, false));
Now, I would like to enhance the security by requiring the SOAP messages to
be both signed and encrypted with the UsernameToken as well. For my .Net clients, this is pretty much a couple of lines of code. However, I am having great difficulty in figuring out whether/how this can be done for my Java clients. Is this something that is possible with JWSDP 1.4 or 1.5? If so, can someone please point me in the right direction?
I have seen examples of signing and encrypting using X.509 certificates,
but nothing about using the UsernameToken to do this.
Can you elaborate more on your requirement. What do you mean when you say - "Using UsernameToken for signing and encryption"?
Regards,
Vishal
I was hoping that (similar to .Net) there might be a way to add
additional filters that could sign and encrypt the messages as they go out.
Thanks for your help, Mark.
--------------------------------------------------------------------- To unsubscribe, e-mail: user...@jwsdp.dev.java.net For additional commands, e-mail: user...@jwsdp.dev.java.net